camel1980
-
Items
83 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door camel1980
-
Mogelijk geinfecteerde link aangeklikt in mailtje
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Maar je ziet dus geen directe reden voor een infectie met schadelijek software of scripts? -
Mogelijk geinfecteerde link aangeklikt in mailtje
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Dank Kape voor je snelle reactie. Zoals gezegd, het mogelijke probleem speelt bij mijn ouders op de PC en daar ben ik nu niet. Morgen zal ik je advies bij hun uitvoeren en het logje hier plaatsen! -
Mogelijk geinfecteerde link aangeklikt in mailtje
camel1980 plaatste een topic in Archief Bestrijding malware & virussen
Hallo, Mijn ouders zijn niet zo slim geweest en hebben in een mailtje van een bekende een link aangeklikt die mogelijk naar een geinfecteerde website o.i.d. leidt. Ze kunnen me niet meer exact vertellen wat ze gedaan of gezien hebben. Ik heb een aantal tools gedraaid en de logjes plaats ik hieronder. Ik ben bang voor een infectie of misschien kwaadaardige codes. Is er een risico dat er een programma is geinstalleerd dat hun wachtwoorden voor bank e.d. kan onderscheppen? Er is vooralsnog niets abnormaals aan de computer en de werking te merken. Ik zou zeer blij zijn als iemand de logjes kan beoordelen. Eerste logje is van adwcleaner. Dan malwarebites en ten slotte de system information tool. # AdwCleaner v3.010 - Report created 26/10/2013 at 20:42:04 # Updated 20/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : John - JOHN-HP # Running from : C:\Users\John\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2209 octets] - [26/10/2013 20:40:26] AdwCleaner[s0].txt - [1801 octets] - [26/10/2013 20:42:04] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1861 octets] ########## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2013.10.26.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 John :: JOHN-HP [administrator] 26-10-2013 20:48:28 mbam-log-2013-10-26 (20-48-28).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 221431 Verstreken tijd: 4 minuut/minuten, 15 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) -------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of random's system information tool 1.09 (written by random/random) Run by John at 2013-10-26 21:05:09 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 1341 GB (95%) free of 1418 GB Total RAM: 8175 MB (75% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:05:10, on 26-10-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16720) Boot mode: Normal Running processes: C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\sysWow64\SearchProtocolHost.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\trend micro\John.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll O2 - BHO: InformBar - {5A355B83-4C09-4D4C-B798-FCAB42ED8C63} - C:\Program Files (x86)\InformBar\InformBar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14229 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe" C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS "c:\Program Files\Microsoft Security Client\MsMpEng.exe" "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs "C:\Program Files\IDT\WDM\STacSV64.exe" C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" C:\Windows\system32\nvvsvc.exe -session -first C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\IDT\WDM\AESTSr64.exe" C:\Windows\SysWOW64\ezSharedSvcHost.exe "C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe" "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe" -servicelaunch=true "C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation taskeng.exe {65F90387-731A-474C-B34E-E4268EC5E5BB} "C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-eb609f8f-fbf1-43be-80f5-4a8fcb5febb1 -SystemEventPortName:HostProcess-2fc4720b-61b9-449f-acb9-6fa2a96ca079 -IoCancelEventPortName:HostProcess-cbac33d3-4e0d-4f40-b6ca-80dce63044c0 -NonStateChangingEventPortName:HostProcess-6f180804-105f-45a7-b454-7632b1f8f4c9 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:bbc5b1db-d7d2-49e6-aa8d-a24125e6c1b5 -DeviceGroupId:WpdFsGroup WLIDSvcM.exe 2584 "C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Program Files\IDT\WDM\sttray64.exe" "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe" "C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 "C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe" -Embedding "C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe" "c:\Program Files\Microsoft Security Client\NisSrv.exe" "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt "C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt "C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE" "C:\Windows\sysWow64\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-172010361-3872859168-1060491772-10006_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-172010361-3872859168-1060491772-10006 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1" "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4912 CREDAT:267521 /prefetch:2 C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe -Embedding "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520 C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} "C:\Users\John\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\HPCeeScheduleForJohn.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A355B83-4C09-4D4C-B798-FCAB42ED8C63}] InformBar - C:\Program Files (x86)\InformBar\InformBar64.dll [2012-03-13 72904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-08 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23 1451680] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A355B83-4C09-4D4C-B798-FCAB42ED8C63}] InformBar - C:\Program Files (x86)\InformBar\InformBar.dll [2012-03-13 64712] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-08 194640] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-08 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23 1451680] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-08 194640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-08-12 1356240] "SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-04-24 1425408] ""= [] "AdAwareTray"=C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe [2013-10-18 2493272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe [2010-10-21 37888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [2011-02-01 656920] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576] ""= [] "LaunchHPOSIAPP"=C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [2009-04-04 385024] "Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2011-02-10 61112] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040] "ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2012-03-28 309184] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2011-08-15 52920] "UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= [] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableLockWorkstation"=0 "DisableTaskMgr"=0 "DisableChangePassword"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "HideFastUserSwitching"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 "EnableShellExecuteHooks"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-10-26 20:54:08 ----D---- C:\rsit 2013-10-26 20:54:08 ----D---- C:\Program Files\trend micro 2013-10-26 20:47:25 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-26 20:47:25 ----A---- C:\Windows\system32\drivers\mbam.sys 2013-10-26 20:40:24 ----D---- C:\AdwCleaner 2013-10-26 20:30:19 ----D---- C:\Users\John\AppData\Roaming\Lavasoft 2013-10-26 20:28:03 ----D---- C:\Users\John\AppData\Roaming\LavasoftStatistics 2013-10-26 20:18:57 ----D---- C:\Program Files\Lavasoft 2013-10-26 20:17:21 ----D---- C:\Program Files\Common Files\Lavasoft 2013-10-26 20:16:30 ----D---- C:\ProgramData\Lavasoft 2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbuhci.sys 2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbport.sys 2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbohci.sys 2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbhub.sys 2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbehci.sys 2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbd.sys 2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbccgp.sys 2013-10-10 14:54:21 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-10-10 14:54:20 ----A---- C:\Windows\system32\ieui.dll 2013-10-10 14:54:19 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-10-10 14:54:18 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-10-10 14:54:18 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-10-10 14:54:18 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-10-10 14:54:18 ----A---- C:\Windows\system32\iesetup.dll 2013-10-10 14:54:18 ----A---- C:\Windows\system32\iernonce.dll 2013-10-10 14:54:18 ----A---- C:\Windows\system32\ie4uinit.exe 2013-10-10 14:54:17 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-10-10 14:54:17 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-10 14:54:17 ----A---- C:\Windows\system32\iesysprep.dll 2013-10-10 14:54:16 ----A---- C:\Windows\system32\iertutil.dll 2013-10-10 14:54:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-10-10 14:54:14 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-10-10 14:54:14 ----A---- C:\Windows\system32\msfeeds.dll 2013-10-10 14:54:14 ----A---- C:\Windows\system32\jscript.dll 2013-10-10 14:54:11 ----A---- C:\Windows\system32\jscript9.dll 2013-10-10 14:54:10 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-10-10 14:54:09 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-10-10 14:54:09 ----A---- C:\Windows\system32\urlmon.dll 2013-10-10 14:54:07 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-10-10 14:54:07 ----A---- C:\Windows\system32\jsproxy.dll 2013-10-10 14:54:06 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-10-10 14:54:06 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-10-10 14:54:06 ----A---- C:\Windows\system32\wininet.dll 2013-10-10 14:54:05 ----A---- C:\Windows\system32\ieframe.dll 2013-10-10 14:54:03 ----A---- C:\Windows\system32\mshtml.dll 2013-10-10 14:54:01 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-10-10 13:58:39 ----A---- C:\Windows\system32\comctl32.dll 2013-10-10 13:58:38 ----A---- C:\Windows\SYSWOW64\comctl32.dll 2013-10-10 13:58:36 ----A---- C:\Windows\SYSWOW64\dciman32.dll 2013-10-10 13:58:36 ----A---- C:\Windows\SYSWOW64\atmfd.dll 2013-10-10 13:58:36 ----A---- C:\Windows\system32\lpk.dll 2013-10-10 13:58:36 ----A---- C:\Windows\system32\dciman32.dll 2013-10-10 13:58:36 ----A---- C:\Windows\system32\atmfd.dll 2013-10-10 13:58:35 ----A---- C:\Windows\SYSWOW64\lpk.dll 2013-10-10 13:58:35 ----A---- C:\Windows\SYSWOW64\fontsub.dll 2013-10-10 13:58:35 ----A---- C:\Windows\SYSWOW64\atmlib.dll 2013-10-10 13:58:35 ----A---- C:\Windows\system32\fontsub.dll 2013-10-10 13:58:35 ----A---- C:\Windows\system32\drivers\Wdf01000.sys 2013-10-10 13:58:35 ----A---- C:\Windows\system32\atmlib.dll 2013-10-10 13:58:34 ----A---- C:\Windows\system32\drivers\usbcir.sys 2013-10-10 13:58:34 ----A---- C:\Windows\system32\drivers\hidparse.sys 2013-10-10 13:58:34 ----A---- C:\Windows\system32\drivers\hidclass.sys 2013-10-10 13:58:33 ----A---- C:\Windows\system32\WebClnt.dll 2013-10-10 13:58:32 ----A---- C:\Windows\SYSWOW64\WebClnt.dll 2013-10-10 13:58:32 ----A---- C:\Windows\SYSWOW64\davclnt.dll 2013-10-10 13:58:32 ----A---- C:\Windows\system32\drivers\mrxdav.sys 2013-10-10 13:58:32 ----A---- C:\Windows\system32\davclnt.dll 2013-10-10 13:58:31 ----A---- C:\Windows\SYSWOW64\mswsock.dll 2013-10-10 13:58:31 ----A---- C:\Windows\system32\mswsock.dll 2013-10-10 13:58:31 ----A---- C:\Windows\system32\drivers\tcpip.sys 2013-10-10 13:58:31 ----A---- C:\Windows\system32\drivers\afd.sys 2013-10-10 13:58:30 ----A---- C:\Windows\system32\win32k.sys 2013-10-10 13:58:23 ----A---- C:\Windows\system32\ntoskrnl.exe 2013-10-10 13:58:23 ----A---- C:\Windows\system32\advapi32.dll 2013-10-10 13:58:22 ----A---- C:\Windows\SYSWOW64\tdh.dll 2013-10-10 13:58:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2013-10-10 13:58:22 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2013-10-10 13:58:22 ----A---- C:\Windows\system32\tdh.dll 2013-10-10 13:58:21 ----A---- C:\Windows\SYSWOW64\advapi32.dll 2013-10-10 13:58:21 ----A---- C:\Windows\system32\ntdll.dll 2013-10-10 13:58:20 ----A---- C:\Windows\SYSWOW64\ntdll.dll 2013-10-10 13:58:19 ----A---- C:\Windows\system32\wow64.dll 2013-10-10 13:58:14 ----A---- C:\Windows\SYSWOW64\wow32.dll 2013-10-10 13:58:14 ----A---- C:\Windows\SYSWOW64\setup16.exe 2013-10-10 13:58:14 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2013-10-10 13:58:14 ----A---- C:\Windows\SYSWOW64\instnm.exe 2013-10-10 13:58:13 ----A---- C:\Windows\SYSWOW64\user.exe 2013-10-10 13:58:08 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 13:58:07 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 13:58:07 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys 2013-10-10 13:58:06 ----A---- C:\Windows\system32\scavengeui.dll ======List of files/folders modified in the last 1 month====== 2013-10-26 21:03:11 ----D---- C:\Windows\Temp 2013-10-26 20:54:09 ----D---- C:\Windows\Prefetch 2013-10-26 20:54:08 ----RD---- C:\Program Files 2013-10-26 20:53:37 ----D---- C:\Windows\system32\config 2013-10-26 20:47:25 ----RD---- C:\Program Files (x86) 2013-10-26 20:47:25 ----D---- C:\Windows\system32\drivers 2013-10-26 20:45:38 ----A---- C:\Windows\SYSWOW64\log.txt 2013-10-26 20:43:38 ----D---- C:\ProgramData\PDFC 2013-10-26 20:29:10 ----AD---- C:\Windows 2013-10-26 20:19:32 ----SHD---- C:\Windows\Installer 2013-10-26 20:18:59 ----D---- C:\Windows\inf 2013-10-26 20:17:31 ----D---- C:\Windows\System32 2013-10-26 20:17:21 ----D---- C:\Program Files\Common Files 2013-10-26 20:16:59 ----SHD---- C:\System Volume Information 2013-10-26 20:16:30 ----HD---- C:\ProgramData 2013-10-26 20:13:22 ----D---- C:\Program Files\CCleaner 2013-10-25 10:51:49 ----D---- C:\Windows\system32\catroot2 2013-10-24 19:36:40 ----D---- C:\Users\John\AppData\Roaming\f2fPreIntermediate 2013-10-23 15:09:55 ----D---- C:\Windows\Tasks 2013-10-23 15:09:55 ----D---- C:\Windows\system32\Tasks 2013-10-23 15:09:29 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-10-23 15:06:14 ----D---- C:\Users\John\AppData\Roaming\HpUpdate 2013-10-23 15:06:14 ----D---- C:\Users\John\AppData\Roaming\HP Support Assistant 2013-10-13 20:30:25 ----D---- C:\Windows\rescache 2013-10-11 18:02:53 ----D---- C:\Windows\winsxs 2013-10-11 18:00:18 ----D---- C:\Windows\system32\DriverStore 2013-10-11 17:59:22 ----D---- C:\Windows\system32\catroot 2013-10-11 17:59:21 ----D---- C:\Program Files\Microsoft Security Client 2013-10-11 17:59:19 ----D---- C:\Program Files (x86)\Microsoft Security Client 2013-10-11 17:54:06 ----D---- C:\Windows\Panther 2013-10-11 17:54:06 ----D---- C:\Windows\debug 2013-10-10 20:09:27 ----D---- C:\Windows\Microsoft.NET 2013-10-10 20:09:26 ----RSD---- C:\Windows\assembly 2013-10-10 18:59:08 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-10-10 18:52:32 ----AD---- C:\Windows\SysWOW64 2013-10-10 18:52:30 ----D---- C:\Program Files (x86)\Internet Explorer 2013-10-10 18:52:29 ----D---- C:\Program Files\Internet Explorer 2013-10-10 18:52:26 ----D---- C:\Windows\AppPatch 2013-10-10 14:55:50 ----D---- C:\ProgramData\Microsoft Help 2013-10-10 14:52:55 ----D---- C:\Program Files\Microsoft Silverlight 2013-10-10 14:52:55 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2013-10-10 14:51:37 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI 2013-10-10 14:47:46 ----D---- C:\Windows\system32\MRT 2013-10-10 14:45:00 ----A---- C:\Windows\system32\MRT.exe 2013-10-10 14:39:39 ----D---- C:\Windows\system32\nl-NL 2013-10-09 19:17:06 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-05 438808] R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 247216] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2012-03-19 89536] R1 RapportCerberus_56758;RapportCerberus_56758; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [2013-08-20 589872] R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-09-10 265872] R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-09-10 384432] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 139616] R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2010-10-19 56344] R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2012-12-06 2350176] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-18 189288] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776] R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10305; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-04-24 536576] R3 Trufos;Trufos; C:\Windows\system32\DRIVERS\Trufos.sys [2013-07-17 329800] S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2013-09-10 295696] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-02 89600] R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232] R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 LavasoftAdAwareService11;Ad-Aware Service 11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 517344] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2011-02-01 326168] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-08-12 23808] R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-03-15 889664] R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448] R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-09-10 1435928] R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-04-24 318464] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-08-12 366600] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576] S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17 136176] S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-15 2458944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376] S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [2013-07-23 240288] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-17 194032] S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-05 1255736] S4 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [2013-07-23 193696] S4 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] -----------------EOF----------------- -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
ja, gek he. Dan laten we het maar zo en zal ik het als opgelost zetten. Bedankt! -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Zoek.exe Version 4.0.0.2 Updated 28-03-2013 Tool run by Dhr. van on za 30-03-2013 at 9:51:02,24. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] "DisplayName"="Google" "URL"="{searchTerms} - Google Search}" "SuggestionsURLFallback"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}" "FaviconURLFallback"="http://www.google.com/favicon.ico" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] "DisplayName"="Google" "URL"="{searchTerms} - Google Search}" "SuggestionsURLFallback"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}" "FaviconURLFallback"="http://www.google.com/favicon.ico" - - - Updated - - - ik zie nog geen verschil, maar op zich is het ook niet verkeerd zoals het nu is. -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Zoek.exe Version 4.0.0.2 Updated 28-03-2013 Tool run by Dhr. van on za 30-03-2013 at 9:12:48,88. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected ==== Registry Exports ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{405C961F-6876-D2AC-3B81-551399A58B9F}] @="Bing" "URL"="{searchTerms} - Bing" "DisplayName"="@ieframe.dll,-12512" ==== Registry Exports x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="" -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Ik kom in ieder geval niet meer op bing terecht, maar ook niet op google. Nu zie ik een wit standaard windows scherm met tekst: deze pagina bestaat niet. Ik weet niet of het nog anders kan, maar anders is dit ok zo. -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Zoek.exe Version 4.0.0.2 Updated 28-03-2013 Tool run by Dhr. van on vr 29-03-2013 at 21:02:53,74. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {405C961F-6876-D2AC-3B81-551399A58B9F} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Zoek.exe Version 4.0.0.2 Updated 28-03-2013 Tool run by Dhr. van on vr 29-03-2013 at 18:32:25,71. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=- {405C961F-6876-D2AC-3B81-551399A58B9F} Bing Url=- -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Zoek.exe Version 4.0.0.2 Updated 28-03-2013 Tool run by Dhr. van on vr 29-03-2013 at 17:46:49,04. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected ==== FireFox Fix ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {405C961F-6876-D2AC-3B81-551399A58B9F} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Reset Google Chrome ====================== C:\users\Dhr. van \AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\users\Dhr. van \AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Dhr. van \Desktop\HiJackThis.lnk - C:\Users\Dhr. van Kempen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Dhr. van \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Dhr. van \AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files (x86)\CCleaner\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Ja, dat heb ik al lang gedaan en daar staat dus www.google.com. Maar toch gaat ie dan naar Bing. Daarom snap ik het dus niet ;-) -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
ik zal wel verkeerd zoeken, maar in mijn versie van IE (10) zie ik dit nergens staan bij de Opties. -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
IE inderdaad. Heb het zo snel niet gevonden bij de internet opties. Wel dat ik google mijn startpagina kan maken (heb ik gedaan), maar bij een niet-bestaande pagina kom ik op bing terecht. Zal ook wel ergens te regelen zijn. -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Dat had ik gedaan, maar als je dan een niet bestaande website probeert te benaderen, kom ik automatisch op suggesties van Bing (eerst dus funmoods). Dat zou ik ook graag google hebben, maar dat vind ik nog wel uit. nogmaals dank voor nu! -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
...En ik durfde bijna niet meer te kijken......maar het is inderdaad weg! Ik kom nu bij een niet bestaand web-adres op de bing-zoeksite. hehe! Ontzettend bedankt. het was even een trajectje....Nog een laatste vraag: hoe kan ik de bing site vervangen door standaard google met website-voorstellen? -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Zoek.exe Version 4.0.0.2 Updated 23-03-2013 Tool run by Dhr. van on wo 27-03-2013 at 18:23:40,38. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Funmoods] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchfunmoods.com] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED357B4A-D537-46B5-9622-89DB2527B7C7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] [-HKEY_USERS\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Funmoods] [-HKEY_USERS\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchfunmoods.com] -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
SystemLook 30.07.11 by jpshortstuff Log created at 20:47 on 26/03/2013 by Dhr. van Administrator - Elevation successful ========== filefind ========== Searching for "funmoods" C:\Windows\System32\Tasks\Funmoods --a---- 3326 bytes [14:43 29/12/2012] [14:43 29/12/2012] B997680CF7802B99E9C03677F28215FC ========== folderfind ========== Searching for "Funmoods " No folders found. ========== regfind ========== Searching for "Funmoods" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Funmoods] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Funmoods\Funmoods] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchfunmoods.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED357B4A-D537-46B5-9622-89DB2527B7C7}] "Path"="\Funmoods" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] @="Funmoods" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] "URL"="Funmoods Search" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] "DisplayName"="Funmoods" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] "TopResultURLFallback"="Funmoods Search" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] "FaviconURL"="http://searchfunmoods.com/favicon.ico" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] "FaviconPath"="C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] "FaviconURLFallback"="http://searchfunmoods.com/favicon.ico" [HKEY_USERS\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Funmoods] [HKEY_USERS\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Funmoods\Funmoods] [HKEY_USERS\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchfunmoods.com] -= EOF =- - - - Updated - - - dat is nog steeds een heleboel funmoods -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Dat dacht ik ook al een aantal keer. Als ik opnieuw programmaatjes run die je aangeraden hebt, komt er telkens ook niets meer uit. Dus ik zou ook denken dat alles weg is... - - - Updated - - - maar nee dus -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
==== Deleting Files \ Folders ====================== "funmoods" not found ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {405C961F-6876-D2AC-3B81-551399A58B9F} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dhr. van \AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dhr. van \AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\users\Dhr. van \AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\DHR~1.VAN\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied - - - Updated - - - HitmanPro heeft niets gevonden geeft het programma aan. Ik zie geen logbestandje. -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Nee, ik verzin het echt niet. Hij komt nog steeds :-( - - - Updated - - - Is het niet erg dat er error: unable to interpret voor staat? -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
All processes killed ========== COMMANDS ========== Restore point Set: OTL Restore Point Error: Unable to interpret < :OTL> in the current context! Error: Unable to interpret < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Funmoods Search> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\ica - No CLSID value found> in the current context! Error: Unable to interpret < O18:64bit: - Protocol\Filter\text/xml - No CLSID value found> in the current context! Error: Unable to interpret < O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context! Error: Unable to interpret < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context! Error: Unable to interpret < O30 - LSA: Security Packages - (livessp) - File not found> in the current context! Error: Unable to interpret < :Services> in the current context! Error: Unable to interpret < :Files> in the current context! Error: Unable to interpret < ipconfig /flushdns /c> in the current context! Error: Unable to interpret < :Commands> in the current context! C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Dhr. van ->Temp folder emptied: 137391 bytes ->Temporary Internet Files folder emptied: 90846056 bytes ->Google Chrome cache emptied: 819568 bytes ->Flash cache emptied: 720 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17090 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 88,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Dhr. van ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03262013_191236 Files\Folders moved on Reboot... C:\Users\Dhr. van \AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
OTL logfile created on: 26-3-2013 18:49:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dhr. van \Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 7,88 Gb Total Physical Memory | 6,75 Gb Available Physical Memory | 85,57% Memory free 9,07 Gb Paging File | 7,81 Gb Available in Paging File | 86,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,17 Gb Total Space | 521,81 Gb Free Space | 56,04% Space Free | Partition Type: NTFS Computer Name: WIN45245623643 | User Name: Dhr. van | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-03-26 18:48:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dhr. van \Desktop\OTL.com PRC - [2012-07-19 09:53:16 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2012-07-19 09:53:10 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2012-07-05 13:23:34 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe PRC - [2011-07-19 21:01:24 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe PRC - [2011-07-19 21:00:14 | 000,358,336 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe PRC - [2011-07-19 18:59:04 | 000,964,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013-02-02 09:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013-01-10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013-01-10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012-12-06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012-12-06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012-11-06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012-11-06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012-09-20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012-09-20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012-09-20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012-07-26 04:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2012-07-26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012-07-26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012-07-26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012-07-26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012-07-26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012-07-26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012-07-26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012-07-26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012-07-26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012-07-26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012-07-26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012-07-26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012-06-19 19:10:34 | 000,634,632 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel® SRV - [2012-11-06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012-10-10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012-07-26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012-07-19 09:53:16 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012-07-19 09:53:10 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012-07-05 13:23:34 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013-02-07 05:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013-02-02 12:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013-02-02 08:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013-01-10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013-01-10 02:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012-11-27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012-11-20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012-11-06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012-10-12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012-10-11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012-10-11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012-10-10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012-09-20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012-09-20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012-09-20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012-09-20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012-09-20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012-09-20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012-07-26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012-07-26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012-07-26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012-07-26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012-07-26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012-07-26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012-07-26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012-07-26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012-07-26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012-07-26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012-07-26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012-07-26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012-07-26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012-07-26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012-07-26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012-07-26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012-07-26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012-07-26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012-07-26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012-07-26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012-07-26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012-07-26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012-07-26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012-07-26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012-07-26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012-07-26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012-07-26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012-07-26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012-07-26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012-07-26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012-07-26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012-07-26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012-07-26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012-07-26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012-07-26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012-07-26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012-07-26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012-07-26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012-07-26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012-07-26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012-07-26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012-07-26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012-07-26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012-07-26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012-07-26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012-07-26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012-07-02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012-06-02 15:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2011-06-13 11:29:02 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ctxusbm.sys -- (ctxusbm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Funmoods Search IE - HKLM\..\SearchScopes\{405C961F-6876-D2AC-3B81-551399A58B9F}: "URL" = {searchTerms} - Bing IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 94 41 62 F3 CE CD 01 [binary data] IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\..\SearchScopes\{405C961F-6876-D2AC-3B81-551399A58B9F}: "URL" = {searchTerms} - Bing IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search} IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== O1 HOSTS File: ([2013-03-25 20:52:26 | 000,000,840 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\..Trusted Domains: ggzbreburg.nl ([portal] https in Vertrouwde websites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FC42585-82F0-4135-B0A2-06BDB7A16093}: DhcpNameServer = 212.54.40.25 212.54.35.25 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-03-26 18:48:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dhr. van \Desktop\OTL.com [2013-03-25 20:54:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013-03-25 20:52:56 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2013-03-25 20:52:56 | 000,000,000 | ---D | C] -- C:\Users\Dhr. van \AppData\Local\Temp [2013-03-25 20:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013-03-25 20:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013-03-25 18:34:08 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dhr. van \Desktop\dds.com [2013-03-24 20:22:24 | 005,044,071 | ---- | C] (Swearware) -- C:\Users\Dhr. van \Desktop\ComboFix.exe [2013-03-23 16:32:31 | 000,000,000 | ---D | C] -- C:\Users\Dhr. van \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013-03-23 16:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013-03-09 22:09:21 | 000,000,000 | ---D | C] -- C:\Users\Dhr. van \AppData\Roaming\WinRAR ========== Files - Modified Within 30 Days ========== [2013-03-26 18:48:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dhr. van \Desktop\OTL.com [2013-03-26 18:47:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-03-26 17:45:46 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-03-25 22:30:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-03-25 21:04:43 | 001,792,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-03-25 21:04:43 | 000,795,678 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013-03-25 21:04:43 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-03-25 21:04:43 | 000,158,970 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013-03-25 21:04:43 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-03-25 21:00:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013-03-25 21:00:24 | 2475,950,079 | -HS- | M] () -- C:\hiberfil.sys [2013-03-25 20:52:26 | 000,000,840 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013-03-25 20:50:57 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013-03-25 20:30:55 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013-03-25 18:34:08 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dhr. van \Desktop\dds.com [2013-03-24 20:22:33 | 005,044,071 | ---- | M] (Swearware) -- C:\Users\Dhr. van \Desktop\ComboFix.exe [2013-03-24 13:44:16 | 000,609,993 | ---- | M] () -- C:\Users\Dhr. van \Desktop\adwcleaner.exe [2013-03-23 21:51:31 | 001,264,814 | ---- | M] () -- C:\Users\Dhr. van \Desktop\zoek.exe [2013-03-23 16:32:31 | 000,003,019 | ---- | M] () -- C:\Users\Dhr. van \Desktop\HiJackThis.lnk [2013-03-23 16:11:37 | 000,319,436 | ---- | M] () -- C:\Users\Dhr. van \Desktop\ouders-helpen-kinderen.pdf [2013-03-23 14:37:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013-03-21 22:48:00 | 000,301,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013-03-25 20:52:56 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013-03-25 20:30:55 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013-03-24 13:44:16 | 000,609,993 | ---- | C] () -- C:\Users\Dhr. van \Desktop\adwcleaner.exe [2013-03-23 21:51:27 | 001,264,814 | ---- | C] () -- C:\Users\Dhr. van \Desktop\zoek.exe [2013-03-23 16:32:31 | 000,003,019 | ---- | C] () -- C:\Users\Dhr. van \Desktop\HiJackThis.lnk [2013-03-23 16:11:37 | 000,319,436 | ---- | C] () -- C:\Users\Dhr. van \Desktop\ouders-helpen-kinderen.pdf [2013-03-21 22:47:55 | 000,301,288 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-12-31 12:39:09 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012-12-31 12:39:09 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012-12-31 12:39:09 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2012-12-31 12:39:07 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012-12-31 12:39:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012-12-02 15:38:19 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012-11-30 16:26:16 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI [2012-11-26 13:46:59 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012-10-10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012-10-10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012-10-10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012-07-26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012-07-26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012-07-26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012-07-26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012-07-25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012-07-25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012-06-19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012-06-02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-01-10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-01-10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013-03-10 10:34:12 | 000,000,000 | ---D | M] -- C:\Users\Dhr. van \AppData\Roaming\Belastingdienst [2012-12-29 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Dhr. van \AppData\Roaming\FLVPlayerPackages [2013-03-24 14:57:26 | 000,000,000 | ---D | M] -- C:\Users\Dhr. van \AppData\Roaming\GrabIt [2012-11-30 14:04:33 | 000,000,000 | ---D | M] -- C:\Users\Dhr. van \AppData\Roaming\ICAClient [2013-03-02 10:40:40 | 000,000,000 | ---D | M] -- C:\Users\Dhr. van \AppData\Roaming\ImgBurn [2012-11-30 13:32:39 | 000,000,000 | ---D | M] -- C:\Users\Dhr. van \AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Helaas, heb cccleaner meerder malen gedraaid en alles verwijderd, maar nog steeds kom ik op funmoods als ik een onbekende website intype. Is er dan echt niets aan te doen? -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16519 Run by Dhr. van at 18:39:04 on 2013-03-25 Microsoft Windows 8 6.2.9200.0.1252.31.1043.18.8072.6936 [GMT 1:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\dashost.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\dwm.exe C:\Windows\system32\taskhostex.exe C:\Windows\Explorer.EXE C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe C:\Windows\System32\RuntimeBroker.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.nl/ mWinlogon: Userinit = userinit.exe, mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{1FC42585-82F0-4135-B0A2-06BDB7A16093} : DHCPNameServer = 212.54.40.25 212.54.35.25 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = hxxp://www.google.com x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\Drivers\ctxusbm.sys [2011-6-13 91864] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-26 166720] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-26 365376] R3 RTL8168;Realtek 8168 NT-stuurprogramma;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824] . =============== Created Last 30 ================ . 2013-03-25 17:00:10 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED6012EB-CB2C-4EB5-B462-C6A643D37E41}\mpengine.dll 2013-03-24 19:18:02 9311288 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-03-23 20:56:59 -------- d-sh--w- C:\$RECYCLE.BIN 2013-03-23 20:55:49 -------- d-----w- C:\Users\Dhr. van \AppData\Local\Temp 2013-03-23 15:32:31 388096 ----a-r- C:\Users\Dhr. van Kempen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-23 15:32:30 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-03-21 17:54:55 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-03-10 20:00:26 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-02-27 15:52:37 1010688 ----a-w- C:\Windows\System32\reseteng.dll 2013-02-27 15:52:36 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll 2013-02-27 15:52:35 443392 ----a-w- C:\Windows\System32\ReAgent.dll . ==================== Find3M ==================== . 2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll 2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll 2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll 2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-02-12 00:25:18 4041728 ----a-w- C:\Windows\System32\win32k.sys 2013-02-07 04:09:56 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys 2013-02-07 03:34:58 10115072 ----a-w- C:\Windows\System32\twinui.dll 2013-02-07 03:33:47 2302464 ----a-w- C:\Windows\System32\authui.dll 2013-02-07 03:33:42 2146816 ----a-w- C:\Windows\System32\actxprxy.dll 2013-02-07 01:34:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll 2013-02-07 01:33:03 2033664 ----a-w- C:\Windows\SysWow64\authui.dll 2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll 2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys 2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2013-02-05 04:58:01 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-05 04:56:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2013-02-04 22:39:47 2246656 ----a-w- C:\Windows\System32\wininet.dll 2013-02-04 22:39:39 907776 ----a-w- C:\Windows\System32\uxtheme.dll 2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS 2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys 2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys 2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll 2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe 2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe 2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe 2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll 2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll 2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll 2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll 2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll 2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll 2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll 2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll 2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll 2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll 2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll 2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll 2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll 2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll 2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe 2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe 2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll 2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll 2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll 2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll 2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll 2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll 2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll 2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll 2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll 2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll 2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll 2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll 2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll 2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll 2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll 2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll 2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll 2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll 2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys 2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys 2013-02-02 05:41:57 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll 2013-02-02 05:31:54 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys 2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe 2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe 2013-01-09 23:26:35 410624 ----a-w- C:\Windows\SysWow64\Windows.Networking.dll 2013-01-09 23:26:35 261120 ----a-w- C:\Windows\SysWow64\Windows.Media.dll 2013-01-09 23:26:23 1752064 ----a-w- C:\Windows\SysWow64\setupapi.dll 2013-01-09 23:26:20 67584 ----a-w- C:\Windows\SysWow64\samlib.dll 2013-01-09 23:26:04 890880 ----a-w- C:\Windows\SysWow64\msctf.dll 2013-01-09 23:26:03 436736 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL . ============= FINISH: 18:39:16,71 =============== -
Funmoods verwijderen
camel1980 reageerde op camel1980's topic in Archief Bestrijding malware & virussen
Ik probeer combofix te installeren, maar krijg de melding dat mijn systeem (Windows8) niet ondersteund wordt en dus wordt de installatie afgebroken.
