camel1980
-
Items
83 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door camel1980
-
-
Dank Kape voor je snelle reactie. Zoals gezegd, het mogelijke probleem speelt bij mijn ouders op de PC en daar ben ik nu niet. Morgen zal ik je advies bij hun uitvoeren en het logje hier plaatsen!
-
Hallo,
Mijn ouders zijn niet zo slim geweest en hebben in een mailtje van een bekende een link aangeklikt die mogelijk naar een geinfecteerde website o.i.d. leidt. Ze kunnen me niet meer exact vertellen wat ze gedaan of gezien hebben.
Ik heb een aantal tools gedraaid en de logjes plaats ik hieronder. Ik ben bang voor een infectie of misschien kwaadaardige codes. Is er een risico dat er een programma is geinstalleerd dat hun wachtwoorden voor bank e.d. kan onderscheppen? Er is vooralsnog niets abnormaals aan de computer en de werking te merken.
Ik zou zeer blij zijn als iemand de logjes kan beoordelen.
Eerste logje is van adwcleaner. Dan malwarebites en ten slotte de system information tool.
# AdwCleaner v3.010 - Report created 26/10/2013 at 20:42:04
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - JOHN-HP
# Running from : C:\Users\John\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Google Chrome v30.0.1599.101
[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2209 octets] - [26/10/2013 20:40:26]
AdwCleaner[s0].txt - [1801 octets] - [26/10/2013 20:42:04]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1861 octets] ##########
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download
Databaseversie: v2013.10.26.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
John :: JOHN-HP [administrator]
26-10-2013 20:48:28
mbam-log-2013-10-26 (20-48-28).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 221431
Verstreken tijd: 4 minuut/minuten, 15 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
--------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by John at 2013-10-26 21:05:09
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1341 GB (95%) free of 1418 GB
Total RAM: 8175 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:05:10, on 26-10-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\John.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O2 - BHO: InformBar - {5A355B83-4C09-4D4C-B798-FCAB42ED8C63} - C:\Program Files (x86)\InformBar\InformBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14229 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe"
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\IDT\WDM\AESTSr64.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe" -servicelaunch=true
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
taskeng.exe {65F90387-731A-474C-B34E-E4268EC5E5BB}
"C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-eb609f8f-fbf1-43be-80f5-4a8fcb5febb1 -SystemEventPortName:HostProcess-2fc4720b-61b9-449f-acb9-6fa2a96ca079 -IoCancelEventPortName:HostProcess-cbac33d3-4e0d-4f40-b6ca-80dce63044c0 -NonStateChangingEventPortName:HostProcess-6f180804-105f-45a7-b454-7632b1f8f4c9 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:bbc5b1db-d7d2-49e6-aa8d-a24125e6c1b5 -DeviceGroupId:WpdFsGroup
WLIDSvcM.exe 2584
"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe"
"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe" -Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
"C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE"
"C:\Windows\sysWow64\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-172010361-3872859168-1060491772-10006_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-172010361-3872859168-1060491772-10006 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4912 CREDAT:267521 /prefetch:2
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\John\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForJohn.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A355B83-4C09-4D4C-B798-FCAB42ED8C63}]
InformBar - C:\Program Files (x86)\InformBar\InformBar64.dll [2012-03-13 72904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-08 256080]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23 1451680]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A355B83-4C09-4D4C-B798-FCAB42ED8C63}]
InformBar - C:\Program Files (x86)\InformBar\InformBar.dll [2012-03-13 64712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-08 194640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-08 256080]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23 1451680]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-08 194640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-08-12 1356240]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-04-24 1425408]
""= []
"AdAwareTray"=C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe [2013-10-18 2493272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeatsOSDApp]
C:\Program Files\IDT\WDM\beats64.exe [2010-10-21 37888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files (x86)\PDF Complete\pdfsty.exe [2011-02-01 656920]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"LaunchHPOSIAPP"=C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [2009-04-04 385024]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2011-02-10 61112]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2012-03-28 309184]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2011-08-15 52920]
"UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-10-26 20:54:08 ----D---- C:\rsit
2013-10-26 20:54:08 ----D---- C:\Program Files\trend micro
2013-10-26 20:47:25 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-26 20:47:25 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-10-26 20:40:24 ----D---- C:\AdwCleaner
2013-10-26 20:30:19 ----D---- C:\Users\John\AppData\Roaming\Lavasoft
2013-10-26 20:28:03 ----D---- C:\Users\John\AppData\Roaming\LavasoftStatistics
2013-10-26 20:18:57 ----D---- C:\Program Files\Lavasoft
2013-10-26 20:17:21 ----D---- C:\Program Files\Common Files\Lavasoft
2013-10-26 20:16:30 ----D---- C:\ProgramData\Lavasoft
2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbport.sys
2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbohci.sys
2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbhub.sys
2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbehci.sys
2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbd.sys
2013-10-11 17:58:12 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2013-10-10 14:54:21 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-10-10 14:54:20 ----A---- C:\Windows\system32\ieui.dll
2013-10-10 14:54:19 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-10-10 14:54:18 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-10-10 14:54:18 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-10-10 14:54:18 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-10-10 14:54:18 ----A---- C:\Windows\system32\iesetup.dll
2013-10-10 14:54:18 ----A---- C:\Windows\system32\iernonce.dll
2013-10-10 14:54:18 ----A---- C:\Windows\system32\ie4uinit.exe
2013-10-10 14:54:17 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-10-10 14:54:17 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 14:54:17 ----A---- C:\Windows\system32\iesysprep.dll
2013-10-10 14:54:16 ----A---- C:\Windows\system32\iertutil.dll
2013-10-10 14:54:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-10-10 14:54:14 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-10-10 14:54:14 ----A---- C:\Windows\system32\msfeeds.dll
2013-10-10 14:54:14 ----A---- C:\Windows\system32\jscript.dll
2013-10-10 14:54:11 ----A---- C:\Windows\system32\jscript9.dll
2013-10-10 14:54:10 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-10-10 14:54:09 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-10-10 14:54:09 ----A---- C:\Windows\system32\urlmon.dll
2013-10-10 14:54:07 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-10-10 14:54:07 ----A---- C:\Windows\system32\jsproxy.dll
2013-10-10 14:54:06 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-10-10 14:54:06 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-10-10 14:54:06 ----A---- C:\Windows\system32\wininet.dll
2013-10-10 14:54:05 ----A---- C:\Windows\system32\ieframe.dll
2013-10-10 14:54:03 ----A---- C:\Windows\system32\mshtml.dll
2013-10-10 14:54:01 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-10-10 13:58:39 ----A---- C:\Windows\system32\comctl32.dll
2013-10-10 13:58:38 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2013-10-10 13:58:36 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2013-10-10 13:58:36 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2013-10-10 13:58:36 ----A---- C:\Windows\system32\lpk.dll
2013-10-10 13:58:36 ----A---- C:\Windows\system32\dciman32.dll
2013-10-10 13:58:36 ----A---- C:\Windows\system32\atmfd.dll
2013-10-10 13:58:35 ----A---- C:\Windows\SYSWOW64\lpk.dll
2013-10-10 13:58:35 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2013-10-10 13:58:35 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2013-10-10 13:58:35 ----A---- C:\Windows\system32\fontsub.dll
2013-10-10 13:58:35 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-10-10 13:58:35 ----A---- C:\Windows\system32\atmlib.dll
2013-10-10 13:58:34 ----A---- C:\Windows\system32\drivers\usbcir.sys
2013-10-10 13:58:34 ----A---- C:\Windows\system32\drivers\hidparse.sys
2013-10-10 13:58:34 ----A---- C:\Windows\system32\drivers\hidclass.sys
2013-10-10 13:58:33 ----A---- C:\Windows\system32\WebClnt.dll
2013-10-10 13:58:32 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2013-10-10 13:58:32 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2013-10-10 13:58:32 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2013-10-10 13:58:32 ----A---- C:\Windows\system32\davclnt.dll
2013-10-10 13:58:31 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2013-10-10 13:58:31 ----A---- C:\Windows\system32\mswsock.dll
2013-10-10 13:58:31 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-10-10 13:58:31 ----A---- C:\Windows\system32\drivers\afd.sys
2013-10-10 13:58:30 ----A---- C:\Windows\system32\win32k.sys
2013-10-10 13:58:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-10-10 13:58:23 ----A---- C:\Windows\system32\advapi32.dll
2013-10-10 13:58:22 ----A---- C:\Windows\SYSWOW64\tdh.dll
2013-10-10 13:58:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-10-10 13:58:22 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-10-10 13:58:22 ----A---- C:\Windows\system32\tdh.dll
2013-10-10 13:58:21 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2013-10-10 13:58:21 ----A---- C:\Windows\system32\ntdll.dll
2013-10-10 13:58:20 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-10-10 13:58:19 ----A---- C:\Windows\system32\wow64.dll
2013-10-10 13:58:14 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-10-10 13:58:14 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-10-10 13:58:14 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-10-10 13:58:14 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-10-10 13:58:13 ----A---- C:\Windows\SYSWOW64\user.exe
2013-10-10 13:58:08 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 13:58:07 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 13:58:07 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-10-10 13:58:06 ----A---- C:\Windows\system32\scavengeui.dll
======List of files/folders modified in the last 1 month======
2013-10-26 21:03:11 ----D---- C:\Windows\Temp
2013-10-26 20:54:09 ----D---- C:\Windows\Prefetch
2013-10-26 20:54:08 ----RD---- C:\Program Files
2013-10-26 20:53:37 ----D---- C:\Windows\system32\config
2013-10-26 20:47:25 ----RD---- C:\Program Files (x86)
2013-10-26 20:47:25 ----D---- C:\Windows\system32\drivers
2013-10-26 20:45:38 ----A---- C:\Windows\SYSWOW64\log.txt
2013-10-26 20:43:38 ----D---- C:\ProgramData\PDFC
2013-10-26 20:29:10 ----AD---- C:\Windows
2013-10-26 20:19:32 ----SHD---- C:\Windows\Installer
2013-10-26 20:18:59 ----D---- C:\Windows\inf
2013-10-26 20:17:31 ----D---- C:\Windows\System32
2013-10-26 20:17:21 ----D---- C:\Program Files\Common Files
2013-10-26 20:16:59 ----SHD---- C:\System Volume Information
2013-10-26 20:16:30 ----HD---- C:\ProgramData
2013-10-26 20:13:22 ----D---- C:\Program Files\CCleaner
2013-10-25 10:51:49 ----D---- C:\Windows\system32\catroot2
2013-10-24 19:36:40 ----D---- C:\Users\John\AppData\Roaming\f2fPreIntermediate
2013-10-23 15:09:55 ----D---- C:\Windows\Tasks
2013-10-23 15:09:55 ----D---- C:\Windows\system32\Tasks
2013-10-23 15:09:29 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-23 15:06:14 ----D---- C:\Users\John\AppData\Roaming\HpUpdate
2013-10-23 15:06:14 ----D---- C:\Users\John\AppData\Roaming\HP Support Assistant
2013-10-13 20:30:25 ----D---- C:\Windows\rescache
2013-10-11 18:02:53 ----D---- C:\Windows\winsxs
2013-10-11 18:00:18 ----D---- C:\Windows\system32\DriverStore
2013-10-11 17:59:22 ----D---- C:\Windows\system32\catroot
2013-10-11 17:59:21 ----D---- C:\Program Files\Microsoft Security Client
2013-10-11 17:59:19 ----D---- C:\Program Files (x86)\Microsoft Security Client
2013-10-11 17:54:06 ----D---- C:\Windows\Panther
2013-10-11 17:54:06 ----D---- C:\Windows\debug
2013-10-10 20:09:27 ----D---- C:\Windows\Microsoft.NET
2013-10-10 20:09:26 ----RSD---- C:\Windows\assembly
2013-10-10 18:59:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-10-10 18:52:32 ----AD---- C:\Windows\SysWOW64
2013-10-10 18:52:30 ----D---- C:\Program Files (x86)\Internet Explorer
2013-10-10 18:52:29 ----D---- C:\Program Files\Internet Explorer
2013-10-10 18:52:26 ----D---- C:\Windows\AppPatch
2013-10-10 14:55:50 ----D---- C:\ProgramData\Microsoft Help
2013-10-10 14:52:55 ----D---- C:\Program Files\Microsoft Silverlight
2013-10-10 14:52:55 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 14:51:37 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-10-10 14:47:46 ----D---- C:\Windows\system32\MRT
2013-10-10 14:45:00 ----A---- C:\Windows\system32\MRT.exe
2013-10-10 14:39:39 ----D---- C:\Windows\system32\nl-NL
2013-10-09 19:17:06 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-05 438808]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 247216]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2012-03-19 89536]
R1 RapportCerberus_56758;RapportCerberus_56758; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [2013-08-20 589872]
R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-09-10 265872]
R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-09-10 384432]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 139616]
R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2012-12-06 2350176]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-18 189288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10305; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-04-24 536576]
R3 Trufos;Trufos; C:\Windows\system32\DRIVERS\Trufos.sys [2013-07-17 329800]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2013-09-10 295696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 LavasoftAdAwareService11;Ad-Aware Service 11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 517344]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-08-12 23808]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-03-15 889664]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-09-10 1435928]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-04-24 318464]
R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-08-12 366600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-15 2458944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [2013-07-23 240288]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-17 194032]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-05 1255736]
S4 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [2013-07-23 193696]
S4 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
-----------------EOF-----------------
-
ja, gek he. Dan laten we het maar zo en zal ik het als opgelost zetten. Bedankt!
-
Zoek.exe Version 4.0.0.2 Updated 28-03-2013
Tool run by Dhr. van on za 30-03-2013 at 9:51:02,24.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"DisplayName"="Google"
"URL"="{searchTerms} - Google Search}"
"SuggestionsURLFallback"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
"FaviconURLFallback"="http://www.google.com/favicon.ico"
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"DisplayName"="Google"
"URL"="{searchTerms} - Google Search}"
"SuggestionsURLFallback"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
"FaviconURLFallback"="http://www.google.com/favicon.ico"
- - - Updated - - -
ik zie nog geen verschil, maar op zich is het ook niet verkeerd zoals het nu is.
-
Zoek.exe Version 4.0.0.2 Updated 28-03-2013
Tool run by Dhr. van on za 30-03-2013 at 9:12:48,88.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
==== Registry Exports ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{405C961F-6876-D2AC-3B81-551399A58B9F}]
@="Bing"
"URL"="{searchTerms} - Bing"
"DisplayName"="@ieframe.dll,-12512"
==== Registry Exports x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=""
-
Ik kom in ieder geval niet meer op bing terecht, maar ook niet op google. Nu zie ik een wit standaard windows scherm met tekst: deze pagina bestaat niet. Ik weet niet of het nog anders kan, maar anders is dit ok zo.
-
Zoek.exe Version 4.0.0.2 Updated 28-03-2013
Tool run by Dhr. van on vr 29-03-2013 at 21:02:53,74.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"
{405C961F-6876-D2AC-3B81-551399A58B9F} Bing Url="{searchTerms} - Bing"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
-
Zoek.exe Version 4.0.0.2 Updated 28-03-2013
Tool run by Dhr. van on vr 29-03-2013 at 18:32:25,71.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=-
{405C961F-6876-D2AC-3B81-551399A58B9F} Bing Url=-
-
Zoek.exe Version 4.0.0.2 Updated 28-03-2013
Tool run by Dhr. van on vr 29-03-2013 at 17:46:49,04.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
==== FireFox Fix ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"
{405C961F-6876-D2AC-3B81-551399A58B9F} Bing Url="{searchTerms} - Bing"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
==== Reset Google Chrome ======================
C:\users\Dhr. van \AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Dhr. van \AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Dhr. van \Desktop\HiJackThis.lnk - C:\Users\Dhr. van Kempen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Dhr. van \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Dhr. van \AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files (x86)\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
-
Ja, dat heb ik al lang gedaan en daar staat dus www.google.com. Maar toch gaat ie dan naar Bing. Daarom snap ik het dus niet ;-)
-
ik zal wel verkeerd zoeken, maar in mijn versie van IE (10) zie ik dit nergens staan bij de Opties.
-
IE inderdaad. Heb het zo snel niet gevonden bij de internet opties. Wel dat ik google mijn startpagina kan maken (heb ik gedaan), maar bij een niet-bestaande pagina kom ik op bing terecht. Zal ook wel ergens te regelen zijn.
-
Dat had ik gedaan, maar als je dan een niet bestaande website probeert te benaderen, kom ik automatisch op suggesties van Bing (eerst dus funmoods). Dat zou ik ook graag google hebben, maar dat vind ik nog wel uit. nogmaals dank voor nu!
-
...En ik durfde bijna niet meer te kijken......maar het is inderdaad weg! Ik kom nu bij een niet bestaand web-adres op de bing-zoeksite. hehe! Ontzettend bedankt. het was even een trajectje....Nog een laatste vraag: hoe kan ik de bing site vervangen door standaard google met website-voorstellen?
-
Zoek.exe Version 4.0.0.2 Updated 23-03-2013
Tool run by Dhr. van on wo 27-03-2013 at 18:23:40,38.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Funmoods]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchfunmoods.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED357B4A-D537-46B5-9622-89DB2527B7C7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKEY_USERS\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Funmoods]
[-HKEY_USERS\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchfunmoods.com]
-
SystemLook 30.07.11 by jpshortstuff
Log created at 20:47 on 26/03/2013 by Dhr. van
Administrator - Elevation successful
========== filefind ==========
Searching for "funmoods"
C:\Windows\System32\Tasks\Funmoods --a---- 3326 bytes [14:43 29/12/2012] [14:43 29/12/2012] B997680CF7802B99E9C03677F28215FC
========== folderfind ==========
Searching for "Funmoods "
No folders found.
========== regfind ==========
Searching for "Funmoods"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Funmoods]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Funmoods\Funmoods]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchfunmoods.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED357B4A-D537-46B5-9622-89DB2527B7C7}]
"Path"="\Funmoods"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Funmoods"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="Funmoods Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Funmoods"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"TopResultURLFallback"="Funmoods Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURL"="http://searchfunmoods.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconPath"="C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback"="http://searchfunmoods.com/favicon.ico"
[HKEY_USERS\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Funmoods]
[HKEY_USERS\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Funmoods\Funmoods]
[HKEY_USERS\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchfunmoods.com]
-= EOF =-
- - - Updated - - -
dat is nog steeds een heleboel funmoods
-
Dat dacht ik ook al een aantal keer. Als ik opnieuw programmaatjes run die je aangeraden hebt, komt er telkens ook niets meer uit. Dus ik zou ook denken dat alles weg is...
- - - Updated - - -
maar nee dus
-
==== Deleting Files \ Folders ======================
"funmoods" not found
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{405C961F-6876-D2AC-3B81-551399A58B9F} Bing Url="{searchTerms} - Bing"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dhr. van \AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dhr. van \AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\users\Dhr. van \AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\DHR~1.VAN\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
- - - Updated - - -
HitmanPro heeft niets gevonden geeft het programma aan. Ik zie geen logbestandje.
-
Nee, ik verzin het echt niet. Hij komt nog steeds :-(
- - - Updated - - -
Is het niet erg dat er error: unable to interpret voor staat?
-
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Funmoods Search> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\ica - No CLSID value found> in the current context!
Error: Unable to interpret < O18:64bit: - Protocol\Filter\text/xml - No CLSID value found> in the current context!
Error: Unable to interpret < O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret < O30 - LSA: Security Packages - (livessp) - File not found> in the current context!
Error: Unable to interpret < :Services> in the current context!
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
Error: Unable to interpret < :Commands> in the current context!
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dhr. van
->Temp folder emptied: 137391 bytes
->Temporary Internet Files folder emptied: 90846056 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 720 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17090 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 88,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Dhr. van
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03262013_191236
Files\Folders moved on Reboot...
C:\Users\Dhr. van \AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
OTL logfile created on: 26-3-2013 18:49:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dhr. van \Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
7,88 Gb Total Physical Memory | 6,75 Gb Available Physical Memory | 85,57% Memory free
9,07 Gb Paging File | 7,81 Gb Available in Paging File | 86,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,17 Gb Total Space | 521,81 Gb Free Space | 56,04% Space Free | Partition Type: NTFS
Computer Name: WIN45245623643 | User Name: Dhr. van | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013-03-26 18:48:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dhr. van \Desktop\OTL.com
PRC - [2012-07-19 09:53:16 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012-07-19 09:53:10 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012-07-05 13:23:34 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011-07-19 21:01:24 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011-07-19 21:00:14 | 000,358,336 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2011-07-19 18:59:04 | 000,964,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2013-02-02 09:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-01-10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-01-10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012-12-06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012-12-06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012-11-06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-11-06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012-09-20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012-09-20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012-09-20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012-07-26 04:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012-07-26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012-07-26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012-07-26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012-06-19 19:10:34 | 000,634,632 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2012-11-06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-10-10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-07-26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-07-19 09:53:16 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-19 09:53:10 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-07-05 13:23:34 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013-02-07 05:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-02-02 12:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-02-02 08:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-01-10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-01-10 02:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012-11-27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012-11-20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012-11-06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012-10-12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-10-11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012-10-11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012-10-10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-09-20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012-09-20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012-09-20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012-09-20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-09-20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-09-20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012-07-26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012-07-26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012-07-26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012-07-26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012-07-26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012-07-26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012-07-26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-07-02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-06-02 15:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011-06-13 11:29:02 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ctxusbm.sys -- (ctxusbm)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Funmoods Search
IE - HKLM\..\SearchScopes\{405C961F-6876-D2AC-3B81-551399A58B9F}: "URL" = {searchTerms} - Bing
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 94 41 62 F3 CE CD 01 [binary data]
IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\..\SearchScopes\{405C961F-6876-D2AC-3B81-551399A58B9F}: "URL" = {searchTerms} - Bing
IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search}
IE - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
O1 HOSTS File: ([2013-03-25 20:52:26 | 000,000,840 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1221115360-33263869-4063845751-1001\..Trusted Domains: ggzbreburg.nl ([portal] https in Vertrouwde websites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FC42585-82F0-4135-B0A2-06BDB7A16093}: DhcpNameServer = 212.54.40.25 212.54.35.25
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013-03-26 18:48:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dhr. van \Desktop\OTL.com
[2013-03-25 20:54:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013-03-25 20:52:56 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013-03-25 20:52:56 | 000,000,000 | ---D | C] -- C:\Users\Dhr. van \AppData\Local\Temp
[2013-03-25 20:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013-03-25 20:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-03-25 18:34:08 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dhr. van \Desktop\dds.com
[2013-03-24 20:22:24 | 005,044,071 | ---- | C] (Swearware) -- C:\Users\Dhr. van \Desktop\ComboFix.exe
[2013-03-23 16:32:31 | 000,000,000 | ---D | C] -- C:\Users\Dhr. van \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013-03-23 16:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013-03-09 22:09:21 | 000,000,000 | ---D | C] -- C:\Users\Dhr. van \AppData\Roaming\WinRAR
========== Files - Modified Within 30 Days ==========
[2013-03-26 18:48:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dhr. van \Desktop\OTL.com
[2013-03-26 18:47:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-03-26 17:45:46 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-25 22:30:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-25 21:04:43 | 001,792,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-03-25 21:04:43 | 000,795,678 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-03-25 21:04:43 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-03-25 21:04:43 | 000,158,970 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-03-25 21:04:43 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-03-25 21:00:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013-03-25 21:00:24 | 2475,950,079 | -HS- | M] () -- C:\hiberfil.sys
[2013-03-25 20:52:26 | 000,000,840 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013-03-25 20:50:57 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013-03-25 20:30:55 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-03-25 18:34:08 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dhr. van \Desktop\dds.com
[2013-03-24 20:22:33 | 005,044,071 | ---- | M] (Swearware) -- C:\Users\Dhr. van \Desktop\ComboFix.exe
[2013-03-24 13:44:16 | 000,609,993 | ---- | M] () -- C:\Users\Dhr. van \Desktop\adwcleaner.exe
[2013-03-23 21:51:31 | 001,264,814 | ---- | M] () -- C:\Users\Dhr. van \Desktop\zoek.exe
[2013-03-23 16:32:31 | 000,003,019 | ---- | M] () -- C:\Users\Dhr. van \Desktop\HiJackThis.lnk
[2013-03-23 16:11:37 | 000,319,436 | ---- | M] () -- C:\Users\Dhr. van \Desktop\ouders-helpen-kinderen.pdf
[2013-03-23 14:37:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-03-21 22:48:00 | 000,301,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013-03-25 20:52:56 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013-03-25 20:30:55 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-03-24 13:44:16 | 000,609,993 | ---- | C] () -- C:\Users\Dhr. van \Desktop\adwcleaner.exe
[2013-03-23 21:51:27 | 001,264,814 | ---- | C] () -- C:\Users\Dhr. van \Desktop\zoek.exe
[2013-03-23 16:32:31 | 000,003,019 | ---- | C] () -- C:\Users\Dhr. van \Desktop\HiJackThis.lnk
[2013-03-23 16:11:37 | 000,319,436 | ---- | C] () -- C:\Users\Dhr. van \Desktop\ouders-helpen-kinderen.pdf
[2013-03-21 22:47:55 | 000,301,288 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-12-31 12:39:09 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012-12-31 12:39:09 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012-12-31 12:39:09 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012-12-31 12:39:07 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-12-31 12:39:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012-12-02 15:38:19 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012-11-30 16:26:16 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2012-11-26 13:46:59 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012-10-10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-10-10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012-10-10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012-07-26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012-07-26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012-07-26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012-07-26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012-07-25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012-07-25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012-06-19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012-06-02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-01-10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-01-10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013-03-10 10:34:12 | 000,000,000 | ---D | M] -- C:\Users\Dhr. van \AppData\Roaming\Belastingdienst
[2012-12-29 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Dhr. van \AppData\Roaming\FLVPlayerPackages
[2013-03-24 14:57:26 | 000,000,000 | ---D | M] -- C:\Users\Dhr. van \AppData\Roaming\GrabIt
[2012-11-30 14:04:33 | 000,000,000 | ---D | M] -- C:\Users\Dhr. van \AppData\Roaming\ICAClient
[2013-03-02 10:40:40 | 000,000,000 | ---D | M] -- C:\Users\Dhr. van \AppData\Roaming\ImgBurn
[2012-11-30 13:32:39 | 000,000,000 | ---D | M] -- C:\Users\Dhr. van \AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
-
Helaas, heb cccleaner meerder malen gedraaid en alles verwijderd, maar nog steeds kom ik op funmoods als ik een onbekende website intype. Is er dan echt niets aan te doen?
-
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16519
Run by Dhr. van at 18:39:04 on 2013-03-25
Microsoft Windows 8 6.2.9200.0.1252.31.1043.18.8072.6936 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
mWinlogon: Userinit = userinit.exe,
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{1FC42585-82F0-4135-B0A2-06BDB7A16093} : DHCPNameServer = 212.54.40.25 212.54.35.25
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\Drivers\ctxusbm.sys [2011-6-13 91864]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-26 166720]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-26 365376]
R3 RTL8168;Realtek 8168 NT-stuurprogramma;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
.
=============== Created Last 30 ================
.
2013-03-25 17:00:10 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED6012EB-CB2C-4EB5-B462-C6A643D37E41}\mpengine.dll
2013-03-24 19:18:02 9311288 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-03-23 20:56:59 -------- d-sh--w- C:\$RECYCLE.BIN
2013-03-23 20:55:49 -------- d-----w- C:\Users\Dhr. van \AppData\Local\Temp
2013-03-23 15:32:31 388096 ----a-r- C:\Users\Dhr. van Kempen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-23 15:32:30 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-03-21 17:54:55 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-10 20:00:26 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-02-27 15:52:37 1010688 ----a-w- C:\Windows\System32\reseteng.dll
2013-02-27 15:52:36 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll
2013-02-27 15:52:35 443392 ----a-w- C:\Windows\System32\ReAgent.dll
.
==================== Find3M ====================
.
2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll
2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll
2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-02-12 00:25:18 4041728 ----a-w- C:\Windows\System32\win32k.sys
2013-02-07 04:09:56 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2013-02-07 03:34:58 10115072 ----a-w- C:\Windows\System32\twinui.dll
2013-02-07 03:33:47 2302464 ----a-w- C:\Windows\System32\authui.dll
2013-02-07 03:33:42 2146816 ----a-w- C:\Windows\System32\actxprxy.dll
2013-02-07 01:34:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-02-07 01:33:03 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2013-02-05 04:58:01 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-05 04:56:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-02-04 22:39:47 2246656 ----a-w- C:\Windows\System32\wininet.dll
2013-02-04 22:39:39 907776 ----a-w- C:\Windows\System32\uxtheme.dll
2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys
2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe
2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe
2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll
2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll
2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll
2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll
2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll
2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll
2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll
2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll
2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll
2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe
2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe
2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll
2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll
2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll
2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll
2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll
2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll
2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll
2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll
2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll
2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll
2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll
2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll
2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll
2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll
2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll
2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll
2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys
2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-02-02 05:41:57 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-02-02 05:31:54 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe
2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe
2013-01-09 23:26:35 410624 ----a-w- C:\Windows\SysWow64\Windows.Networking.dll
2013-01-09 23:26:35 261120 ----a-w- C:\Windows\SysWow64\Windows.Media.dll
2013-01-09 23:26:23 1752064 ----a-w- C:\Windows\SysWow64\setupapi.dll
2013-01-09 23:26:20 67584 ----a-w- C:\Windows\SysWow64\samlib.dll
2013-01-09 23:26:04 890880 ----a-w- C:\Windows\SysWow64\msctf.dll
2013-01-09 23:26:03 436736 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL
.
============= FINISH: 18:39:16,71 ===============
-
Ik probeer combofix te installeren, maar krijg de melding dat mijn systeem (Windows8) niet ondersteund wordt en dus wordt de installatie afgebroken.
Mogelijk geinfecteerde link aangeklikt in mailtje
in Archief Bestrijding malware & virussen
Geplaatst:
Maar je ziet dus geen directe reden voor een infectie met schadelijek software of scripts?