fluup
-
Items
28 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door fluup
-
-
voor het ogenblik niks meer , nu nog de updates van windows installeren en dan alles goed in de gaten houden.
hartelijk dank voor de hulp
philip
-
hierbij het log
Zoek.exe v5.0.0.0 Updated 18-Januari-2014
Tool run by Philip on zo 19/01/2014 at 23:06:37,11.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Philip\Desktop\zoek.exe [scan all users] [script inserted]
==== Older Logs ======================
C:\zoek-results2014-01-19-174634.log 38875 bytes
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2255611087-1238972643-2999816019-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2255611087-1238972643-2999816019-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3A68474B-8492-43B8-B96F-311FD18BE3FD} deleted successfully
HKEY_USERS\S-1-5-21-2255611087-1238972643-2999816019-1001\Software\Microsoft\Internet Explorer\SearchScopes\{47B4D96C-D942-4460-9F01-74F562128EFC} deleted successfully
HKEY_USERS\S-1-5-21-2255611087-1238972643-2999816019-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2255611087-1238972643-2999816019-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2255611087-1238972643-2999816019-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default
---- Lines BabylonToolbar removed from prefs.js ----
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=110000");
user_pref("extensions.BabylonToolbar.bbDpng", 29);
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "ca8fa289000000000000485d60cef9db");
user_pref("extensions.BabylonToolbar.instlDay", "15396");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.keyWordUrl", "http://search.babylon.com/?AF=110000&babsrc=adbartrp&mntrId=ca8fa289000000000000485d60cef9db&q=");
user_pref("extensions.BabylonToolbar.lastDP", 29);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1722:12:41");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "10.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 69099363);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1722:12:41");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110000");
user_pref("extensions.BabylonToolbar_i.hardId", "ca8fa289000000000000485d60cef9db");
user_pref("extensions.BabylonToolbar_i.id", "ca8fa289000000000000485d60cef9db");
user_pref("extensions.BabylonToolbar_i.instlDay", "15396");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:12:41");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
---- Lines BabylonToolbar removed from user.js ----
user_pref("extensions.BabylonToolbar_i.id", "ca8fa289000000000000485d60cef9db");
user_pref("extensions.BabylonToolbar_i.hardId", "ca8fa289000000000000485d60cef9db");
user_pref("extensions.BabylonToolbar_i.instlDay", "15396");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:12:41");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110000");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
---- Lines mixidj removed from prefs.js ----
user_pref("extensions.mixidj.admin", false);
user_pref("extensions.mixidj.aflt", "babsst");
user_pref("extensions.mixidj.appId", "{A2773ED4-83BD-488A-A186-73590706C916}");
user_pref("extensions.mixidj.autoRvrt", "false");
user_pref("extensions.mixidj.dfltLng", "en");
user_pref("extensions.mixidj.excTlbr", false);
user_pref("extensions.mixidj.ffxUnstlRst", false);
user_pref("extensions.mixidj.id", "ca8fa2890000000000006c626ded79ac");
user_pref("extensions.mixidj.instlDay", "15838");
user_pref("extensions.mixidj.instlRef", "sst");
user_pref("extensions.mixidj.newTab", false);
user_pref("extensions.mixidj.prdct", "mixidj");
user_pref("extensions.mixidj.prtnrId", "mixidj");
user_pref("extensions.mixidj.rvrt", "false");
user_pref("extensions.mixidj.smplGrp", "none");
user_pref("extensions.mixidj.tlbrId", "mdelta");
user_pref("extensions.mixidj.tlbrSrchUrl", "");
user_pref("extensions.mixidj.vrsn", "1.8.18.8");
user_pref("extensions.mixidj.vrsni", "1.8.18.8");
user_pref("extensions.mixidj.vrsnTs", "1.8.18.815:35:47");
---- Lines mixidj removed from user.js ----
user_pref("extensions.mixidj.tlbrSrchUrl", "");
user_pref("extensions.mixidj.id", "ca8fa2890000000000006c626ded79ac");
user_pref("extensions.mixidj.appId", "{A2773ED4-83BD-488A-A186-73590706C916}");
user_pref("extensions.mixidj.instlDay", "15838");
user_pref("extensions.mixidj.vrsn", "1.8.18.8");
user_pref("extensions.mixidj.vrsni", "1.8.18.8");
user_pref("extensions.mixidj.vrsnTs", "1.8.18.815:35:47");
user_pref("extensions.mixidj.prtnrId", "mixidj");
user_pref("extensions.mixidj.prdct", "mixidj");
user_pref("extensions.mixidj.aflt", "babsst");
user_pref("extensions.mixidj.smplGrp", "none");
user_pref("extensions.mixidj.tlbrId", "mdelta");
user_pref("extensions.mixidj.instlRef", "sst");
user_pref("extensions.mixidj.dfltLng", "en");
user_pref("extensions.mixidj.excTlbr", false);
user_pref("extensions.mixidj.ffxUnstlRst", false);
user_pref("extensions.mixidj.admin", false);
user_pref("extensions.mixidj.autoRvrt", "false");
user_pref("extensions.mixidj.rvrt", "false");
user_pref("extensions.mixidj.newTab", false);
---- Lines defaulttab modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program
---- FireFox user.js and prefs.js backups ----
user_20141901_2314_.backup
prefs_20141901_2314_.backup
ProfilePath: C:\Users\surfen\AppData\Roaming\Mozilla\Firefox\Profiles\96idjp0f.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141901_2314_.backup
ProfilePath: C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\4qnbmwwj.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141901_2314_.backup
==== Deleting Files \ Folders ======================
C:\Windows\SysNative\tasks\BitGuard deleted
C:\Windows\SysNative\tasks\DealPly deleted
C:\Windows\SysNative\tasks\DealPlyUpdate deleted
C:\Windows\SysNative\tasks\EPUpdater deleted
C:\PROGRA~2\Mozilla Firefox\searchplugins\babylon.xml deleted
C:\PROGRA~2\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted
C:\PROGRA~2\mixidj deleted
C:\PROGRA~2\OApps deleted
C:\PROGRA~2\Complitly deleted
C:\found.000 deleted
C:\Users\Philip\AppData\Roaming\Complitly deleted
C:\ProgramData\bwl388l.zvv deleted
C:\ProgramData\bwl388l.fee deleted
C:\ProgramData\bwl388l.odd deleted
C:\ProgramData\j1vwlqmq.odd deleted
C:\ProgramData\zj8z7tx13.odd deleted
C:\ProgramData\Partner deleted
C:\Users\Philip\AppData\Local\avgchrome deleted
C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda deleted
C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard deleted
C:\Users\Philip\Downloads\DLink_Bundle_3_6_0_DP_1_5_3_20131203.zip deleted
C:\Users\Philip\Downloads\SoftonicDownloader_for_pc-wizard.exe deleted
C:\Users\Philip\AppData\LocalLow\mixidj deleted
C:\Users\Philip\AppData\LocalLow\AVG Security Toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\user.js deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\bProtector_extensions.sqlite deleted
C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\bprotector_prefs.js deleted
"C:\ProgramData\bunpeovnhfnhwig" deleted
"C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\extensions\addon@defaulttab.com.xpi" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []
==== Firefox Extensions ======================
ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default
- Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi
- Password Exporter - %ProfilePath%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
- Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Philip\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
AC47B55B38D626B678897F195793ECAB - C:\windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dlfienamagdnkekbbbocojppncdambda - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx[]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]
kdidombaedgpfiiedeimiebkmbilgmlc - C:\Program Files (x86)\DefaultTab\DefaultTab.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]
Select Links App - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blfhfbphkcpnkoljmeabehhbhcpmoajl
MixiDJ Toolbar - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
DealPly - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
DefaultTab - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
==== Chrome Fix ======================
C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage deleted successfully
C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blfhfbphkcpnkoljmeabehhbhcpmoajl deleted successfully
C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp deleted successfully
C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_boipimhfjpakfgckhbljjengakjhkcbp_0.localstorage deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.aldi.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://mixidj.delta-search.com/?affID=121136&tt=gc_&babsrc=NT_ss&mntrId=CA8F6C626DED79AC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://mixidj.delta-search.com/?affID=121136&tt=gc_&babsrc=NT_ss&mntrId=CA8F6C626DED79AC"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{62F865E4-10D7-495F-9E75-4713A12AE869} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE"
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive 9 application deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Philip\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\surfen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGB0VUCP will be deleted at reboot
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\surfen\AppData\Local\Mozilla\Firefox\Profiles\96idjp0f.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=414 folders=106 117693714 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\surfen\AppData\Local\Temp emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Philip\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Philip\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGB0VUCP" not found
==== EOF on zo 19/01/2014 at 23:20:52,18 ======================
bedankt
-
Hoi
krijg nu een melding in verband met een onbekende dll file nl 0537.dll , mag ik die wissen
-
hoi
ik wil mijn admin account dupliceren maar zonder de administrator rechten.
kan dit of moet ik alles opnieuw instellen?
groeten
philip
-
Nogmaals bedankt voor de hulp
-
hier het logje
Zoek.exe v5.0.0.0 Updated 18-Januari-2014
Tool run by Philip on zo 19/01/2014 at 18:21:58,09.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Philip\Desktop\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
19/01/2014 18:36:10 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Activation deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\ProgramData\Babylon deleted successfully
C:\ProgramData\CanonEPP deleted successfully
C:\ProgramData\CanonIJEPPEX2 deleted successfully
C:\ProgramData\Karen's Power Tools deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\Users\Philip\AppData\Roaming\DefaultTab deleted successfully
C:\Users\Philip\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Philip\AppData\Roaming\Software Inspection Library deleted successfully
C:\Users\Philip\AppData\Roaming\TP deleted successfully
C:\Users\surfen\AppData\Local\VirtualStore deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avqrvmmg deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avqrvmmg deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ekjuykfo deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ekjuykfo deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eppskxwu deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eppskxwu deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fxaswngm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fxaswngm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzrapzyj deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gzrapzyj deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hjskxrqe deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hjskxrqe deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hqbtcxge deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hqbtcxge deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\knlwebnz deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\knlwebnz deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpvqibpo deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mpvqibpo deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\odssfeow deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\odssfeow deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\skowexij deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\skowexij deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
==== Deleting Files \ Folders ======================
C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\extensions\2020Player_IKEA@2020Technologies.com deleted
C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\extensions\staged deleted
C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} deleted
"C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\babylon.xml" deleted
"C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\BrowserProtect.xml" deleted
"C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\imdb.xml" deleted
"C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\mixidj.xml" deleted
"C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\search-here.xml" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Philip\AppData\Local\Temp ====
2014-01-18 18:49:44 BCD9E4D7900D2DF19B809D8C719392C7 230400 ----a-w- C:\Users\Philip\AppData\Local\Temp\0537.dll
====== Java Cache =====
2014-01-19 17:11:30 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-14ef6ee7
2014-01-19 17:11:23 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-215db979
2014-01-19 17:11:23 BF484809E8F0F8BD45EBAA9AD4A936B0 99 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap
2014-01-19 17:11:22 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-327e0305
2014-01-19 17:11:24 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-5249971a
2014-01-15 21:20:47 73DACBBEB0B19E64C801466CF3301CBC 25715 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3482e945-17280543
2014-01-19 17:23:18 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-3a11c8f2
====== C:\Windows\SysWOW64 =====
2014-01-19 17:09:39 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-01-19 17:09:31 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-01-19 17:09:31 A7871E39687EC6EE9712209DAE248B3A 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 17:09:31 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Windows\SysWOW64\java.exe
2014-01-12 15:39:56 FC26D3B40C5E612FE925CDEE31ECED09 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll
2014-01-12 15:39:56 4716E04E53A988B9745B227B51CBF134 295424 ----a-w- C:\Windows\SysWOW64\atmfd.dll
2014-01-12 15:36:03 97CCB4D737B426B200E5EF90C877DF32 158720 ----a-w- C:\Windows\SysWOW64\imagehlp.dll
2014-01-12 15:36:02 AFF03EAADAB9BE41A98B76332B980283 5120 ----a-w- C:\Windows\SysWOW64\wmi.dll
2014-01-12 15:33:05 662398B18EE2A910265630893AD09B1B 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll
2014-01-12 15:32:47 DD670B01D42CCC61232320E120B62033 492032 ----a-w- C:\Windows\SysWOW64\win32spl.dll
2014-01-12 15:32:45 056B0E466AD1C99D9892F9C7DD4A8449 541184 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2014-01-12 15:32:42 30EFF24123E5A2A24F2308DDBCFB633C 78336 ----a-w- C:\Windows\SysWOW64\synceng.dll
2014-01-12 15:32:36 5ABB67F8CA088F32F8BF1A81F1C82EA9 6032384 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-01-12 15:32:32 61B689EF11BC48F230C69A4BC49C57DA 2077184 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-01-12 15:32:31 A5A2C690C2B9417D79998EBB1C782564 11019776 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-01-12 15:32:28 6257FAEB361E9069AEBCBB87CB8811AA 627200 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-01-12 15:32:28 4B11E69A3AD8CA55193565F824FC3747 1230848 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-01-12 15:32:27 FD2069827C3DBB1F16A313A2F0EBC2C2 606208 ----a-w- C:\Windows\SysWOW64\mstime.dll
2014-01-12 15:32:26 6A02CB2EDC24630845D11B507952141A 981504 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-01-12 15:32:25 99103984D22678A16D8A53B7CCA0958E 381440 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-01-12 15:32:24 D314EACECB5C89C834DC071AD5C0CC6D 132096 ----a-w- C:\Windows\SysWOW64\url.dll
2014-01-12 15:32:24 BFB6DB1B3E161C83258DB02A86B709DC 185856 ----a-w- C:\Windows\SysWOW64\iepeers.dll
2014-01-12 15:32:24 B90716F11E4AE892E19C2A68CB764404 44544 ----a-w- C:\Windows\SysWOW64\licmgr10.dll
2014-01-12 15:32:24 9215A667742ADACAA656EBEF06F7EDA3 386048 ----a-w- C:\Windows\SysWOW64\html.iec
2014-01-12 15:32:24 8A2C077BEF0D7EDF8B47A81C209C439F 67584 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-01-12 15:32:24 616F3B69DE4E2F70A45437A85E9D7DD2 64512 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-12 15:32:24 611AFD393D035580C015065D990C8740 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-01-12 15:32:23 4E201C980E43A49224123D42BACFC595 1638912 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-01-12 15:32:23 3BB1D5DFC245245F4C60A9574F66C303 12800 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe
2014-01-12 15:32:23 0F6DDF69657EAA26A8A533B5227BF8F7 48128 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-01-12 15:32:20 6E26AABE8342B18A9215CC71039AD7B4 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2014-01-12 15:32:19 958D942D273AD5AA72A6CBC503183E02 660 ----a-w- C:\Windows\SysWOW64\sys32dlkb.dll
2014-01-12 15:32:19 8C4917F8945D888E54542B720CD929F7 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2014-01-12 15:32:19 7E4E5B7B5015BE9963E92E1D7325F4A2 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2014-01-12 15:32:19 68E0354B7CFEA7D617B17F4473723260 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2014-01-12 15:32:19 385BE92E3106491BBB542F8F1C06C606 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2014-01-12 15:32:19 11BFDDA19C92775C515F61353180E027 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2014-01-12 15:32:17 FE2EA676F981AAEB1E552557B56635D7 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2014-01-12 15:32:10 E6CBA5A625E1AC65261D97809CE03B51 36864 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2014-01-12 15:32:10 DE8EF41911A07E14EB8C89599743FB81 2691072 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2014-01-12 15:32:10 BE6866F36C4BF3296FC117F56376F031 131072 ----a-w- C:\Windows\SysWOW64\aaclient.dll
2014-01-12 15:32:08 35C0FF8D1999D1B32F6FEB2FBC976F18 376832 ----a-w- C:\Windows\SysWOW64\dpnet.dll
2014-01-12 15:32:07 2A089E7AB1C81D9D2EF5CE9554DB97BB 1388544 ----a-w- C:\Windows\SysWOW64\msxml6.dll
2014-01-12 15:32:06 462400256655B8DAE8DD8E33720481AF 1236992 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2014-01-12 15:31:43 5BBF32865EB3D66988C6E06834EC2675 219136 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2014-01-12 15:31:43 334A663962618F7A136FA1F80F773C5F 172544 ----a-w- C:\Windows\SysWOW64\wintrust.dll
2014-01-12 15:31:41 B02D4E4A4EBEF9E33488969DF6E9BC22 3958120 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2014-01-12 15:31:40 D1751CB2E03D7F57AC04C702D02974AC 3902312 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2014-01-12 15:31:40 8BCE0FBF28C2C6AEE2BB58505D345373 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll
2014-01-12 15:30:45 7DA089C75B1E92032D0CBE4ADE7C32BC 1157632 ----a-w- C:\Windows\SysWOW64\crypt32.dll
2014-01-12 15:30:43 F2FDE6C8DBAAD44CC58D1E07E4AF4EED 139264 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll
2014-01-12 15:30:43 1F778C34C751E1B585E4FC66659BA904 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-01-12 15:39:56 94094E8FE42319471D3845485EEA66FF 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll
2014-01-12 15:39:56 778D7DFD114A300E79496291FDB9169F 367616 ----a-w- C:\Windows\Sysnative\atmfd.dll
2014-01-12 15:36:03 15A54626213EBF003F7D4C9D8380A656 80896 ----a-w- C:\Windows\Sysnative\imagehlp.dll
2014-01-12 15:36:02 76DC9F4FE66BC3867615F142766B4C50 5120 ----a-w- C:\Windows\Sysnative\wmi.dll
2014-01-12 15:33:05 29C9C38E15F775C94FE0D53CBBAE958E 2048 ----a-w- C:\Windows\Sysnative\tzres.dll
2014-01-12 15:32:47 ABB515748212F8B5D3A9B07041E97B32 751104 ----a-w- C:\Windows\Sysnative\win32spl.dll
2014-01-12 15:32:45 00B40A10E3DB79E4D3E127B9C2233A6B 714752 ----a-w- C:\Windows\Sysnative\kerberos.dll
2014-01-12 15:32:42 288D1B3F5D094BBE05F9BD19FAA0C2B9 95744 ----a-w- C:\Windows\Sysnative\synceng.dll
2014-01-12 15:32:37 633B37E7AB84DF5E0A95173A9C33938F 9377280 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-01-12 15:32:34 C640993D91902D7E05037A134409C205 12405760 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-01-12 15:32:33 DE84BB2286490E260C2294D56C41B80A 2463744 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-01-12 15:32:29 C6D1280AE74CE2E4C30A775429DC655E 1026560 ----a-w- C:\Windows\Sysnative\mstime.dll
2014-01-12 15:32:29 2874307E9E3BCFDED87A000D30B0E59C 1499648 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-01-12 15:32:29 01B0D00A22BDE028490686E562EE66FA 735744 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-01-12 15:32:27 8523338F749AC8C5300C125BC4B08275 1198080 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-01-12 15:32:25 0C8C6E188253785B0F8FDFA9FD2CAE4F 445952 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-01-12 15:32:24 DE9E43A8CC5A0831059D17499D593A33 482816 ----a-w- C:\Windows\Sysnative\html.iec
2014-01-12 15:32:24 9E9292E72C43EE4BC98E2EB2D244C7A2 57856 ----a-w- C:\Windows\Sysnative\licmgr10.dll
2014-01-12 15:32:24 48692821373CBA186635EEADA4F4C8C7 97792 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-01-12 15:32:24 40DA358B673B476E2F741D5606F3EB80 82944 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll
2014-01-12 15:32:24 352BA603FBF4720287C5DA8E83EE2830 134144 ----a-w- C:\Windows\Sysnative\url.dll
2014-01-12 15:32:24 34C095BAC39B3F20DEC8E329C03A1A23 256000 ----a-w- C:\Windows\Sysnative\iepeers.dll
2014-01-12 15:32:23 71EE6C5D68E0E07BDB3D5C04F36645DF 12288 ----a-w- C:\Windows\Sysnative\msfeedssync.exe
2014-01-12 15:32:23 3651766F456E5707C3239DEC35ED1DC8 247808 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-01-12 15:32:23 2D75189BFB44F201AF815F9B707A186D 64512 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-01-12 15:32:23 1EBB980D67EFF953B9A230EDB3FFA615 1638912 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-01-12 15:32:21 C5097B45DE21ADF2469B69DFC64DCE55 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2014-01-12 15:32:21 865C5A432F2855F0669DCE66547CC237 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2014-01-12 15:32:21 43DB3433F141F01E53D1C5AA0F434098 1161216 ----a-w- C:\Windows\Sysnative\kernel32.dll
2014-01-12 15:32:20 7EB88F63D424832B774E24458DCE2049 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2014-01-12 15:32:20 3FB74FF230B5D240A57AE1C4A3D0459D 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2014-01-12 15:32:19 3CEE7783176FA7BED592E4C14BDE241E 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2014-01-12 15:32:19 28C7B5FB4C0E8F8289B6490C90B73256 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2014-01-12 15:32:19 0060718115F3590EACEB860DFFE95A0C 243200 ----a-w- C:\Windows\Sysnative\wow64.dll
2014-01-12 15:32:11 4D76442C1A0D4396DE472D7D51264A31 3138048 ----a-w- C:\Windows\Sysnative\mstscax.dll
2014-01-12 15:32:10 D89910C60DC519E5E9905131E2D4249C 158208 ----a-w- C:\Windows\Sysnative\aaclient.dll
2014-01-12 15:32:10 CB3271A6DC3A5EAD97052133FA4D5CD3 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2014-01-12 15:32:08 7C02AD2F4BEF1D5C51CB9B402AB3603F 2001408 ----a-w- C:\Windows\Sysnative\msxml6.dll
2014-01-12 15:32:08 20208A6B30D214D94280D189891D2C20 478208 ----a-w- C:\Windows\Sysnative\dpnet.dll
2014-01-12 15:32:07 61B2873C02ECBF86CD6455A40F24CE33 1880064 ----a-w- C:\Windows\Sysnative\msxml3.dll
2014-01-12 15:31:44 15CFE2E15703D323D2FE2F0CF6F0C99E 3150848 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-01-12 15:31:43 E2D60E901428A72BB47931C938A1ED95 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2014-01-12 15:31:42 987508ED06FC097E754A91BA8A8AAD0E 220160 ----a-w- C:\Windows\Sysnative\wintrust.dll
2014-01-12 15:31:41 EF1D47835019186DB5E34C52571A6539 5497688 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2014-01-12 15:31:40 FA64733BD65F52712F0545F56FDB4BE6 112640 ----a-w- C:\Windows\Sysnative\smss.exe
2014-01-12 15:31:40 48C41EE4E694E72235CBC57551A239EF 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll
2014-01-12 15:30:45 D256EB74BF77026FC9A3D7193861C7AD 1462784 ----a-w- C:\Windows\Sysnative\crypt32.dll
2014-01-12 15:30:44 BAF19B633933A9FB4883D27D66C39E9A 182272 ----a-w- C:\Windows\Sysnative\cryptsvc.dll
2014-01-12 15:30:43 4FAC55936209B4F3EB78532181C9ED5E 140288 ----a-w- C:\Windows\Sysnative\cryptnet.dll
====== C:\Windows\Sysnative\drivers =====
2014-01-12 15:36:03 D3E3F93D67821A2DB2B3D9FAC2DC2064 22896 ----a-w- C:\Windows\Sysnative\drivers\fs_rec.sys
2014-01-12 15:32:46 5CFB7AB8F9524D1A1E14369DE63B83CC 1893224 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2014-01-12 15:32:46 2FFDCD3E5ABAC88C3C193F3AC3360ED9 287576 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2014-01-12 15:32:45 9A6089B056EA1B83B36424FC9D0A300E 1653096 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2014-01-12 15:32:44 EF45DCE7B2BED36C566EAC743EAE66A4 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys
2014-01-12 15:32:43 9E425AC5C9A5A973273D169F43B4F5E1 295792 ----a-w- C:\Windows\Sysnative\drivers\volsnap.sys
====== C:\Windows\Tasks ======
2014-01-02 14:20:02 D3FE977CA3E039E3D91AD7DA1F27928F 3542 ----a-w- C:\Windows\Sysnative\Tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001Core
2014-01-02 14:20:02 C8368422A1B10C6A5984C948128CC6BB 3910 ----a-w- C:\Windows\Sysnative\Tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001UA
2014-01-02 14:20:02 9DE8A657C020964115DD542B0F8D40AE 910 ----a-w- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001Core.job
2014-01-02 14:20:02 0B70ECE099D58DBAEC48D189D97AE28D 932 ----a-w- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001UA.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-01-19 11:23:56 -------- d-----w- C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-01-19 17:10:13 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-01-15 18:57:05 -------- d-----w- C:\PROGRA~2\D-Link
======= C: =====
====== C:\Users\Philip\AppData\Roaming ======
2014-01-19 11:51:14 -------- d-----w- C:\Users\Philip\AppData\Local\ElevatedDiagnostics
2014-01-18 21:58:19 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Mozilla
2014-01-18 21:58:19 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Mozilla
2014-01-18 18:55:35 1C5AD0EEBA823A4D9F166EBA59D2CF79 68920 ----a-w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-18 18:55:32 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Intel Corporation
2014-01-18 18:55:17 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Canon
2014-01-18 18:55:15 2D611B44D6E1F0B0CE4DC0E7E4B14D0C 68920 ----a-w- C:\Windows\SysNative\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-18 18:55:15 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Power2Go
2014-01-18 18:55:05 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-18 18:55:02 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp
2014-01-18 18:55:01 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-01-18 18:55:01 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-18 18:54:44 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Identities
2014-01-18 18:54:40 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp
2014-01-15 19:39:34 -------- d-----w- C:\Users\Philip\AppData\Roaming\DlinkViewCam
2014-01-14 21:55:19 -------- d-----w- C:\Users\surfen\AppData\Roaming\Intel Corporation
2014-01-14 21:55:16 97CBBA0AD9E5CC00D108B1DAF4FB6E21 68920 ----a-w- C:\Users\surfen\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-14 21:55:16 -------- d-----w- C:\Users\surfen\AppData\Roaming\Canon
2014-01-14 21:55:16 -------- d-----w- C:\Users\surfen\AppData\Roaming\Apple Computer
2014-01-14 21:55:15 -------- d-----w- C:\Users\surfen\AppData\Local\Power2Go
2014-01-14 21:55:03 -------- d-----w- C:\Users\surfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-01-14 21:55:02 -------- d-----r- C:\Users\surfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-14 21:55:02 -------- d-----r- C:\Users\surfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-14 21:54:55 -------- d-s---w- C:\Users\surfen\AppData\Locallow\Microsoft
2014-01-14 21:54:54 -------- d-----w- C:\Users\surfen\AppData\Roaming\Identities
2014-01-14 21:54:44 -------- d-s---w- C:\Users\surfen\AppData\Roaming\Microsoft
2014-01-14 21:54:44 -------- d-----w- C:\Users\surfen\AppData\Roaming\Media Center Programs
2014-01-14 21:54:44 -------- d-----w- C:\Users\surfen\AppData\Local\Temp
2014-01-14 21:54:44 -------- d-----w- C:\Users\surfen\AppData\Local\Microsoft
2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-02 14:19:57 -------- d-----w- C:\Users\Philip\AppData\Local\Facebook
====== C:\Users\Philip ======
2014-01-19 17:09:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-01-19 17:07:35 D6A3D61864E8F9565550548865D7522C 921000 ----a-w- C:\Users\Philip\Downloads\jxpiinstall(1).exe
2014-01-19 12:36:55 D6A3D61864E8F9565550548865D7522C 921000 ----a-w- C:\Users\Philip\Downloads\jxpiinstall.exe
2014-01-19 11:22:43 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Philip\Downloads\RSITx64.exe
2014-01-18 22:42:27 4D86CDAA75E9F14EC50A844727AD17CA 4649312 ----a-w- C:\Users\Philip\Downloads\ccsetup409pro.exe
2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Videos
2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Pictures
2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Music
2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Favorites
2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Downloads
2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Documents
2014-01-18 18:54:40 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Favorites
2014-01-18 18:54:09 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Desktop
2014-01-18 18:49:53 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\ProgramData\zj8z7tx13.odd
2014-01-15 19:44:15 5D2362364C3B5F726092572463465932 10521720 ----a-w- C:\Users\Philip\Downloads\autorun.exe
2014-01-15 18:59:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link D-ViewCam
2014-01-14 21:55:02 -------- d-----r- C:\Users\surfen\Searches
2014-01-14 21:54:53 -------- d-----r- C:\Users\surfen\Contacts
2014-01-14 21:54:46 DA7CB217632122795E20393309FA5FD6 914 --sha-r- C:\Users\surfen\ntuser.pol
2014-01-14 21:54:45 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\surfen\ntuser.ini
2014-01-14 21:54:44 -------- d--h--w- C:\Users\surfen\AppData
2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Videos
2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Saved Games
2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Pictures
2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Music
2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Links
2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Favorites
2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Downloads
2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Documents
2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Desktop
2014-01-14 21:31:38 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\ProgramData\j1vwlqmq.odd
2014-01-09 18:38:05 -------- d-----w- C:\Users\Philip\garantiebonnen
2013-12-26 18:48:49 7B00B33DCF1C15ABA0AD4CC15CE8A4F9 61024 ----atw- C:\ProgramData\bwl388l.zvv
2013-12-26 18:48:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\ProgramData\bwl388l.odd
2013-12-26 18:48:47 72FD41C0FEB1C06F2A69D3E5F23D3B6B 12600 ----a-w- C:\ProgramData\bwl388l.fee
====== C: exe-files ==
2014-01-19 17:09:11 C422AF851B98378A39B51D99FE707E64 146344 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
2014-01-19 17:09:11 0E37C7C174521E16CEA0A6BC46F03BCD 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe
2014-01-19 17:09:10 F4BA3A5D5FDE0A321CD7C4A74749CE5B 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe
2014-01-19 17:09:10 EBAB810C999D8C31F0D5D8B28B3EEDD1 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe
2014-01-19 17:09:10 ACA236A716C2291E40ED069F2CBB3D35 49064 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe
2014-01-19 17:09:10 6E2BECF6E17FF8DC850C058A38A50C4F 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe
2014-01-19 17:09:10 6E1B0EEBF3D1CC7ECF4104E1473900FF 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe
2014-01-19 17:09:10 397A6EA17BB97800939DE44D7BFEEC04 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe
2014-01-19 17:09:10 18BC25C50200C3DD4E67611D2467DAA2 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe
2014-01-19 17:09:09 ED1F5F1906F8D963612A4831CDB331D6 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe
2014-01-19 17:09:09 B9436A665A8621073A12338B16D7BFD4 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
2014-01-19 17:09:09 A8F2A6D5782AA0166D8367FF674DDF77 52648 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
2014-01-19 17:09:09 762E372DCFDAE32FAE52C1A50A0029C2 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe
2014-01-19 17:09:09 6EEAD2C8A5CAC1F0F2066ABD77BA9092 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe
2014-01-19 17:09:09 49A5F3169A23C00F9F2023DFE04D7AF6 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe
2014-01-19 17:09:08 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
2014-01-19 17:09:08 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe
2014-01-19 17:09:07 FBC27FD8E76C53E6E8066944BBE2BF73 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe
2014-01-19 17:09:07 E9BFEA5B2F3F7598DA990F9728768790 66984 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
2014-01-19 17:09:07 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe
2014-01-19 17:09:07 5877E6618DA03EE8E7A869F57EE6ACE5 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe
2014-01-19 11:23:56 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Philip.exe
2014-01-17 17:39:10 1D0A1FF655C6CF2EA2DE4FB6AA8246AD 9046696 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.76\32.0.1700.76_31.0.1650.63_chrome_updater.exe
2014-01-15 18:58:54 61DFE2BF15A8AEB9821EFE009DD16241 811672 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{D54D4A22-4382-4485-92DF-00C39F123E87}\setup.exe
2014-01-15 18:58:35 6234AED1D68CB92BBFE0F5D3B2B73521 2415688 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\Verification.exe
2014-01-15 18:58:28 F5C93A435CD9E78B7B110213A340093C 4262984 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\LiveView.exe
2014-01-15 18:58:17 5C2429EF10F69756E022055EBC6A708C 4103240 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\Playback.exe
2014-01-15 18:57:49 5C82BE7AD1775B67916EE19C15B99331 2723264 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\www\vcredist_x86.exe
2014-01-15 18:57:47 5C82BE7AD1775B67916EE19C15B99331 2723264 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\vcredist_x86.exe
2014-01-15 18:57:16 58CBC79FBB5C0C59A9D2AA059E3F7197 6656 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\WindowClose.exe
2014-01-15 18:57:13 79C8567E71C404E82815ECBE1202149D 363592 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\RmtDskServer.exe
2014-01-15 18:57:08 896DA6A0EA9EDDA49049FBE19B3FFE9B 10677320 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.exe
2014-01-15 18:57:07 F5A71CFF05EEBD72632B8D7648CBB0C2 420936 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\DBConv.exe
2014-01-15 18:57:07 848976EC020110C64141913804344706 2100296 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\DBTools.exe
2014-01-15 18:57:07 3D8D36E32EB0BF9AA5BF63C86B0D72A6 3247176 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\Backup.exe
2014-01-15 18:57:04 05AF1104D5727402AE038B715D244919 811672 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{440E9F90-0619-4E84-8226-65AD5073AD24}\setup.exe
=== C: other files ==
2014-01-19 17:09:11 863EB6802B1C3B7630290871599BE0BD 18636 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip
2014-01-15 20:59:37 9AFB4B536B9B9FF57781A698955B70F6 3686714 ----a-w- C:\Users\Philip\Downloads\dcs930l_v109_b2.zip
2014-01-15 19:43:06 7406D435B8504C4828558A9896051324 107406188 ----a-w- C:\Users\Philip\Downloads\DLink_Bundle_3_6_0_DP_1_5_3_20131203.zip
2014-01-15 18:58:24 4FC235F47D65F1BDAC351FC5D51837B7 11549986 ----a-w- C:\Users\Philip\Desktop\Setup_wizard_930L_v1.04.07\Setup_wizard_930L_v1.04.07.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2255611087-1238972643-2999816019-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"OV2_Monitor"="C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Facebook Update"="C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
"beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"="C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.exe RunWithWindows"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"OV2_Monitor"="C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Facebook Update"="C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MacDrive 9 application]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MacDrive 9 application"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Mediafour\\MacDrive 9\\MacDrive.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Philip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3 .lnk]
"item"="OpenOffice.org 3.3 "
"path"="C:\\Users\\Philip\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.3 .lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.3 .lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\OPENOF~1.ORG\\program\\QUICKS~1.EXE"
==== Startup Folders ======================
2012-11-28 20:53:58 1243 ----a-w- C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001Core.job --a------ C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe [02/01/2014 15:19]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001UA.job --a------ C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe [02/01/2014 15:19]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/03/2011 19:33]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/03/2011 19:33]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\BitGuard" [C:\Windows\system32\sc.exe start BitGuard]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\DealPly" [C:\Users\Philip\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\SysNative\tasks\DealPlyUpdate" ["C:\Program Files (x86)\DealPly\DealPlyUpdate.exe"]
"C:\Windows\SysNative\tasks\EPUpdater" [C:\Users\Philip\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001Core" [C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001UA" [C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []
==== Firefox Extensions ======================
ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default
- Default Tab - %ProfilePath%\extensions\addon@defaulttab.com.xpi
- Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi
- Password Exporter - %ProfilePath%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
- Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Philip\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
AC47B55B38D626B678897F195793ECAB - C:\windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dlfienamagdnkekbbbocojppncdambda - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx[21/02/2012 04:27]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]
kdidombaedgpfiiedeimiebkmbilgmlc - C:\Program Files (x86)\DefaultTab\DefaultTab.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]
Select Links App - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blfhfbphkcpnkoljmeabehhbhcpmoajl
MixiDJ Toolbar - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
Complitly plugin for chrome - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
DealPly - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
DefaultTab - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== C:\zoek_backup content ======================
C:\zoek_backup (files=117 folders=43 3057084 bytes)
==== EOF on zo 19/01/2014 at 18:46:34,43 ======================
-
Hoi
Ik weet niet of het uitmaakt of ik dit in safe mode of normale mode doe
-
hier het info log
info.txt logfile of random's system information tool 1.09 2014-01-19 12:23:59
======Uninstall list======
-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
-->MsiExec.exe /I{27735B09-9EFE-419F-A377-10AA8111C30A}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Active@ KillDisk-->"C:\Program Files (x86)\InstallShield Installation Information\{7A5E940E-017E-47F8-9D0D-62D49C8D18ED}\setup.exe" -runfromtemp -l0x0009 -removeonly
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -maintain plugin
Adobe Reader XI - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AB0000000001}
Adobe Shockwave Player 11.5-->"C:\windows\system32\Adobe\Shockwave 11\uninstaller.exe"
ALDI Bestelsoftware-->"C:\Program Files (x86)\ALDI\ALDI Bestelsoftware\uninstall.exe"
Any Video Converter 3.5.7-->"C:\Program Files (x86)\AnvSoft\Any Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{46F044A5-CE8B-4196-984E-5BD6525E361D}
Apple Mobile Device Support-->MsiExec.exe /I{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}
Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66}
Ashampoo Burning Studio-->"C:\Program Files (x86)\Medion MediaPack\Ashampoo Burning Studio\unins000.exe"
Ashampoo Photo Commander-->"C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\unins000.exe"
Ashampoo Photo Optimizer-->"C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\unins000.exe"
Ashampoo Snap-->"C:\Program Files (x86)\Medion MediaPack\Ashampoo Snap\unins000.exe"
Belgium e-ID middleware 3.5.6 (build 6954)-->MsiExec.exe /I{824563DE-75AD-4166-9DC0-B6482F206954}
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Canon Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Easy-WebPrint EX-->"C:\Program Files (x86)\Canon\Easy-WebPrint EX\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\Easy-WebPrint EX\uninst.ini
Canon MG5300 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\DELDRV64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series /L0x0013
Canon MG5300 series On-screen Manual-->C:\Program Files (x86)\Canon\IJ Manual\Canon MG5300 series\uninstall.exe
Canon MP Navigator EX 5.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 5.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 5.0\uninst.ini
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Solution Menu EX-->"C:\Program Files (x86)\Canon\Solution Menu EX\uninst.exe" /UninstallRemove C:\Program Files (x86)\Canon\Solution Menu EX\uninst.ini
Castle Link-->MsiExec.exe /X{71536DEA-31B8-4728-80C2-9F7B360FA017}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDisplayEx 1.8-->"C:\Program Files (x86)\CDisplayEx\unins000.exe"
Complitly-->"C:\Program Files (x86)\Complitly\unins000.exe"
Control ActiveX de Windows Live Mesh para conexiones remotas-->MsiExec.exe /I{04668DF2-D32F-4555-9C7E-35523DCD6544}
Contrôle ActiveX Windows Live Mesh pour connexions à distance-->MsiExec.exe /I{55D003F4-9599-44BF-BA9E-95D060730DD3}
Controlo ActiveX do Windows Live Mesh para Ligações Remotas-->MsiExec.exe /I{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}
Corel Shell Extension - 64Bit-->MsiExec.exe /I{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}
CorelDRAW Essentials 4 - Content-->MsiExec.exe /I{19AC095C-3520-4999-AA15-93B6D0248A50}
CorelDRAW Essentials 4 - Draw-->MsiExec.exe /I{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}
CorelDRAW Essentials 4 - Filters-->MsiExec.exe /I{F16841F6-5F0F-4DBE-B318-63CEB916F21D}
CorelDRAW Essentials 4 - ICA-->MsiExec.exe /I{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}
CorelDRAW Essentials 4 - IPM - No VBA-->MsiExec.exe /I{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}
CorelDRAW Essentials 4 - Lang BR-->MsiExec.exe /I{ABD8B955-1C69-4AF3-949B-13CD587C175F}
CorelDRAW Essentials 4 - Lang DE-->MsiExec.exe /I{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}
CorelDRAW Essentials 4 - Lang EN-->MsiExec.exe /I{34A9406E-1994-4C20-AC72-04CFA2B24545}
CorelDRAW Essentials 4 - Lang ES-->MsiExec.exe /I{C682F3F0-00A6-4379-B083-4F3273624D7B}
CorelDRAW Essentials 4 - Lang FR-->MsiExec.exe /I{BA9319FE-BCEF-4C99-8039-F464648D046E}
CorelDRAW Essentials 4 - Lang IT-->MsiExec.exe /I{3576C335-958D-4D60-A812-F68F9A2796AF}
CorelDRAW Essentials 4 - Lang NL-->MsiExec.exe /I{5500BB35-1C21-4328-9F16-F894B860FADE}
CorelDRAW Essentials 4 - PHOTO-PAINT-->MsiExec.exe /I{07B62101-7EBD-434A-94B1-B38063BE5516}
CorelDRAW Essentials 4 - Windows Shell Extension-->c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\Uninst_CDE4.exe
CorelDRAW Essentials 4 - Windows Shell Extension-->MsiExec.exe /X{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}
CorelDRAW Essentials 4-->c:\Program Files (x86)\Corel\CorelDRAW Essentials 4\Setup\SetupARP.exe /arp
CorelDRAW Essentials 4-->MsiExec.exe /I{9043B9A0-9505-405B-8202-E7167A38A89C}
CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
CyberLink PowerDVD Copy-->"C:\Program Files (x86)\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe" /z-uninstall
CyberLink PowerDVD Copy-->"C:\Program Files (x86)\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Device Pack-->"C:\Program Files (x86)\InstallShield Installation Information\{D54D4A22-4382-4485-92DF-00C39F123E87}\setup.exe" -runfromtemp -l0x0409 -removeonly
D-Link D-ViewCam-->"C:\Program Files (x86)\InstallShield Installation Information\{440E9F90-0619-4E84-8226-65AD5073AD24}\setup.exe" -runfromtemp -l0x0413 -removeonly
Easy Watermark Studio-->"C:\Program Files (x86)\Easy Watermark Studio\Uninstall\uninstall.exe" "/U:C:\Program Files (x86)\Easy Watermark Studio\Uninstall\uninstall.xml"
EPS Viewer-->"C:\Program Files (x86)\EPSViewer\unins000.exe"
Facebook Video Calling 2.0.0.447-->MsiExec.exe /X{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych-->MsiExec.exe /I{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}
Fotogalerija Windows Live-->MsiExec.exe /X{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}
Galeria de Fotografias do Windows Live-->MsiExec.exe /X{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}
Galería fotográfica de Windows Live-->MsiExec.exe /X{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}
Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}
Galerie de photos Windows Live-->MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710}
GIMP 2.8.6-->"C:\Program Files\GIMP 2\uninst\unins000.exe"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_231F3FD17DB59CFD.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GrabIt 1.7.2 Beta 4 (build 997)-->"C:\Program Files (x86)\GrabIt\unins000.exe"
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Network Connections 15.8.75.0-->MsiExec.exe /i{21927AF8-8738-455F-AB98-7FF8FBFC6282} ARPREMOVE=1
Intel® Network Connections 15.8.75.0-->MsiExec.exe /i{21927AF8-8738-455F-AB98-7FF8FBFC6282} ARPREMOVE=1
Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}
Java 6 Update 22 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416022FF}
Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Karen's Directory Printer-->C:\Program Files (x86)\Karen's Power Tools\Directory Printer\uninstall.exe
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave-->MsiExec.exe /I{CA227A9D-09BE-4BFB-9764-48FED2DA5454}
Malwarebytes Anti-Malware versie 1.75.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Medion Home Cinema-->"C:\Program Files (x86)\InstallShield Installation Information\{AB770FDE-8087-4C98-9A85-BD64262C104C}\Setup.exe" /z-uninstall
Medion Home Cinema-->"C:\Program Files (x86)\InstallShield Installation Information\{AB770FDE-8087-4C98-9A85-BD64262C104C}\Setup.exe" /z-uninstall
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}
Microsoft Office Klik-en-Klaar 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Microsoft Office Klik-en-Klaar 2010-->MsiExec.exe /I{90140000-006D-0413-1000-0000000FF1CE}
Microsoft Office Starter 2010 - Nederlands-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0413-0000-0000000FF1CE}
Microsoft PowerPoint Viewer-->MsiExec.exe /X{95140000-00AF-0413-0000-0000000FF1CE}
Microsoft Security Client-->MsiExec.exe /X{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
MioMore Desktop 7.50-->C:\Program Files (x86)\Mio\MioMore Desktop 7.50\Uninstall.exe
Mozilla Firefox 25.0.1 (x86 nl)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Mozilla Thunderbird (3.1.9)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NVIDIA Graphics Driver 263.13-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA HD Audio Driver 1.1.9.0-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA PhysX System Software 9.10.0514-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
OLYMPUS Digital Camera Updater-->MsiExec.exe /X{A68C62E8-B243-4777-89BB-12173DFA1D45}
OLYMPUS Viewer 2-->MsiExec.exe /X{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}
OpenOffice.org 3.3-->MsiExec.exe /I{C3BAE9CC-EC6B-4B3E-80C1-C1EC29A09AF8}
PC Wizard 2010.1.96-->"C:\Program Files (x86)\CPUID\PC Wizard 2010\unins000.exe"
Photoupz 1.6-->C:\Program Files (x86)\Photoupz\uninst.exe
Pixlr-o-matic-->msiexec /qb /x {41A63ADA-088B-1C2D-43B3-E4087FE79881}
Pixlr-o-matic-->MsiExec.exe /I{41A63ADA-088B-1C2D-43B3-E4087FE79881}
PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}
Poczta usługi Windows Live-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1}
Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383}
Pošta Windows Live-->MsiExec.exe /I{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}
QuickPar 0.9-->C:\Program Files (x86)\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{B67BAFBA-4C9F-48FA-9496-933E3B255044}
Raccolta foto di Windows Live-->MsiExec.exe /X{ED16B700-D91F-44B0-867C-7EB5253CA38D}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Recuva-->"C:\Program Files\Recuva\uninst.exe"
Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\setup.exe" -runfromtemp -l0x0409 -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
Safari-->MsiExec.exe /I{FA4C2D53-205F-4245-9717-F3761154824D}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client
SelectionLinks-->C:\Program Files (x86)\OApps\sl-dlc_uninstall.exe
Skype™ 6.3-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Spelling Dictionaries Support For Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-A00000000004}
Stuurprogrammapakket voor Windows - Fedict SmartCard (12/08/2009 4.0.0.3)-->rundll32.exe C:\PROGRA~1\DIFX\ED00A7CB25A64AAB\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\beidmdrv.inf_amd64_neutral_a86dbbf53927a0ff\beidmdrv.inf
TigoTago-->C:\Program Files (x86)\Yoplo\TigoTago\uninstall.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Total Commander 64-bit (Remove or Repair)-->c:\totalcmd\tcunin64.exe
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi-->MsiExec.exe /I{241E7104-937A-4366-AD57-8FDDDB003939}
Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}
VLC media player 1.1.8-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Wave Editor 3.2.0.8-->"C:\Program Files (x86)\Wave Editor\unins000.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{17F99FCE-8F03-4439-860A-25C5A5434E18}
Windows Live Essentials-->MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073}
Windows Live Essentials-->MsiExec.exe /I{410DF0AA-882D-450D-9E1B-F5397ACFFA80}
Windows Live Essentials-->MsiExec.exe /I{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}
Windows Live Essentials-->MsiExec.exe /I{827D3E4A-0186-48B7-9801-7D1E9DD40C07}
Windows Live Essentials-->MsiExec.exe /I{B618C3BF-5142-4630-81DD-F96864F97C7E}
Windows Live Essentials-->MsiExec.exe /I{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}
Windows Live Essentials-->MsiExec.exe /I{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Essentials-->MsiExec.exe /I{FEEF7F78-5876-438B-B554-C4CC426A4302}
Windows Live Fotogalerie-->MsiExec.exe /X{B113D18C-67B0-4FB7-B329-E89B66194AE6}
Windows Live Fotoğraf Galerisi-->MsiExec.exe /X{BD695C2F-3EA0-4DA4-92D5-154072468721}
Windows Live Fotótár-->MsiExec.exe /X{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}
Windows Live Mail-->MsiExec.exe /I{0D261C88-454B-46FE-B43B-640E621BDA11}
Windows Live Mail-->MsiExec.exe /I{10186F1A-6A14-43DF-A404-F0105D09BB07}
Windows Live Mail-->MsiExec.exe /I{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}
Windows Live Mail-->MsiExec.exe /I{63CF7D0C-B6E7-4EE9-8253-816B613CC437}
Windows Live Mail-->MsiExec.exe /I{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
Windows Live Mail-->MsiExec.exe /I{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}
Windows Live Mail-->MsiExec.exe /I{B1239994-A850-44E2-BED8-E70A21124E16}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mail-->MsiExec.exe /I{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}
Windows Live Mail-->MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C}
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen-->MsiExec.exe /I{C32CE55C-12BA-4951-8797-0967FDEF556F}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh ActiveX control for remote connections-->MsiExec.exe /I{C5398A89-516C-4DAF-BA07-EE7949090E56}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}
Windows Live Mesh ActiveX-objekt til fjernforbindelser-->MsiExec.exe /I{57220148-3B2B-412A-A2E0-82B9DF423696}
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz-->MsiExec.exe /I{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}
Windows Live Mesh-->MsiExec.exe /I{00884F14-05BD-4D8E-90E5-1ABF78948CA4}
Windows Live Mesh-->MsiExec.exe /I{3F4143A1-9C21-4011-8679-3BC1014C6886}
Windows Live Mesh-->MsiExec.exe /I{46872828-6453-4138-BE1C-CE35FBF67978}
Windows Live Mesh-->MsiExec.exe /I{5CF5B1A5-CBC3-42F0-8533-5A5090665862}
Windows Live Mesh-->MsiExec.exe /I{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}
Windows Live Mesh-->MsiExec.exe /I{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}
Windows Live Mesh-->MsiExec.exe /I{7496FD31-E5CB-4AE4-82D3-31099558BF6A}
Windows Live Mesh-->MsiExec.exe /I{78DAE910-CA72-450E-AD22-772CB1A00678}
Windows Live Mesh-->MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}
Windows Live Mesh-->MsiExec.exe /I{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Mesh-->MsiExec.exe /I{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}
Windows Live Messenger-->MsiExec.exe /X{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}
Windows Live Messenger-->MsiExec.exe /X{2F54E453-8C93-4B3B-936A-233C909E6CAC}
Windows Live Messenger-->MsiExec.exe /X{443B561F-DE1B-4DEF-ADD9-484B684653C7}
Windows Live Messenger-->MsiExec.exe /X{48294D95-EE9A-4377-8213-44FC4265FB27}
Windows Live Messenger-->MsiExec.exe /X{4B744C85-DBB1-4038-B989-4721EB22C582}
Windows Live Messenger-->MsiExec.exe /X{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}
Windows Live Messenger-->MsiExec.exe /X{8FF3891F-01B5-4A71-BFCD-20761890471C}
Windows Live Messenger-->MsiExec.exe /X{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}
Windows Live Messenger-->MsiExec.exe /X{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}
Windows Live Messenger-->MsiExec.exe /X{B2E90616-C50D-4B89-A40D-92377AC669E5}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live Messenger-->MsiExec.exe /X{E9AD2143-26D5-4201-BED1-19DCC03B407D}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}
Windows Live Movie Maker-->MsiExec.exe /X{60C3C026-DB53-4DAB-8B97-7C1241F9A847}
Windows Live Movie Maker-->MsiExec.exe /X{640798A0-A4FB-4C52-AC72-755134767F1E}
Windows Live Movie Maker-->MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{A101F637-2E56-42C0-8E08-F1E9086BFAF3}
Windows Live Movie Maker-->MsiExec.exe /X{BF022D76-9F72-4203-B8FA-6522DC66DFDA}
Windows Live Movie Maker-->MsiExec.exe /X{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}
Windows Live Movie Maker-->MsiExec.exe /X{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}
Windows Live Movie Maker-->MsiExec.exe /X{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}
Windows Live Movie Maker-->MsiExec.exe /X{E4E88B54-4777-4659-967A-2EED1E6AFD83}
Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}
Windows Live Movie Maker-->MsiExec.exe /X{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}
Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81}
Windows Live Photo Common-->MsiExec.exe /X{370F888E-42A7-4911-9E34-7D74632E17EB}
Windows Live Photo Common-->MsiExec.exe /X{6B556C37-8919-4991-AC34-93D018B9EA49}
Windows Live Photo Common-->MsiExec.exe /X{73FC3510-6421-40F7-9503-EDAE4D0CF70D}
Windows Live Photo Common-->MsiExec.exe /X{84267681-BF16-40B6-9564-27BC57D7D71C}
Windows Live Photo Common-->MsiExec.exe /X{85373DA7-834E-4850-8AF5-1D99F7526857}
Windows Live Photo Common-->MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B}
Windows Live Photo Common-->MsiExec.exe /X{A41A708E-3BE6-4561-855D-44027C1CF0F8}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}
Windows Live Photo Common-->MsiExec.exe /X{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}
Windows Live Photo Common-->MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live Photo Gallery-->MsiExec.exe /X{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}
Windows Live Photo Gallery-->MsiExec.exe /X{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}
Windows Live Photo Gallery-->MsiExec.exe /X{CF671BFE-6BA3-44E7-98C1-500D9C51D947}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}
Windows Live Remote Client Resources-->MsiExec.exe /I{2F304EF4-0C31-47F4-8557-0641AAE4197C}
Windows Live Remote Client Resources-->MsiExec.exe /I{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}
Windows Live Remote Client Resources-->MsiExec.exe /I{692CCE55-9EAE-4F57-A834-092882E7FE0B}
Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}
Windows Live Remote Client Resources-->MsiExec.exe /I{850B8072-2EA7-4EDC-B930-7FE569495E76}
Windows Live Remote Client Resources-->MsiExec.exe /I{8970AE69-40BE-4058-9916-0ACB1B974A3D}
Windows Live Remote Client Resources-->MsiExec.exe /I{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}
Windows Live Remote Client Resources-->MsiExec.exe /I{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
Windows Live Remote Client Resources-->MsiExec.exe /I{C9F05151-95A9-4B9B-B534-1760E2D014A5}
Windows Live Remote Client Resources-->MsiExec.exe /I{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}
Windows Live Remote Client Resources-->MsiExec.exe /I{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}
Windows Live Remote Client Resources-->MsiExec.exe /I{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{19F09425-3C20-4730-9E2A-FC2E17C9F362}
Windows Live Remote Service Resources-->MsiExec.exe /I{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}
Windows Live Remote Service Resources-->MsiExec.exe /I{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}
Windows Live Remote Service Resources-->MsiExec.exe /I{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}
Windows Live Remote Service Resources-->MsiExec.exe /I{5E2CD4FB-4538-4831-8176-05D653C3E6D4}
Windows Live Remote Service Resources-->MsiExec.exe /I{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}
Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}
Windows Live Remote Service Resources-->MsiExec.exe /I{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}
Windows Live Remote Service Resources-->MsiExec.exe /I{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}
Windows Live Remote Service Resources-->MsiExec.exe /I{A679FBE4-BA2D-4514-8834-030982C8B31A}
Windows Live Remote Service Resources-->MsiExec.exe /I{D3E4F422-7E0F-49C7-8B00-F42490D7A385}
Windows Live Remote Service Resources-->MsiExec.exe /I{D930AF5C-5193-4616-887D-B974CEFC4970}
Windows Live Remote Service Resources-->MsiExec.exe /I{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Temel Parçalar-->MsiExec.exe /I{1203DC60-D9BD-44F9-B372-2B8F227E6094}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{09922FFE-D153-44AE-8B60-EA3CB8088F93}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{37B33B16-2535-49E7-8990-32668708A0A3}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{40BFD84C-64CD-42CC-9909-8734C50429C6}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{4D141929-141B-4605-95D6-2B8650C1C6DA}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{523DF2BB-3A85-4047-9898-29DC8AEB7E69}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{76046298-768C-492C-8C93-2983C9E3719E}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{77477AEA-5757-47D8-8B33-939F43D82218}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{E5DD4723-FE0B-436E-A815-DC23CF902A0B}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218}
Windows Live Writer Resources-->MsiExec.exe /X{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}
Windows Live Writer Resources-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16}
Windows Live Writer Resources-->MsiExec.exe /X{3125D9DE-8D7A-4987-95F3-8A42389833D8}
Windows Live Writer Resources-->MsiExec.exe /X{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}
Windows Live Writer Resources-->MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194}
Windows Live Writer Resources-->MsiExec.exe /X{7E90B133-FF47-48BB-91B8-36FC5A548FE9}
Windows Live Writer Resources-->MsiExec.exe /X{93E464B3-D075-4989-87FD-A828B5C308B1}
Windows Live Writer Resources-->MsiExec.exe /X{C29FC15D-E84B-4EEC-8505-4DED94414C59}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer Resources-->MsiExec.exe /X{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}
Windows Live Writer Resources-->MsiExec.exe /X{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}
Windows Live Writer Resources-->MsiExec.exe /X{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}
Windows Live Writer-->MsiExec.exe /X{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}
Windows Live Writer-->MsiExec.exe /X{1D6C2068-807F-4B76-A0C2-62ED05656593}
Windows Live Writer-->MsiExec.exe /X{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}
Windows Live Writer-->MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F}
Windows Live Writer-->MsiExec.exe /X{48C0DC5E-820A-44F2-890E-29B68EDD3C78}
Windows Live Writer-->MsiExec.exe /X{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}
Windows Live Writer-->MsiExec.exe /X{71A81378-79D5-40CC-9BDC-380642D1A87F}
Windows Live Writer-->MsiExec.exe /X{7E017923-16F8-4E32-94EF-0A150BD196FE}
Windows Live Writer-->MsiExec.exe /X{859D4022-B76D-40DE-96EF-C90CDA263F44}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Live Writer-->MsiExec.exe /X{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}
Windows Live Writer-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80}
Windows Live Writer-->MsiExec.exe /X{E8524B28-3BBB-4763-AC83-0E83FE31C350}
Windows Live-->MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows-stuurprogrammapakket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)-->C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /d /u C:\Windows\System32\DriverStore\FileRepository\olycamcomm64.inf_amd64_neutral_ef14f466647d2167\olycamcomm64.inf
WinRAR 4.00 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις-->MsiExec.exe /I{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}
Συλλογή φωτογραφιών του Windows Live-->MsiExec.exe /X{C00C2A91-6CB3-483F-80B3-2958E29468F1}
======System event log======
Computer Name: Enterprise
Event Code: 1118
Message: Microsoft Antimalware heeft een niet-kritieke fout gevonden tijdens het ondernemen van actie tegen schadelijke of andere mogelijk ongewenste software.
Zie de onderstaande gegevens voor meer informatie:
Naam: TrojanDownloader:Java/Rexec
Id: 2147657903
Ernst: Ernstig
Categorie: Downloadprogramma in Trojaans paard
Pad: containerfile:_C:\Users\Philip\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120621132941726.rsc;file:_C:\Users\Philip\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120621132941726.rsc->120621132941726-000864.file
Detectieoorsprong: Lokale computer
Detectietype: Concreet
Detectiebron: Systeem
Gebruiker: NT AUTHORITY\SYSTEM
Procesnaam: Unknown
Actie: In quarantaine plaatsen
Actiestatus: No additional actions required
Foutcode: 0x800700df
Foutbeschrijving: De bestandsgrootte heeft de toegestane limiet overschreden en kan niet worden opgeslagen.
Versie handtekening: AV: 1.155.2339.0, AS: 1.155.2339.0, NIS: 17.36.0.0
Versie engine: AM: 1.1.9700.0, NIS: 2.1.8904.0
Record Number: 21200110
Source Name: Microsoft Antimalware
Time Written: 20130815165210.000000-000
Event Type: Waarschuwing
User:
Computer Name: Enterprise
Event Code: 1118
Message: Microsoft Antimalware heeft een niet-kritieke fout gevonden tijdens het ondernemen van actie tegen schadelijke of andere mogelijk ongewenste software.
Zie de onderstaande gegevens voor meer informatie:
Naam: Trojan:Win32/Reveton.C
Id: 2147654102
Ernst: Ernstig
Categorie: Trojaans paard
Pad: containerfile:_C:\Users\Philip\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120621132941726.rsc;file:_C:\Users\Philip\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120621132941726.rsc->120621132941726-000651.file
Detectieoorsprong: Lokale computer
Detectietype: Concreet
Detectiebron: Systeem
Gebruiker: NT AUTHORITY\SYSTEM
Procesnaam: Unknown
Actie: In quarantaine plaatsen
Actiestatus: No additional actions required
Foutcode: 0x800700df
Foutbeschrijving: De bestandsgrootte heeft de toegestane limiet overschreden en kan niet worden opgeslagen.
Versie handtekening: AV: 1.155.2339.0, AS: 1.155.2339.0, NIS: 17.36.0.0
Versie engine: AM: 1.1.9700.0, NIS: 2.1.8904.0
Record Number: 21200109
Source Name: Microsoft Antimalware
Time Written: 20130815165210.000000-000
Event Type: Waarschuwing
User:
Computer Name: Enterprise
Event Code: 7036
Message: De Windows Modules Installer-service heeft nu de status gestopt.
Record Number: 21200108
Source Name: Service Control Manager
Time Written: 20130815164802.381536-000
Event Type: Informatie
User:
Computer Name: Enterprise
Event Code: 7040
Message: Het opstarttype van de service Windows Modules Installer is gewijzigd van automatisch starten in starten op aanvraag.
Record Number: 21200107
Source Name: Service Control Manager
Time Written: 20130815164802.131935-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM
Computer Name: Enterprise
Event Code: 7040
Message: Het opstarttype van de service Windows Modules Installer is gewijzigd van starten op aanvraag in automatisch starten.
Record Number: 21200106
Source Name: Service Control Manager
Time Written: 20130815164801.305134-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: Enterprise
Event Code: 33
Message: Kan activeringscontext voor 'C:\Windows\system32\conhost.exe' niet maken. Kan afhankelijke assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Record Number: 248666
Source Name: SideBySide
Time Written: 20131110215300.000000-000
Event Type: Fout
User:
Computer Name: Enterprise
Event Code: 33
Message: Kan activeringscontext voor 'C:\Windows\system32\conhost.exe' niet maken. Kan afhankelijke assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Record Number: 248665
Source Name: SideBySide
Time Written: 20131110215200.000000-000
Event Type: Fout
User:
Computer Name: Enterprise
Event Code: 33
Message: Kan activeringscontext voor 'C:\Windows\system32\conhost.exe' niet maken. Kan afhankelijke assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Record Number: 248664
Source Name: SideBySide
Time Written: 20131110215100.000000-000
Event Type: Fout
User:
Computer Name: Enterprise
Event Code: 33
Message: Kan activeringscontext voor 'C:\Windows\system32\conhost.exe' niet maken. Kan afhankelijke assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Record Number: 248663
Source Name: SideBySide
Time Written: 20131110215000.000000-000
Event Type: Fout
User:
Computer Name: Enterprise
Event Code: 33
Message: Kan activeringscontext voor 'C:\Windows\system32\conhost.exe' niet maken. Kan afhankelijke assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Record Number: 248662
Source Name: SideBySide
Time Written: 20131110214900.000000-000
Event Type: Fout
User:
=====Security event log=====
Computer Name: Enterprise
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: ENTERPRISE$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x26c
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 2901
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110516220000.986366-000
Event Type: Controle geslaagd
User:
Computer Name: Enterprise
Event Code: 4672
Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Bevoegdheden: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 2900
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110516194708.003338-000
Event Type: Controle geslaagd
User:
Computer Name: Enterprise
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: ENTERPRISE$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x26c
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 2899
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110516194708.003338-000
Event Type: Controle geslaagd
User:
Computer Name: Enterprise
Event Code: 4672
Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Bevoegdheden: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 2898
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110516175107.460217-000
Event Type: Controle geslaagd
User:
Computer Name: Enterprise
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: ENTERPRISE$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x26c
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 2897
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110516175107.460217-000
Event Type: Controle geslaagd
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Belgium Identity Card;%PROGRAMFILES%\Internet Explorer;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files (x86)\Belgium Identity Card;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
-
Hartelijk dank voor de vlugge hulp
Logfile of random's system information tool 1.09 (written by random/random)
Run by Philip at 2014-01-19 12:23:56
Microsoft Windows 7 Home Premium
System drive C: has 1205 GB (64%) free of 1876 GB
Total RAM: 4078 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:57, on 19/01/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17267)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Philip.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.exe" RunWithWindows
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} (TunnelX Control) - https://eu.mydlink.com/8D/activeX//TunnelX.ocx
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} (Gif89 Lite +Audio Class) - https://eu.mydlink.com/8D/activeX//DCS-93x/aplugLiteDL.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9931 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5659e96d-6777-4162-b3c0-d7423d0209ef -SystemEventPortName:HostProcess-96bcf8b8-db3c-4273-9c52-3d7be5b7f9e4 -IoCancelEventPortName:HostProcess-0cd88bc9-d88b-4fef-9a89-a6296eb5b9b2 -NonStateChangingEventPortName:HostProcess-67e1f2fb-0699-4458-a023-3f7d8d43208a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c688fb60-a7fe-44ef-bcc8-cc6fe53a8da1
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
ctfmon.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Users\Philip\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default
prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "google.be"
prefs.js - "keyword.URL" - "http://search.avg.com/route/?d=4e30bacd&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=nl&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg-secure-search.xml
babylon.xml
C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\extensions\
2020Player_IKEA@2020Technologies.com
staged
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\
babylon.xml
BrowserProtect.xml
imdb.xml
mixidj.xml
search-here.xml
youtube-ssl.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
Complitly - C:\Users\Philip\AppData\Roaming\Complitly\64\Complitly64.dll [2012-02-21 167416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-14 256080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll [2013-10-06 346576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-03 49440]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14 175776]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-14 194128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-06 1001936]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-12-03 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-14 256080]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14 4372120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-14 194128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JAVA"=C:\Windows\java.vbs [2010-11-17 83]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-12-09 11613288]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 1271168]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-03-14 2779024]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"OV2_Monitor"=C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe [2012-08-23 231344]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-05-08 18680424]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-03-31 39408]
"Facebook Update"=C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-02 138096]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2013-12-17 5973272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive 9 application]
C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Philip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3 .lnk]
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-11-06 283160]
"beid"=C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe [2011-05-23 2068480]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1612920]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392]
""C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE""=C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.exe [2012-11-08 10677320]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll [2013-04-04 1127496]
C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3 .lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsScanner]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-01-19 12:23:56 ----D---- C:\rsit
2014-01-19 12:23:56 ----D---- C:\Program Files\trend micro
2014-01-19 12:17:11 ----A---- C:\Windows\ntbtlog.txt
2014-01-15 22:20:46 ----D---- C:\Windows\Sun
2014-01-15 20:39:34 ----D---- C:\Users\Philip\AppData\Roaming\DlinkViewCam
2014-01-15 20:05:53 ----D---- C:\Program Files (x86)\Activation
2014-01-15 19:57:05 ----D---- C:\Program Files (x86)\D-Link
2014-01-12 16:41:42 ----D---- C:\Windows\system32\SPReview
2014-01-12 16:41:09 ----D---- C:\Windows\system32\EventProviders
2014-01-12 16:39:56 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2014-01-12 16:39:56 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2014-01-12 16:39:56 ----A---- C:\Windows\system32\atmlib.dll
2014-01-12 16:39:56 ----A---- C:\Windows\system32\atmfd.dll
2014-01-12 16:36:21 ----D---- C:\Windows\system32\MRT
2014-01-12 16:36:03 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2014-01-12 16:36:03 ----A---- C:\Windows\system32\imagehlp.dll
2014-01-12 16:36:03 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2014-01-12 16:36:02 ----A---- C:\Windows\SYSWOW64\wmi.dll
2014-01-12 16:36:02 ----A---- C:\Windows\system32\wmi.dll
2014-01-12 16:33:05 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-01-12 16:33:05 ----A---- C:\Windows\system32\tzres.dll
2014-01-12 16:32:47 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2014-01-12 16:32:47 ----A---- C:\Windows\system32\win32spl.dll
2014-01-12 16:32:46 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-01-12 16:32:46 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-01-12 16:32:45 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-01-12 16:32:45 ----A---- C:\Windows\system32\kerberos.dll
2014-01-12 16:32:45 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-01-12 16:32:44 ----A---- C:\Windows\system32\drivers\usb8023.sys
2014-01-12 16:32:43 ----A---- C:\Windows\system32\drivers\volsnap.sys
2014-01-12 16:32:42 ----A---- C:\Windows\SYSWOW64\synceng.dll
2014-01-12 16:32:42 ----A---- C:\Windows\system32\synceng.dll
2014-01-12 16:32:37 ----A---- C:\Windows\system32\mshtml.dll
2014-01-12 16:32:36 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-01-12 16:32:34 ----A---- C:\Windows\system32\ieframe.dll
2014-01-12 16:32:33 ----A---- C:\Windows\system32\iertutil.dll
2014-01-12 16:32:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-01-12 16:32:31 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-01-12 16:32:29 ----A---- C:\Windows\system32\urlmon.dll
2014-01-12 16:32:29 ----A---- C:\Windows\system32\mstime.dll
2014-01-12 16:32:29 ----A---- C:\Windows\system32\msfeeds.dll
2014-01-12 16:32:28 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-01-12 16:32:28 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-01-12 16:32:27 ----A---- C:\Windows\SYSWOW64\mstime.dll
2014-01-12 16:32:27 ----A---- C:\Windows\system32\wininet.dll
2014-01-12 16:32:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-01-12 16:32:25 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-01-12 16:32:25 ----A---- C:\Windows\system32\iedkcs32.dll
2014-01-12 16:32:24 ----A---- C:\Windows\SYSWOW64\url.dll
2014-01-12 16:32:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-01-12 16:32:24 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2014-01-12 16:32:24 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2014-01-12 16:32:24 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-01-12 16:32:24 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2014-01-12 16:32:24 ----A---- C:\Windows\system32\url.dll
2014-01-12 16:32:24 ----A---- C:\Windows\system32\mshtmled.dll
2014-01-12 16:32:24 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-01-12 16:32:24 ----A---- C:\Windows\system32\licmgr10.dll
2014-01-12 16:32:24 ----A---- C:\Windows\system32\iepeers.dll
2014-01-12 16:32:23 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2014-01-12 16:32:23 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-01-12 16:32:23 ----A---- C:\Windows\system32\msfeedssync.exe
2014-01-12 16:32:23 ----A---- C:\Windows\system32\jsproxy.dll
2014-01-12 16:32:23 ----A---- C:\Windows\system32\ieui.dll
2014-01-12 16:32:21 ----A---- C:\Windows\system32\wow64win.dll
2014-01-12 16:32:21 ----A---- C:\Windows\system32\KernelBase.dll
2014-01-12 16:32:21 ----A---- C:\Windows\system32\kernel32.dll
2014-01-12 16:32:20 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-01-12 16:32:20 ----A---- C:\Windows\system32\winsrv.dll
2014-01-12 16:32:20 ----A---- C:\Windows\system32\conhost.exe
2014-01-12 16:32:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-01-12 16:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-01-12 16:32:19 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-01-12 16:32:19 ----A---- C:\Windows\SYSWOW64\sys32dlkb.dll
2014-01-12 16:32:19 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-01-12 16:32:19 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-01-12 16:32:19 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-01-12 16:32:19 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-01-12 16:32:19 ----A---- C:\Windows\system32\wow64cpu.dll
2014-01-12 16:32:19 ----A---- C:\Windows\system32\wow64.dll
2014-01-12 16:32:19 ----A---- C:\Windows\system32\ntvdm64.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2014-01-12 16:32:17 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-01-12 16:32:17 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-01-12 16:32:17 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-01-12 16:32:17 ----A---- C:\Windows\SYSWOW64\user.exe
2014-01-12 16:32:11 ----A---- C:\Windows\system32\mstscax.dll
2014-01-12 16:32:10 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-01-12 16:32:10 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-01-12 16:32:10 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2014-01-12 16:32:10 ----A---- C:\Windows\system32\tsgqec.dll
2014-01-12 16:32:10 ----A---- C:\Windows\system32\aaclient.dll
2014-01-12 16:32:08 ----A---- C:\Windows\SYSWOW64\dpnet.dll
2014-01-12 16:32:08 ----A---- C:\Windows\system32\msxml6.dll
2014-01-12 16:32:08 ----A---- C:\Windows\system32\dpnet.dll
2014-01-12 16:32:07 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2014-01-12 16:32:07 ----A---- C:\Windows\system32\msxml3.dll
2014-01-12 16:32:06 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-01-12 16:31:44 ----A---- C:\Windows\system32\win32k.sys
2014-01-12 16:31:43 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2014-01-12 16:31:43 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-01-12 16:31:43 ----A---- C:\Windows\system32\ncrypt.dll
2014-01-12 16:31:42 ----A---- C:\Windows\system32\wintrust.dll
2014-01-12 16:31:41 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-01-12 16:31:41 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-01-12 16:31:40 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-01-12 16:31:40 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2014-01-12 16:31:40 ----A---- C:\Windows\system32\smss.exe
2014-01-12 16:31:40 ----A---- C:\Windows\system32\csrsrv.dll
2014-01-12 16:30:45 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-01-12 16:30:45 ----A---- C:\Windows\system32\crypt32.dll
2014-01-12 16:30:44 ----A---- C:\Windows\system32\cryptsvc.dll
2014-01-12 16:30:43 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2014-01-12 16:30:43 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2014-01-12 16:30:43 ----A---- C:\Windows\system32\cryptnet.dll
======List of files/folders modified in the last 1 month======
2014-01-19 12:23:57 ----D---- C:\Windows\Temp
2014-01-19 12:23:56 ----RD---- C:\Program Files
2014-01-19 12:20:18 ----D---- C:\antivirussen
2014-01-19 12:17:11 ----D---- C:\Windows
2014-01-18 23:48:07 ----D---- C:\Windows\inf
2014-01-18 23:48:05 ----D---- C:\Windows\SoftwareDistribution
2014-01-18 23:48:05 ----D---- C:\Windows\Logs
2014-01-18 23:48:05 ----D---- C:\Windows\debug
2014-01-18 23:43:08 ----D---- C:\Program Files\CCleaner
2014-01-18 23:19:57 ----D---- C:\Windows\system32\drivers
2014-01-18 20:07:19 ----D---- C:\Windows\system32\config
2014-01-18 19:55:01 ----D---- C:\Windows\Prefetch
2014-01-18 19:50:17 ----HD---- C:\ProgramData
2014-01-17 18:45:26 ----SHD---- C:\System Volume Information
2014-01-16 00:04:52 ----D---- C:\Windows\Downloaded Program Files
2014-01-15 20:05:53 ----RD---- C:\Program Files (x86)
2014-01-15 20:03:09 ----D---- C:\Windows\SysWOW64
2014-01-15 19:59:08 ----SHD---- C:\Windows\Installer
2014-01-15 19:58:54 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-01-14 22:54:52 ----SHD---- C:\$RECYCLE.BIN
2014-01-14 22:54:44 ----RD---- C:\Users
2014-01-14 22:40:35 ----D---- C:\Windows\system32\NDF
2014-01-12 21:18:20 ----D---- C:\Users\Philip\AppData\Roaming\GrabIt
2014-01-12 21:10:09 ----D---- C:\Windows\System32
2014-01-12 21:10:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-12 20:34:21 ----D---- C:\Windows\rescache
2014-01-12 18:31:37 ----D---- C:\Windows\winsxs
2014-01-12 18:31:25 ----D---- C:\Windows\system32\DriverStore
2014-01-12 18:27:41 ----D---- C:\Windows\system32\drivers\UMDF
2014-01-12 18:24:49 ----D---- C:\Windows\Microsoft.NET
2014-01-12 18:24:29 ----RSD---- C:\Windows\assembly
2014-01-12 18:08:34 ----D---- C:\Windows\SYSWOW64\nl-NL
2014-01-12 18:08:34 ----D---- C:\Windows\system32\nl-NL
2014-01-12 18:08:34 ----D---- C:\Windows\ehome
2014-01-12 18:08:34 ----D---- C:\Program Files\Common Files\System
2014-01-12 18:08:32 ----D---- C:\Windows\AppPatch
2014-01-12 18:08:30 ----D---- C:\Windows\SYSWOW64\migration
2014-01-12 18:08:30 ----D---- C:\Windows\system32\migration
2014-01-12 18:08:30 ----D---- C:\Program Files\Internet Explorer
2014-01-12 18:08:30 ----D---- C:\Program Files (x86)\Internet Explorer
2014-01-12 18:08:28 ----D---- C:\Program Files\Windows Journal
2014-01-12 16:40:03 ----D---- C:\Windows\system32\catroot
2014-01-12 16:40:02 ----D---- C:\Windows\system32\catroot2
2014-01-09 19:35:58 ----D---- C:\ProgramData\CanonIJPLM
2014-01-02 15:20:02 ----D---- C:\Windows\Tasks
2014-01-02 15:20:02 ----D---- C:\Windows\system32\Tasks
2013-12-29 22:56:44 ----D---- C:\Users\Philip\AppData\Roaming\SoftGrid Client
2013-12-24 19:45:57 ----D---- C:\Windows\system32\FxsTmp
2013-12-20 23:56:32 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-06 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2010-12-17 315568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
R3 WinUsb;WinUsb-stuurprogramma; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448]
S0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 203888]
S1 avqrvmmg;avqrvmmg; \??\C:\Windows\system32\drivers\avqrvmmg.sys []
S1 ekjuykfo;ekjuykfo; \??\C:\Windows\system32\drivers\ekjuykfo.sys []
S1 eppskxwu;eppskxwu; \??\C:\Windows\system32\drivers\eppskxwu.sys []
S1 fxaswngm;fxaswngm; \??\C:\Windows\system32\drivers\fxaswngm.sys []
S1 gzrapzyj;gzrapzyj; \??\C:\Windows\system32\drivers\gzrapzyj.sys []
S1 hjskxrqe;hjskxrqe; \??\C:\Windows\system32\drivers\hjskxrqe.sys []
S1 hqbtcxge;hqbtcxge; \??\C:\Windows\system32\drivers\hqbtcxge.sys []
S1 knlwebnz;knlwebnz; \??\C:\Windows\system32\drivers\knlwebnz.sys []
S1 mpvqibpo;mpvqibpo; \??\C:\Windows\system32\drivers\mpvqibpo.sys []
S1 odssfeow;odssfeow; \??\C:\Windows\system32\drivers\odssfeow.sys []
S1 skowexij;skowexij; \??\C:\Windows\system32\drivers\skowexij.sys []
S3 cpuz134;cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
S3 IAMTVE;Driver for Intel® Active Management Technology - KCS; C:\Windows\system32\DRIVERS\IAMTVE.sys [2010-12-17 43416]
S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS; C:\Windows\system32\DRIVERS\IAMTXPE.sys [2010-12-17 51096]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-12-09 2565736]
S3 ioatdma1;ioatdma1; C:\Windows\System32\Drivers\qd162x64.sys [2010-12-17 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2; C:\Windows\System32\Drivers\qd262x64.sys [2010-12-17 42192]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-02-06 690208]
S3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 12600]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
S2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 136176]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2010-10-25 164008]
S2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-23 194032]
S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-17 119408]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
-----------------EOF-----------------
-
hoi
heb het ukash of politie virus aan mijn been. heb al gescand met microsoft essentials en malwarebytes , die hebben bijde iets gevonden en verwijderd , heb nu nog een hijack this logje gemaakt . daar geraak ik nog niet aan uit .
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:23:01, on 18/01/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17267)
Boot mode: Safe mode with network support
Running processes:
C:\antivirussen\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: HelloWorldBHO - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.exe" RunWithWindows
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} (TunnelX Control) - https://eu.mydlink.com/8D/activeX//TunnelX.ocx
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} (Gif89 Lite +Audio Class) - https://eu.mydlink.com/8D/activeX//DCS-93x/aplugLiteDL.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9893 bytes
als er iemand eens een oogje kan op werpen alleszins hartelijk dank
philip
-
Alles werkt terug
Hartelijk dank voor de hulp
Prettige feesten
-
en dit de laatste scan
Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download
Databaseversie: v2012.12.24.05
Windows 7 x64 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 8.0.7600.16385
Philip :: ENTERPRISE [administrator]
24/12/2012 17:55:36
mbam-log-2012-12-24 (17-55-36).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 206528
Verstreken tijd: 2 minuut/minuten, 40 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
en nu nog eens cc cleaner draaien
hartelijk dank voor de hulp
-
hier het verslagje
Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download
Databaseversie: v2012.12.24.05
Windows 7 x64 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 8.0.7600.16385
Philip :: ENTERPRISE [administrator]
24/12/2012 17:40:34
mbam-log-2012-12-24 (17-52-48).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 206631
Verstreken tijd: 2 minuut/minuten, 31 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 2
C:\Users\Philip\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Geen actie ondernomen.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Geen actie ondernomen.
(einde)
-
Hoi
heb hier een hijack this logje gezet ivm het ukash politie virus
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:15:43, on 24/12/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Safe mode with network support
Running processes:
C:\antivirussen\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = Discover Bing: Explore Bing Services & Features for Everyday Decisions
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9198 bytes
hartelijk dank voor de hulp
gelukkig kerstmis
-
hartelijk dank
alles werkt terug
-
hier een mbam logje
Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download
Databaseversie: v2012.11.30.09
Windows 7 x64 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 8.0.7600.16385
Philip :: ENTERPRISE [administrator]
1/12/2012 17:36:41
mbam-log-2012-12-01 (17-36-41).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 206625
Verstreken tijd: 3 minuut/minuten, 9 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
hier het nieuwe hijackthis logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:46:52, on 1/12/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\antivirussen\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8940 bytes
en dan nog eens hartelijk dank voor de hulp
-
hoi
hier een hijack this logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:22:35, on 1/12/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Safe mode with network support
Running processes:
C:\antivirussen\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [fddajwfuxrfvixt] C:\ProgramData\fddajwfu.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8893 bytes
hartelijk dank voor de hulp
philip
- - - Updated - - -
na het logje te controleren vermoed ik dat dit de boosdoener kan zijn "fddajwfu.exe "
-
Eventjes weggeweest.
Alles werkt terug.
malware gedraaid en cc cleaner en niks meer gevonden.hartelijk dank voor de hulp
-
heb het ukash virus vast , heb al een hijack this logje gemaakt.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:07, on 11/10/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Safe mode
Running processes:
C:\antivirussen\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [update] C:\Users\Philip\AppData\Roaming\moursno.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8499 bytes
heb malwarebytes gedraaid en die heeft niets gevonden
Hartelijk dank voor de hulp
-
Hartelijk dank voor de hulp . De pc werkt terug
-
hierbij de logjes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:00:37, on 3/09/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\antivirussen\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11376 bytes
Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware download
Databaseversie: v2012.09.03.07
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Philip :: ENTERPRISE [administrator]
3/09/2012 19:35:36
mbam-log-2012-09-03 (19-35-36).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 195754
Verstreken tijd: 9 minuut/minuten, 59 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:\Users\Philip\AppData\Roaming\hleo32.exe (Trojan.Phex.THAGen6) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
hartelijk dank.
welke antivirusprogrammas houden dit in feite tegen , nu gebruik ik avg
-
Hoi
even hulp vragen , heb het ukash virus vast .
de pc start op in safe mode niet innormale mode.
heb de kaspersky rescuedisk geprobeert , maar die crasht.
hieronder volgt dan een hijack this logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:37:03, on 2/09/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Safe mode
Running processes:
C:\antivirussen\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [update] C:\Users\Philip\AppData\Roaming\hleo32.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10598 bytes
hartelijk dank voor de help
-
Hoi
bedankt voor alle hulp , de pc werkt weer .
Voor het ogenblik gebruik ik free avg , bestaat er een betere en ook gratis virusscanner??
-
Heb het lijntje kunnen verwijderen in safe mode
hier het laatste logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:17:04, on 21/06/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\antivirussen\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MacDrive 9 service (MacDrive9Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11318 bytes
hartelijk dank
gebruikers acount kopieren
in Archief Windows Algemeen
Geplaatst:
Hoi
ik wilde gewoon tweemaal dezelfde account hebben maar een met admin rechten en een zonder admin rechten .
Groetjes
philip