Sarah
-
Items
6.829 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door Sarah
-
Website van vakbond CNV verwijst naar malware
Sarah reageerde op Maxstar's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Conrad.nl besmet met malware
Sarah reageerde op Maxstar's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen.
-
Ransomware dwingt Windows-gebruiker tot enquête
Sarah reageerde op Jion's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen.
-
Twee kritieke gaten in Internet Explorer
Sarah reageerde op kape's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen.
-
ICS enquete blijkt phishingaanval op creditcardhouders
Sarah reageerde op Asus's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je op- of aanmerkingen op dit artikel uit ons “ICT-nieuws” of wil je eens je “ongezouten” mening kwijt, klik dan op “reageren” en zet in het blanco bericht je bedenkingen of reacties. -
DDoS-aanval Nederland teistert veel bedrijven
Sarah reageerde op Maxstar's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Graag even controle na besmetting spyware
Sarah reageerde op Sarah's topic in Archief Bestrijding malware & virussen
beetje laat antwoord wegens ziekte, maar uiteindelijk heb ik een chkdsk uitgevoerd en deze freest na het repairen van IE. dit lijkt me een defecte HD te zijn precies... intussen aan het backuppen geslagen -
Cyberoorlog met een miljoen Belgische pc's
Sarah reageerde op Maxstar's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Kwetsbaarheden in Google Chrome verholpen
Sarah reageerde op juisterr's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
De grootste zwakte van een wachtwoord is het hergebruik
Sarah reageerde op kape's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Graag even controle na besmetting spyware
Sarah reageerde op Sarah's topic in Archief Bestrijding malware & virussen
Helaas niet, windows update doet nog steeds wat vreemd, ben nu 1 per 1 de updates aan het uitvoeren om na te gaan welke problemen geeft PC werkt heel goed en vlot met uitzondering van IE waarbij de pc nog steeds compleet vastloopt na het openen. Alle andere programma's werken prima... Vreemd -
Graag even controle na besmetting spyware
Sarah reageerde op Sarah's topic in Archief Bestrijding malware & virussen
Oeps, te snel gelezen; Hierbij de correcte log ComboFix 13-03-23.01 - user 24/03/2013 9:29.3.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.875 [GMT 1:00] Gestart vanuit: c:\users\user\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2013-02-24 to 2013-03-24 )))))))))))))))))))))))))))))) . . 2013-03-24 08:48 . 2013-03-24 08:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-23 14:30 . 2012-11-03 01:41 53248 ----a-w- c:\windows\system32\CSVer.dll 2013-03-23 14:21 . 2013-03-23 14:21 -------- d-----w- c:\windows\system32\RTCOM 2013-03-23 14:19 . 2009-11-24 15:55 140528 ----a-w- c:\windows\system32\SRSWOW.dll 2013-03-23 14:19 . 2009-11-24 15:55 345328 ----a-w- c:\windows\system32\SRSTSXT.dll 2013-03-23 14:19 . 2012-12-26 02:37 2568800 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys 2013-03-23 14:19 . 2012-12-13 00:50 1592544 ----a-w- c:\windows\system32\RTSndMgr.cpl 2013-03-23 14:19 . 2012-12-06 16:24 2486928 ----a-w- c:\windows\system32\RtkPgExt.dll 2013-03-23 14:16 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2013-03-23 14:16 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2013-03-23 14:16 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2013-03-23 14:16 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2013-03-23 14:16 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2013-03-23 14:16 . 2013-03-23 14:16 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2013-03-23 14:16 . 2013-03-23 14:16 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2013-03-23 13:59 . 2009-12-17 08:15 114688 ----a-w- c:\windows\system32\RicohMediadriverVer.dll 2013-03-23 13:59 . 2009-06-25 15:58 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys 2013-03-23 13:59 . 2009-06-25 15:25 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys 2013-03-23 13:59 . 2009-06-25 15:10 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys 2013-03-23 13:59 . 2007-07-25 11:48 172032 ----a-w- c:\windows\system32\rixdicon.dll 2013-03-23 13:50 . 2012-11-09 20:25 80488 ----a-w- c:\windows\system32\RtNicProp32.dll 2013-03-23 13:50 . 2012-11-09 20:25 454288 ----a-w- c:\windows\system32\drivers\Rtlh86.sys 2013-03-23 13:50 . 2012-11-09 20:25 100896 ----a-w- c:\windows\system32\RTNUninst32.dll 2013-03-23 13:47 . 2013-03-23 13:47 -------- d-----w- c:\program files\AGEIA Technologies 2013-03-23 13:46 . 2013-03-23 13:46 -------- d-----w- c:\users\UpdatusUser 2013-03-23 13:45 . 2013-02-10 00:35 2555168 ----a-w- c:\windows\system32\nvsvcr.dll 2013-03-23 13:44 . 2013-02-10 03:20 53024 ----a-w- c:\windows\system32\OpenCL.dll 2013-03-23 13:43 . 2013-03-23 13:43 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-03-23 13:41 . 2013-02-10 03:20 12862400 ----a-w- c:\windows\system32\nvwgf2um.dll 2013-03-23 13:41 . 2013-02-10 03:20 6267240 ----a-w- c:\windows\system32\nvopencl.dll 2013-03-23 13:41 . 2013-02-10 03:20 8944416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-03-23 13:41 . 2013-02-10 03:20 20534560 ----a-w- c:\windows\system32\nvoglv32.dll 2013-03-23 13:41 . 2013-02-10 03:20 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll 2013-03-23 13:41 . 2013-02-10 03:20 7964680 ----a-w- c:\windows\system32\nvcuda.dll 2013-03-23 13:41 . 2013-02-10 03:20 2726176 ----a-w- c:\windows\system32\nvcuvid.dll 2013-03-23 13:41 . 2013-02-10 03:20 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-03-23 13:41 . 2013-02-10 03:20 17560352 ----a-w- c:\windows\system32\nvcompiler.dll 2013-03-23 13:41 . 2013-02-10 03:20 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll 2013-03-23 13:40 . 2013-03-23 13:47 -------- d-----w- c:\program files\NVIDIA Corporation 2013-03-23 13:39 . 2013-03-23 13:39 -------- d-----w- C:\NVIDIA 2013-03-23 13:37 . 2013-03-23 13:37 -------- d-----w- c:\program files\Common Files\LogiShrd 2013-03-23 13:36 . 2013-03-23 13:37 -------- d-----w- c:\users\user\AppData\Roaming\Logishrd 2013-03-23 13:36 . 2013-03-23 13:36 -------- d-----w- c:\users\user\AppData\Roaming\Logitech 2013-03-23 13:32 . 2013-03-23 13:50 -------- d-----w- c:\program files\Realtek 2013-03-23 13:31 . 2013-03-23 14:24 -------- d--h--w- c:\program files\Temp 2013-03-23 13:26 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-03-23 13:26 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-03-23 13:17 . 2013-03-19 04:50 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{086A54D8-F278-4E92-A95D-9E1BAC91E87E}\mpengine.dll 2013-03-23 13:13 . 2013-03-23 13:22 -------- d-----w- c:\programdata\DriverGenius 2013-03-23 12:25 . 2013-03-23 12:12 24064 ----a-w- c:\windows\zoek-delete.exe 2013-03-23 12:25 . 2013-03-24 08:48 -------- d-----w- c:\users\user\AppData\Local\Temp 2013-03-22 17:42 . 2013-03-22 17:42 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-03-22 17:42 . 2013-03-22 17:42 -------- d-----w- c:\program files\Symantec 2013-03-22 17:40 . 2013-03-22 17:40 -------- d-----w- c:\windows\system32\drivers\N360 2013-03-22 17:40 . 2013-03-22 17:40 -------- d-----w- c:\program files\Norton 360 2013-03-22 17:40 . 2013-03-22 17:40 -------- d-----w- c:\program files\NortonInstaller 2013-03-22 15:03 . 2013-03-22 15:18 -------- d-----w- c:\program files\Windows Live 2013-03-22 15:01 . 2013-03-22 15:01 -------- d-----w- c:\users\user\AppData\Local\Windows Live 2013-03-22 15:01 . 2013-03-22 15:01 -------- d-----w- c:\program files\Common Files\Windows Live 2013-03-22 14:58 . 2013-03-22 14:58 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-22 14:55 . 2013-03-22 14:55 -------- d-----w- c:\users\Default\AppData\Roaming\hpqLog 2013-03-22 14:54 . 2009-04-29 06:46 15872 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys 2013-03-22 14:54 . 2006-11-02 05:09 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll 2013-03-22 14:52 . 2013-03-22 14:53 -------- d-----w- c:\windows\QLB 2013-03-22 14:36 . 2013-03-22 14:36 -------- d-----w- c:\users\user\AppData\Roaming\Apple Computer 2013-03-22 14:27 . 2013-03-22 14:27 -------- d-----w- c:\program files\Common Files\Adobe 2013-03-22 14:15 . 2013-03-22 14:14 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-22 14:15 . 2013-03-22 14:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-17 08:48 . 2013-03-17 08:48 658512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2013-03-16 06:30 . 2013-03-16 06:30 4546560 ----a-w- c:\windows\system32\GPhotos.scr 2013-03-06 19:01 . 2013-03-06 19:01 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2013-03-06 19:01 . 2013-03-06 19:01 -------- d-----w- c:\programdata\Malwarebytes 2013-03-06 18:53 . 2013-03-06 18:53 -------- d-----w- c:\program files\CCleaner 2013-03-06 17:52 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-23 14:19 . 2007-05-20 02:24 319456 ----a-w- c:\windows\DIFxAPI.dll 2013-03-22 15:03 . 2011-03-28 17:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-03-22 14:14 . 2010-10-21 18:27 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-22 13:56 . 2013-01-04 07:45 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-22 13:56 . 2012-01-10 15:35 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-10 03:20 . 2007-05-01 10:27 2528840 ----a-w- c:\windows\system32\nvapi.dll 2013-02-10 03:20 . 2007-05-01 10:27 15038296 ----a-w- c:\windows\system32\nvd3dum.dll 2013-02-10 00:35 . 2009-10-03 09:40 4115232 ----a-w- c:\windows\system32\nvcpl.dll 2013-02-10 00:35 . 2009-10-03 09:40 3010336 ----a-w- c:\windows\system32\nvsvc.dll 2013-02-10 00:35 . 2009-10-03 09:40 634144 ----a-w- c:\windows\system32\nvvsvc.exe 2013-02-10 00:35 . 2009-10-03 09:40 62752 ----a-w- c:\windows\system32\nvshext.dll 2013-02-10 00:35 . 2009-10-03 09:40 223008 ----a-w- c:\windows\system32\nvmctray.dll 2013-01-17 00:28 . 2009-10-02 15:53 232336 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-19 1697064] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-12-13 11734240] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400] . c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2009-5-25 44176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-04 13:56] . 2013-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-629475202-1314957950-352360048-1000Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 12:34] . 2013-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-629475202-1314957950-352360048-1000UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 12:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=73&bd=Pavilion&pf=laptop mWindow Title = Telenet Internet IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 195.130.131.2 195.130.130.130 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-03-24 09:48 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.3.0.36\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'lsass.exe'(788) c:\program files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll c:\program files\Bioscrypt\VeriSoft\Bin\ItMsg.dll . - - - - - - - > 'Explorer.exe'(1848) c:\windows\system32\ieframe.dll . Voltooingstijd: 2013-03-24 09:54:52 ComboFix-quarantined-files.txt 2013-03-24 08:54 ComboFix2.txt 2013-03-23 16:23 . Pre-Run: 65.117.024.256 bytes beschikbaar Post-Run: 64.566.976.512 bytes beschikbaar . - - End Of File - - 1F91DE8F2D5C2CD4613BE737BF2C189E -
Graag even controle na besmetting spyware
Sarah reageerde op Sarah's topic in Archief Bestrijding malware & virussen
hierbij het logje van combofix: -
Graag even controle na besmetting spyware
Sarah reageerde op Sarah's topic in Archief Bestrijding malware & virussen
Hierbij het logje van zoek: Zoek.exe Version 4.0.0.2 Updated 20-03-2013 Tool run by user on za 23/03/2013 at 13:12:33,05. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\System32\svchost.exe -k Cognizance C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\wuauclt.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\RacAgent.exe C:\Users\user\Downloads\zoek (1).exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.0) - Nederlands Apple Application Support Apple Software Update AuthenTec Fingerprint Sensor Minimum Install Belgium e-ID middleware 3.5.2 (build 5775) CCleaner D3DX10 ePainter ESU for Microsoft Vista Google Chrome Google Toolbar for Internet Explorer Hewlett-Packard Active Check Hewlett-Packard Asset Agent Home'Bank Light 3.3.3 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Active Support Library 32 bit components HP Customer Experience Enhancements HP Doc Viewer HP Easy Setup - Frontend HP Help and Support HP Photosmart Essential 2.0 HP Photosmart Essential2.5 HP Product Detection HP Quick Launch Buttons HP QuickPlay 3.2 HP Update HP User Guides 0057 HP Wireless Assistant Intel Matrix Storage Manager Java 7 Update 17 Java Auto Updater Java(TM) 6 Update 24 Java(TM) 6 Update 5 Java(TM) SE Runtime Environment 6 Kruidvat fotoservice LightScribe 1.4.136.1 Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Motorola SM56 Data Fax Modem MSCU for Microsoft Vista MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton 360 NVIDIA Drivers Off-linediensten van Home'Bank 4.55 OGA Notifier 2.0.0048.0 OMNIKEY 3x21 PC/SC Driver PHOTOfunSTUDIO Picasa 3 PSSWCORE PVSonyDll QLBCASL QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Segoe UI Spelling Dictionaries Support For Adobe Reader 8 Synaptics Pointing Device Driver Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) VeriSoft Access Manager Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Yahoo Install Manager ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-03-22 14:51:19 E185BDA84E5F03F4E1D8DCA30E209277 1912 ----a-w- C:\Windows\epplauncher.mif ====== C:\Users\user\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== 2013-03-22 14:15:21 350C713C2D9B9F5549C50A8D3924E789 94112 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll ====== C:\Windows\system32\drivers ===== 2013-03-22 17:42:26 C940F10C31E2C60CC967FFD6A370720C 142496 ----a-w- C:\Windows\System32\drivers\SYMEVENT.SYS 2013-03-22 17:42:26 8378774ABC9CAA2C60B298AE0C084FB7 7446 ----a-w- C:\Windows\System32\drivers\SYMEVENT.CAT 2013-03-22 17:42:26 2A8DCC2EC2AC5C0588F818B16E606CED 806 ----a-w- C:\Windows\System32\drivers\SYMEVENT.INF 2013-03-22 14:58:27 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf 2013-03-22 14:58:21 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2013-03-22 14:54:23 1210960FF8928950D2A786895B0C424A 15872 ----a-w- C:\Windows\System32\drivers\HpqKbFiltr.sys 2013-03-22 14:54:18 F9CF2DB8B99DC50EAB538C4D860AC1A4 1419232 ----a-w- C:\Windows\System32\drivers\wdfcoinstaller01005.dll ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-03-22 15:03:00 -------- d-----w- C:\Program Files\Windows Live 2013-03-22 15:01:08 -------- d-----w- C:\Program Files\Common Files\Windows Live 2013-03-22 14:58:39 -------- d-----w- C:\Program Files\Microsoft Silverlight 2013-03-22 14:27:30 -------- d-----w- C:\Program Files\Common Files\Adobe ======= C: ===== ====== C:\Users\user\AppData\Roaming ====== 2013-03-22 15:01:08 -------- d-----w- C:\users\user\AppData\Local\Windows Live 2013-03-22 14:36:41 -------- d-----w- C:\users\user\AppData\Roaming\Apple Computer 2013-03-06 19:40:27 -------- d-----w- C:\users\Public\AppData\Local\temp 2013-03-06 19:40:27 -------- d-----w- C:\users\Default\AppData\Local\temp 2013-03-06 19:40:27 -------- d-----w- C:\users\Default User\AppData\Local\temp ====== C:\Users\user ====== 2013-03-06 19:40:27 -------- d-----w- C:\Users\Public\AppData ====== C: exe-files == 2013-03-22 17:32:23 FF37C6486D870F62C47DEBFF5C1A604D 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$IZGFDFM.exe 2013-03-22 17:32:23 F988358FC173A31B447275B6EA71F009 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$ITLT8XP.exe 2013-03-22 17:32:23 EB6C54AC4A7594D14A546680EDA77657 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$INSGQ5E.exe 2013-03-22 17:32:23 BAD4847476B1252B6EF443BE0F59F68F 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$IVO3O64.exe 2013-03-22 17:32:23 A90535139410BCC7197DD9713EE4E1A8 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$IM9K1PZ.exe 2013-03-22 17:32:23 905879806FD954F6E40E58FCEF829A09 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$IXFP653.exe 2013-03-22 17:32:23 7F4C5D39FB3BBEAC8B6B39D5ABBBE431 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$IRG4F1W.exe 2013-03-22 17:32:23 7DEEFEE2188D2506E41B746F7E538786 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$IR6H5LP.exe 2013-03-22 17:32:23 61F9C1FAD5EC028FEE355B66AF6F3727 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$IYJDL4P.exe 2013-03-22 17:32:23 612CDE3D4FC9837D8C504DFA839B6318 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$I8AMCPJ.exe 2013-03-22 17:32:23 33BAC8260300E6BF0EC6EF172BD01D4F 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$I49ZVUQ.exe 2013-03-22 17:29:33 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$R8AMCPJ.exe 2013-03-22 17:29:04 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$RYJDL4P.exe 2013-03-22 16:59:03 4A12C07706198CE458A3058365BC1F23 25440552 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$RR6H5LP.exe 2013-03-22 14:09:13 4FFA3B1326379078CEB4AD000F9CBD95 896928 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$RVO3O64.exe 2013-03-22 14:09:13 4FFA3B1326379078CEB4AD000F9CBD95 896928 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$RRG4F1W.exe 2013-03-22 14:07:31 4FFA3B1326379078CEB4AD000F9CBD95 896928 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$RZGFDFM.exe === C: other files == 2013-03-22 17:32:23 E345C349CF6686208349637AD98A9929 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$I5CQW15.zip 2013-03-22 17:32:23 2FA4917CBBFAAEC9FD151F10260D5518 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-629475202-1314957950-352360048-1000\$IHCDTMO.zip 2013-03-22 14:54:23 9AF482D058BE59CC28BCE52E7C4B747C 18432 ----a-w- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqkbDrivers\HpqKbFiltr64.sys 2013-03-22 14:54:23 1210960FF8928950D2A786895B0C424A 15872 ----a-w- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqkbDrivers\HpqKbFiltr.sys 2013-03-22 14:54:18 7DAD592A4D28092D584CFB4DEEF1373D 9344 ----a-w- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\BtnDriver\CPQBttn.sys 2013-03-22 14:54:17 E53D53D66D61794AF8160741946D0B43 9088 ----a-w- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\RemoteDriver\amd64\HpqRemHid.sys 2013-03-22 14:54:17 115C0933B3ED51DFBEC4449348C8065B 7168 ----a-w- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\RemoteDriver\i386\HpqRemHid.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-629475202-1314957950-352360048-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" "RtHDVCpl"="RtHDVCpl.exe" "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" "CognizanceTS"="rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule" "beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start" "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "hpWirelessAssistant"="%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "WAWifiMessage"="%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Startup Folders ====================== 2010-07-10 09:06:32 1115 ----a-w- C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2009-05-25 20:59:23 1819 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22/03/2013 14:56] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-629475202-1314957950-352360048-1000Core.job --a------ C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [11/11/2011 13:34] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-629475202-1314957950-352360048-1000UA.job --a------ C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [11/11/2011 13:34] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton 360\Engine\20.3.0.36\Exts\Chrome.crx[13/02/2013 20:02] HP Product Detection Plugin - user - Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp Norton Identity Protection - user - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=73&bd=Pavilion&pf=laptop" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://breedband.telenet.be" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=73&bd=Pavilion&pf=laptop" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Empty IE Cache ====================== C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\user\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\user\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found Wat werkt er nog niet: - Internet Explorer: ganse pc freezed hierna en is onhandelbaar - windows update, geeft bij elke reboot melding dat er foutieve updates zijn en hersteld deze -
Graag even controle na besmetting spyware
Sarah plaatste een topic in Archief Bestrijding malware & virussen
Hoi Collegas, kunnen jullie even volgend HJT Logje analyseren aub? Het gaat om een pc van een kennis waar waarschijnlijk door spyware niet meer gesurft kon worden. Ik heb even basisschoonmaak gehouden, maar graag even jullie uitgebreid advies om deze pc wat schoon te maken Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:29:50, on 22/03/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wuauclt.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\user\Downloads\HijackThis (1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-be.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8819 bytes -
Microsoft dicht vier kritieke Windows-lekken
Sarah reageerde op kape's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Belgen gaan laks om met wachtwoord
Sarah reageerde op kape's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Ransomware gijzelt pc via Windows PowerShell
Sarah reageerde op kape's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Hoe malware creditcarddata uit browsers steelt (video)
Sarah reageerde op kape's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Android-malware valt ING-klanten aan
Sarah reageerde op kape's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Valse pizzabestelling bezorgt malware
Sarah reageerde op kape's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen. -
Mac-backdoor zet screenshots op Microsoft forum
Sarah reageerde op kape's topic in Archief Waarschuwingen i.v.m. besmettingen
Heb je opmerkingen of vragen over deze "Waarschuwing", post deze dan in de passende forumonderdelen.
