glennbeerten
-
Items
21 -
Registratiedatum
-
Laatst bezocht
glennbeerten's prestaties
-
Oké, dan moet ik terug Openoffice op m'n laptop instaleren en office verwijderen.. Nieuwe driver van de grafische kaart heb ik zojuist geïnstalleerd.
-
Dat weet ik niet, Office heeft een kennis er op gezet. Kan dat het probleem zijn?
-
Neen, dit is geen illegale versie van Windows, deze stond reeds op mijn laptop toen ik deze ca. een half jaar geleden nieuw kocht..
-
zie onderstaande link: http://speccy.piriform.com/results/nqljlj6aEvpyzsT5wRyi7KY
-
Bedankt voor de snelle reactie, In bijlage het txt bestand. bluescreen glenn.txt
-
Beste, De laatste weken krijg ik geregeld een blauw scherm met de melding: SYSTEM THREAD EXCEPTION NOT HANDLED (atikmdag.sys) Wat kan ik hier tegen doen? Alvast bedankt!
-
HiJackThis-log
glennbeerten reageerde op glennbeerten's topic in Archief Bestrijding malware & virussen
de laptop werkt weer op normale snelheid, Dank hiervoor! -
HiJackThis-log
glennbeerten reageerde op glennbeerten's topic in Archief Bestrijding malware & virussen
ComboFix 13-08-19.02 - Gebruiker 20/08/2013 14:20:07.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3835.2415 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Webteh c:\program files (x86)\Webteh\BSPlayer\bplay.exe c:\program files (x86)\Webteh\BSPlayer\bslib\bslib.dll c:\program files (x86)\Webteh\BSPlayer\bspadmin.exe c:\program files (x86)\Webteh\BSPlayer\bspfilters.sam c:\program files (x86)\Webteh\BSPlayer\bsplay.exe c:\program files (x86)\Webteh\BSPlayer\bsplayer.exe c:\program files (x86)\Webteh\BSPlayer\bsplayer.exe.manifest c:\program files (x86)\Webteh\BSPlayer\bsrendv2.dll c:\program files (x86)\Webteh\BSPlayer\changes.txt c:\program files (x86)\Webteh\BSPlayer\codecmanager.exe c:\program files (x86)\Webteh\BSPlayer\doc\cmdline.txt c:\program files (x86)\Webteh\BSPlayer\doc\ini_files.html c:\program files (x86)\Webteh\BSPlayer\insfiles\BSplayer.xml c:\program files (x86)\Webteh\BSPlayer\insfiles\BSPMLIB.DAT c:\program files (x86)\Webteh\BSPlayer\insfiles\BSPMLIB2.DAT c:\program files (x86)\Webteh\BSPlayer\insfiles\EQ.xml c:\program files (x86)\Webteh\BSPlayer\lang\Arabic.lng c:\program files (x86)\Webteh\BSPlayer\lang\Arabic2.lng c:\program files (x86)\Webteh\BSPlayer\lang\Belarusian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Bosnian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Breton.lng c:\program files (x86)\Webteh\BSPlayer\lang\Bulgarian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Catalan.lng c:\program files (x86)\Webteh\BSPlayer\lang\Chinese_Simplified.lng c:\program files (x86)\Webteh\BSPlayer\lang\Chinese_Traditional.lng c:\program files (x86)\Webteh\BSPlayer\lang\Croatian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Czech.lng c:\program files (x86)\Webteh\BSPlayer\lang\Danish.lng c:\program files (x86)\Webteh\BSPlayer\lang\Dutch.lng c:\program files (x86)\Webteh\BSPlayer\lang\English.lng c:\program files (x86)\Webteh\BSPlayer\lang\Esperanto.lng c:\program files (x86)\Webteh\BSPlayer\lang\Estonian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Finnish.lng c:\program files (x86)\Webteh\BSPlayer\lang\French.lng c:\program files (x86)\Webteh\BSPlayer\lang\Galician.lng c:\program files (x86)\Webteh\BSPlayer\lang\German.lng c:\program files (x86)\Webteh\BSPlayer\lang\Greek.lng c:\program files (x86)\Webteh\BSPlayer\lang\Hebrew.lng c:\program files (x86)\Webteh\BSPlayer\lang\Hungarian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Italian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Japanese.lng c:\program files (x86)\Webteh\BSPlayer\lang\lang_changes.txt c:\program files (x86)\Webteh\BSPlayer\lang\Latvian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Lithuanian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Macedonian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Norwegian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Polish.lng c:\program files (x86)\Webteh\BSPlayer\lang\Portuguese.lng c:\program files (x86)\Webteh\BSPlayer\lang\Portuguese_Brazilian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Romanian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Russian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Serbian (Cyrillic).lng c:\program files (x86)\Webteh\BSPlayer\lang\Serbian (Latin).lng c:\program files (x86)\Webteh\BSPlayer\lang\Slovak.lng c:\program files (x86)\Webteh\BSPlayer\lang\Slovenian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Spanish.lng c:\program files (x86)\Webteh\BSPlayer\lang\Swedish.lng c:\program files (x86)\Webteh\BSPlayer\lang\Turkish.lng c:\program files (x86)\Webteh\BSPlayer\lang\Ukrainian.lng c:\program files (x86)\Webteh\BSPlayer\lang\Uzbek.lng c:\program files (x86)\Webteh\BSPlayer\lang\Valencià.lng c:\program files (x86)\Webteh\BSPlayer\mmkeybsupp.dll c:\program files (x86)\Webteh\BSPlayer\plugins\oldskin.dll c:\program files (x86)\Webteh\BSPlayer\sdk\bsp.h c:\program files (x86)\Webteh\BSPlayer\sdk\bsp.pas c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\bspplg.h c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\bspplg.pas c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\Sample\sample_plugin.def c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\Sample\sample_plugin.dsp c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\Sample\sample_plugin.dsw c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\Sample\sampleplugin.c c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\sample_subtitles\sample_sub.c c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\sample_subtitles\sample_sub.def c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\sample_subtitles\sample_subtitles.dsp c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\sample_subtitles\sample_subtitles.dsw c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\Delphi\sample\sample_plugin.dpr c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\Delphi\sample_subtitles\sample_sub.dpr c:\program files (x86)\Webteh\BSPlayer\Skins\Base\actaspbg.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\actsubbg.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\actsubpbg.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\actvolbg.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b1n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b1u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b2n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b2u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b3a.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b3d.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b3n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b3u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b4a.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b4d.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b4n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b4u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b5a.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b5d.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b5n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b5u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b6n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b7n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b8.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b8n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\balbtnn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btn_dn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btn_ln.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btn_rn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btn_un.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btncolorn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btngrp1bg.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btnmenun.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btnmenuu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eq.ini c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eqbtn1a.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eqbtn1n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eqbtn2n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eqbtn2u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eqbtnn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eqmain.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn1n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn1u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn2n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn2u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn3n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn3u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn4n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn4u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exaudioa.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exaudion.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exaudiou.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn1n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn1u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn2n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn2u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn3n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn3u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn4n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn4u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdvda.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdvdn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdvdu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exitn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exitu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exradioa.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exradion.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exradiou.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\extbg.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\extva.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\extvn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\extvu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn1a.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn1n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn2n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn2u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn3n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn3u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn4n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn4u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn5n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn5u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn6n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn6u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn7n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn7u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn8n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn8u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvideoa.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvideon.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvideou.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsactbg.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb1d.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb1n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb1u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb2d.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb2n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb2u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb3d.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb3n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb3u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb4d.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb4n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb4u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb5d.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb5n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb5u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsmain.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsn.BMP c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsnextd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsnextn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsnextu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsopend.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsopenn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsopenu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fspaused.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fspausen.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fspauseu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsplayd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsplayn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsplayu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsprevd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsprevn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsprevu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsseek.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsseeku.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsstopd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsstopn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsstopu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\grp2.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\main.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\arr2n.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\arr2u.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\arrn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\arru.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\audiosec.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\audiosec_big.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\bgmedia.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\bottomsec.ini c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnaddn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnaddpln.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnclosed.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnclosen.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btncloseu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnmaxd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnmaxn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnmaxu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnmind.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnminn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnminu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnnextd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnnextn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnnextu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnpaused.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnpausen.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnpauseu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnplayd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnplayn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnplayu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnprevd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnprevn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnprevu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrefresha.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrefreshn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrepa.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrepn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrestd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrestn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrestu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnshufa.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnshufn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\busy.mng c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ctrlsimg.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\dvdsec.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\dvdsec_big.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\edb.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ede.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\img_bar1.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ltbm.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\main.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\media_tv_sep_top.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_adddn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_adddu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_addfln.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_addflu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_addfn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_addfu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_addln.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_addlu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_pausen.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_pauseu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_playn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_playu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_refrn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_refru.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_video_defaultbg.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\othersec.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\pic_place.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\podsec.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\podsec_big.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\radiosec.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\radiosec_big.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\searchbtn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\seek.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\seekbg.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\seekbtnd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\seekbtnn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\seekbtnu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\skin.ini c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\thumbaudio.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\thumbbg.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\thumbbga.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\tvsec.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\tvsec_big.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\videosec.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\videosec_big.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\volume.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\minimizen.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\minimizeu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\mutea.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\muted.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\muten.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\muteu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\nextd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\nextn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\nextu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\opend.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\openn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\openu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\paused.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\pausen.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\pauseu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\playd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\playn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\playu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\plist.ini c:\program files (x86)\Webteh\BSPlayer\Skins\Base\prevd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\prevn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\prevu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\rgn.dat c:\program files (x86)\Webteh\BSPlayer\Skins\Base\rgnfs.dat c:\program files (x86)\Webteh\BSPlayer\Skins\Base\seek.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\seeku.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\skin.ini c:\program files (x86)\Webteh\BSPlayer\Skins\Base\skinfs.ini c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_closed.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_closen.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_closeu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_maxd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_maxn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_maxu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_mind.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_minn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_minu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\smenud.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\smenun.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\smenuu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\stopd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\stopn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\stopu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\voldd.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\voldn.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\voldu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\volud.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\volume.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\volun.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Base\voluu.bmp c:\program files (x86)\Webteh\BSPlayer\Skins\Bat lite.bsz c:\program files (x86)\Webteh\BSPlayer\Skins\BSplayer.v1.bsz c:\program files (x86)\Webteh\BSPlayer\Skins\mediaBOX v-1.bsz c:\program files (x86)\Webteh\BSPlayer\Skins\MediaBOX V-2.bsz c:\program files (x86)\Webteh\BSPlayer\uninstall.EXE c:\users\Gebruiker\AppData\Roaming\BSplayer Pro c:\users\Gebruiker\AppData\Roaming\BSplayer Pro\BSplayer.xml c:\users\Gebruiker\AppData\Roaming\BSplayer Pro\EQ.xml c:\users\Gebruiker\AppData\Roaming\BSplayer c:\users\Gebruiker\AppData\Roaming\BSplayer\bslib\BSPMLIB.DAT c:\users\Gebruiker\AppData\Roaming\BSplayer\bslib\BSPMLIB2.DAT c:\users\Gebruiker\AppData\Roaming\BSplayer\BSplayer.xml c:\users\Gebruiker\AppData\Roaming\BSplayer\bsplist.bsl c:\users\Gebruiker\AppData\Roaming\BSplayer\EQ.xml . . (((((((((((((((((((( Bestanden Gemaakt van 2013-07-20 to 2013-08-20 )))))))))))))))))))))))))))))) . . 2013-08-20 12:33 . 2013-08-20 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-19 13:59 . 2013-08-19 13:59 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-08-19 13:59 . 2013-08-19 13:59 -------- d-----w- c:\program files (x86)\Trend Micro . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-19 08:06 . 2012-02-18 00:57 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-08-18 09:32 . 2013-02-04 12:14 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-06-14 15:34 . 2012-11-10 15:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-14 15:34 . 2011-12-16 09:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-05 03:34 . 2013-07-11 05:47 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 06:00 . 2013-07-11 05:47 624128 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 04:53 . 2013-07-11 05:47 509440 ----a-w- c:\windows\SysWow64\qedit.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616] "Facebook Update"="c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-21 138096] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-08-18 2314416] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] . c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-7-1 1945128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x] R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys;c:\windows\SYSNATIVE\DRIVERS\dvmio.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [x] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x] S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 15:34] . 2013-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954901341-383252444-2500990738-1000Core.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-14 17:25] . 2013-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954901341-383252444-2500990738-1000UA.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-14 17:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-12-16 171520] "HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.be/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.130.3 195.130.131.3 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\966tnf13.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={31BAF64C-ECA8-4095-A41B-2647037B7BB3}&mid=608ff1477af347d1be571943ef5ea3e4-a02703f07077a19be9159f751d22ed12fb2a9109〈=nl&ds=AVG&pr=fr&d=2013-02-04 13:14&pid=avg&sg=0&v=15.3.0.11&sap=ku&q= . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) AddRemove-BSPlayerf - c:\program files (x86)\Webteh\BSPlayer\uninstall.exe AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1954901341-383252444-2500990738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1954901341-383252444-2500990738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-08-20 14:51:08 ComboFix-quarantined-files.txt 2013-08-20 12:51 ComboFix2.txt 2013-08-20 10:38 . Pre-Run: 329.743.568.896 bytes beschikbaar Post-Run: 329.674.694.656 bytes beschikbaar . - - End Of File - - FD5B703513A8A0A32FC03F9A7AD20C8A A36C5E4F47E84449FF07ED3517B43A31 -
HiJackThis-log
glennbeerten reageerde op glennbeerten's topic in Archief Bestrijding malware & virussen
ComboFix 13-08-19.02 - Gebruiker 20/08/2013 12:26:07.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3835.1721 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\pt c:\windows\SysWow64\pt\DPCrProv.dll.mui c:\windows\SysWow64\pt\DPFPApiUI.dll.mui c:\windows\SysWow64\pt\DPPassFilter.dll.mui . . (((((((((((((((((((( Bestanden Gemaakt van 2013-07-20 to 2013-08-20 )))))))))))))))))))))))))))))) . . 2013-08-20 10:34 . 2013-08-20 10:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-19 13:59 . 2013-08-19 13:59 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-08-19 13:59 . 2013-08-19 13:59 -------- d-----w- c:\program files (x86)\Trend Micro 2013-07-28 18:09 . 2013-07-28 18:12 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\BSplayer 2013-07-28 18:09 . 2013-07-28 18:09 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\BSplayer Pro 2013-07-28 18:09 . 2013-07-28 18:09 -------- d-----w- c:\program files (x86)\Webteh . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-19 08:06 . 2012-02-18 00:57 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-08-18 09:32 . 2013-02-04 12:14 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-06-14 15:34 . 2012-11-10 15:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-14 15:34 . 2011-12-16 09:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-05 03:34 . 2013-07-11 05:47 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 06:00 . 2013-07-11 05:47 624128 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 04:53 . 2013-07-11 05:47 509440 ----a-w- c:\windows\SysWow64\qedit.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616] "Facebook Update"="c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-21 138096] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-08-18 2314416] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] . c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-7-1 1945128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x] R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys;c:\windows\SYSNATIVE\DRIVERS\dvmio.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [x] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x] S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 15:34] . 2013-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954901341-383252444-2500990738-1000Core.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-14 17:25] . 2013-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954901341-383252444-2500990738-1000UA.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-14 17:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-12-16 171520] "HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.be/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.130.3 195.130.131.3 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\966tnf13.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={31BAF64C-ECA8-4095-A41B-2647037B7BB3}&mid=608ff1477af347d1be571943ef5ea3e4-a02703f07077a19be9159f751d22ed12fb2a9109〈=nl&ds=AVG&pr=fr&d=2013-02-04 13:14&pid=avg&sg=0&v=15.3.0.11&sap=ku&q= . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1954901341-383252444-2500990738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1954901341-383252444-2500990738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-08-20 12:38:05 ComboFix-quarantined-files.txt 2013-08-20 10:38 . Pre-Run: 329.523.331.072 bytes beschikbaar Post-Run: 329.883.557.888 bytes beschikbaar . - - End Of File - - 5EE8E7A9144851DC4DBC485ECD22603C A36C5E4F47E84449FF07ED3517B43A31 -
Laptop is traag, zou iemand dit logje eens kunnen controleren? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:01:14, on 19/08/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16660) Boot mode: Normal Running processes: C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\ProgramData\Macrovision\FLEXnet Connect\6\agent.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: HP SimplePass Identity Protection Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13160 bytes alvast bedankt!
-
HiJackThis-log
glennbeerten reageerde op glennbeerten's topic in Archief Bestrijding malware & virussen
oké, het is weg nu, thanks. -
HiJackThis-log
glennbeerten reageerde op glennbeerten's topic in Archief Bestrijding malware & virussen
malwarebytes geeft echter wel deze log weer: Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2013.08.10.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Craeghs :: PORTCRAEGHS [administrator] 10/08/2013 16:31:45 MBAM-log-2013-08-10 (16-40-03).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 213869 Verstreken tijd: 3 minuut/minuten, 56 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Geen actie ondernomen. HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Geen actie ondernomen. Registerwaarden gedetecteerd: 1 HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Data: -> Geen actie ondernomen. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:\Users\Craeghs\Downloads\installer_total_audio_converter.exe (PUP.BundleInstaller.DT) -> Geen actie ondernomen. (einde) -
HiJackThis-log
glennbeerten reageerde op glennbeerten's topic in Archief Bestrijding malware & virussen
Momenteel ondervindt ik geen problemen meer. hartelijk bedankt! -
HiJackThis-log
glennbeerten reageerde op glennbeerten's topic in Archief Bestrijding malware & virussen
Zoek.exe Version 4.0.0.4 Updated 10-August-2013 Tool run by Craeghs on za 10/08/2013 at 14:18:44,12. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Craeghs\Downloads\zoek.exe [script inserted] ==== System Restore Info ====================== 10/08/2013 14:19:38 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1B90E85D-BB1F-4A8A-B82B-48F50E44A2F8} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B12D7E35-54D6-4FA6-9773-05BC0773FFB8} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully HKEY_CLASSES_ROOT\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\defaulttabupdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\defaulttabupdate deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default ---- Lines delta removed from prefs.js ---- user_pref("avg.install.userHPSettings", "http://www1.delta-search.com/?affid=1215612&babsrc=hp_ss&mntrid=425d0aa3c4b1ab36"); user_pref("avg.install.userSPSettings", "Delta Search"); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.id", "425d9bf50000000000000aa3c4b1ab36"); user_pref("extensions.delta.instlDay", "15799"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.10.0"); user_pref("extensions.delta.vrsni", "1.8.10.0"); user_pref("extensions.delta.vrsnTs", "1.8.10.022:08:38"); ---- Lines delta modified from prefs.js ---- ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "425d9bf50000000000000aa3c4b1ab36"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15799"); user_pref("extensions.delta.vrsn", "1.8.10.0"); user_pref("extensions.delta.vrsni", "1.8.10.0"); user_pref("extensions.delta.vrsnTs", "1.8.10.022:08:38"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines babylon removed from prefs.js ---- user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); user_pref("extensions.BabylonToolbar.dfltLng", "nl"); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.id", "425d9bf50000000000000aa3c4b1ab36"); user_pref("extensions.BabylonToolbar.instlDay", "15647"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.tlbrId", "base"); user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=425d9bf50000000000000aa3c4b1ab36&q="); user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.818:23:30"); ---- Lines babylon modified from prefs.js ---- ---- Lines babylon removed from user.js ---- user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=425d9bf50000000000000aa3c4b1ab36&q="); user_pref("extensions.BabylonToolbar.id", "425d9bf50000000000000aa3c4b1ab36"); user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); user_pref("extensions.BabylonToolbar.instlDay", "15647"); user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.818:23:30"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar.tlbrId", "base"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.dfltLng", "nl"); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.admin", false); ---- Lines search.com removed from prefs.js ---- ---- Lines search.com modified from prefs.js ---- ---- Lines search.com removed from user.js ---- ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from prefs.js ---- ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1373450314781,\"rdfTime\":1373450314750}}},{\"name\":\"app-profile\",\"addons\":{\"zoompage@DW-dev\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\zoompage@DW-dev.xpi\",\"mtime\":1376133423861},\"{33e0daa6-3af3-d8b5-6752-10e949c61516}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{33e0daa6-3af3-d8b5-6752-10e949c61516}\",\"mtime\":1354458030331,\"rdfTime\":1337563998000},\"{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}\",\"mtime\":1354457999561,\"rdfTime\":1351151260000},\"{ad708c09-d51b-45b3-9d28-4eba2681febf}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{ad708c09-d51b-45b3-9d28-4eba2681febf}\",\"mtime\":1376131539796,\"rdfTime\":1376131533726},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1376133286457},\"{66E978CD-981F-47DF-AC42-E3CF417C1467}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi\",\"mtime\":1376134351252}}}]"); ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from user.js ---- ---- Lines {ad708c09-d51b-45b3-9d28-4eba2681febf} removed from prefs.js ---- ---- Lines {ad708c09-d51b-45b3-9d28-4eba2681febf} modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1373450314781,\"rdfTime\":1373450314750}}},{\"name\":\"app-profile\",\"addons\":{\"zoompage@DW-dev\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\zoompage@DW-dev.xpi\",\"mtime\":1376133423861},\"{disabled}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{disabled}\",\"mtime\":1354458030331,\"rdfTime\":1337563998000},\"{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}\",\"mtime\":1354457999561,\"rdfTime\":1351151260000},\"{ad708c09-d51b-45b3-9d28-4eba2681febf}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{ad708c09-d51b-45b3-9d28-4eba2681febf}\",\"mtime\":1376131539796,\"rdfTime\":1376131533726},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1376133286457},\"{66E978CD-981F-47DF-AC42-E3CF417C1467}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi\",\"mtime\":1376134351252}}}]"); ---- Lines {ad708c09-d51b-45b3-9d28-4eba2681febf} removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_20131008_1428_.backup prefs_20131008_1428_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Deleting Files \ Folders ====================== "C:\ProgramData\jcipxsaerchkozh" deleted "C:\ProgramData\zddsribnbfcvarn" deleted "C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\delta.xml" deleted "C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\babylon.xml" deleted "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted "C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml" deleted "C:\Users\Craeghs\AppData\Roaming\cache.dat" deleted "C:\windows\SysNative\Tasks\DealPly" deleted "C:\ProgramData\dsgsdgdsgdsgw.pad" deleted "C:\windows\SysNative\Tasks\BrowserProtect" deleted "C:\END" deleted "C:\windows\Launcher.exe" deleted "C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\browsemngr.xml" deleted "C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\babylon.xml" deleted "C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\search-here.xml" deleted "C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\Web Search.xml" deleted "C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\bprotector_extensions.sqlite" deleted "C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\bprotector_prefs.js" deleted "C:\Users\Public\Desktop\iLivid.lnk" deleted "C:\Users\Craeghs\Desktop\SoftonicDownloader_voor_free-youtube-download.exe" deleted "C:\Users\Craeghs\Desktop\SoftonicDownloader_voor_free-youtube-download.exe" deleted "C:\Users\Craeghs\AppData\Roaming\Udys\valui.exe" deleted "C:\Users\Craeghs\AppData\Roaming\Bomeri\unat.ecy" deleted "C:\Users\Craeghs\AppData\Roaming\Gepyup\iqiqe.ire" deleted "C:\Users\Craeghs\AppData\Roaming\Guvean\paepu.qyv" deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted "C:\Users\Craeghs\AppData\Roaming\Awlo" deleted "C:\Users\Craeghs\AppData\Roaming\Rayp" deleted "C:\Users\Craeghs\AppData\Roaming\Udys" deleted "C:\Users\Craeghs\AppData\Roaming\Bomeri" deleted "C:\Users\Craeghs\AppData\Roaming\Gepyup" deleted "C:\Users\Craeghs\AppData\Roaming\Guvean" deleted "C:\Program Files (x86)\TornTV.com" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted "C:\Program Files (x86)\DealPly" deleted "C:\Program Files (x86)\Protected Search" deleted "C:\Program Files (x86)\MarineAquarium3Free_57EI" deleted "C:\Program Files (x86)\Complitly" deleted "C:\Program Files (x86)\Conduit" deleted "C:\Users\Craeghs\AppData\Roaming\Complitly" deleted "C:\found.000" deleted "C:\found.001" deleted "C:\Users\Craeghs\AppData\Roaming\DVDVideoSoftIEHelpers" deleted "C:\Users\Craeghs\AppData\Roaming\Babylon" deleted "C:\Users\Craeghs\AppData\Roaming\DealPly" deleted "C:\Users\Craeghs\AppData\Roaming\File Scout" deleted "C:\Users\Craeghs\AppData\Roaming\DefaultTab" deleted "C:\Users\Craeghs\AppData\Roaming\OpenCandy" deleted "C:\ProgramData\BrowserProtect" not deleted "C:\ProgramData\Ask" deleted "C:\ProgramData\Babylon" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search" deleted "C:\Users\Craeghs\AppData\Local\APN" deleted "C:\Users\Craeghs\AppData\Local\Conduit" deleted "C:\Users\Craeghs\AppData\LocalLow\BabylonToolbar" deleted "C:\Users\Craeghs\AppData\LocalLow\Conduit" deleted "C:\windows\SysNative\tasks\ProtectedSearch" deleted "C:\windows\SysWow64\searchplugins" deleted "C:\windows\SysWow64\Extensions" deleted "C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\jetpack" deleted "C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\extensions\staged" deleted "C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}" deleted "C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}" deleted "C:\ProgramData\BrowserProtect\2.6.1519.190" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default - Zoom Page - %ProfilePath%\extensions\zoompage@DW-dev - New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467} - Protected Toolbar - %ProfilePath%\extensions\{83ac1a2f-92fc-4314-bc93-c5782d0ba7be} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - Zoom Page - %ProfilePath%\extensions\zoompage@DW-dev.xpi - New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default 3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash 66640A55AEFF3819C94E0A8D40D7E0AD - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director 0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Craeghs\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dlfienamagdnkekbbbocojppncdambda - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx[] gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[] nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" "Search Page"="http://www.google.com" "Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Default_Search_URL"="http://www.google.com/ie" "Search Bar"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s" @="http://www.google.com/search?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026" "Default_Search_URL"="http://www.google.com/ie" "Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q=" "SearchAssistant"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{B12D7E35-54D6-4FA6-9773-05BC0773FFB8}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B12D7E35-54D6-4FA6-9773-05BC0773FFB8}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {b7fca997-d0fb-4fe0-8afd-255e89cf9671} Yahoo Url="http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF" {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing Url="http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Craeghs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\users\Craeghs\AppData\Local\Mozilla\Firefox\Profiles\d0ca05cj.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\Craeghs\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not found "C:\Users\Craeghs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\ProgramData\BrowserProtect" not found ==== EOF on za 10/08/2013 at 14:32:45,55 ====================== -
Beste, Mijn vriendin klaagde dat haar laptop traag was geworden (zacht uitgedrukt als je t mij vraagt..). Ik heb al heel wat toolbars verwijderd maar er zijn wel meer problemen vrees ik. bij deze dus een HJT-logje dat je eens mag bekijken. Alvast bedankt! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:59:54, on 10/08/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16490) Boot mode: Normal Running processes: C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\Users\Craeghs\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Users\Craeghs\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Users\Craeghs\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Protected Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Protected Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Protected Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Protected Search R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Protected Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Craeghs\AppData\Roaming\Complitly\Complitly.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Craeghs\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file) O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Craeghs\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Craeghs\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Startup: Dropbox.lnk = Craeghs\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Craeghs\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\progra~3\browse~2\261519~1.190\{c16c1~1\browse~1.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Craeghs\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing) O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - Unknown owner - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe -- End of file - 15437 bytes
