glennbeerten
-
Items
21 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door glennbeerten
-
-
Dat weet ik niet, Office heeft een kennis er op gezet. Kan dat het probleem zijn?
-
Neen, dit is geen illegale versie van Windows, deze stond reeds op mijn laptop toen ik deze ca. een half jaar geleden nieuw kocht..
-
zie onderstaande link:
-
-
Beste,
De laatste weken krijg ik geregeld een blauw scherm met de melding:
SYSTEM THREAD EXCEPTION NOT HANDLED (atikmdag.sys)
Wat kan ik hier tegen doen?
Alvast bedankt!
-
de laptop werkt weer op normale snelheid,
Dank hiervoor!
-
ComboFix 13-08-19.02 - Gebruiker 20/08/2013 14:20:07.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3835.2415 [GMT 2:00]
Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Webteh
c:\program files (x86)\Webteh\BSPlayer\bplay.exe
c:\program files (x86)\Webteh\BSPlayer\bslib\bslib.dll
c:\program files (x86)\Webteh\BSPlayer\bspadmin.exe
c:\program files (x86)\Webteh\BSPlayer\bspfilters.sam
c:\program files (x86)\Webteh\BSPlayer\bsplay.exe
c:\program files (x86)\Webteh\BSPlayer\bsplayer.exe
c:\program files (x86)\Webteh\BSPlayer\bsplayer.exe.manifest
c:\program files (x86)\Webteh\BSPlayer\bsrendv2.dll
c:\program files (x86)\Webteh\BSPlayer\changes.txt
c:\program files (x86)\Webteh\BSPlayer\codecmanager.exe
c:\program files (x86)\Webteh\BSPlayer\doc\cmdline.txt
c:\program files (x86)\Webteh\BSPlayer\doc\ini_files.html
c:\program files (x86)\Webteh\BSPlayer\insfiles\BSplayer.xml
c:\program files (x86)\Webteh\BSPlayer\insfiles\BSPMLIB.DAT
c:\program files (x86)\Webteh\BSPlayer\insfiles\BSPMLIB2.DAT
c:\program files (x86)\Webteh\BSPlayer\insfiles\EQ.xml
c:\program files (x86)\Webteh\BSPlayer\lang\Arabic.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Arabic2.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Belarusian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Bosnian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Breton.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Bulgarian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Catalan.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Chinese_Simplified.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Chinese_Traditional.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Croatian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Czech.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Danish.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Dutch.lng
c:\program files (x86)\Webteh\BSPlayer\lang\English.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Esperanto.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Estonian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Finnish.lng
c:\program files (x86)\Webteh\BSPlayer\lang\French.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Galician.lng
c:\program files (x86)\Webteh\BSPlayer\lang\German.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Greek.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Hebrew.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Hungarian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Italian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Japanese.lng
c:\program files (x86)\Webteh\BSPlayer\lang\lang_changes.txt
c:\program files (x86)\Webteh\BSPlayer\lang\Latvian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Lithuanian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Macedonian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Norwegian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Polish.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Portuguese.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Portuguese_Brazilian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Romanian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Russian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Serbian (Cyrillic).lng
c:\program files (x86)\Webteh\BSPlayer\lang\Serbian (Latin).lng
c:\program files (x86)\Webteh\BSPlayer\lang\Slovak.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Slovenian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Spanish.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Swedish.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Turkish.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Ukrainian.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Uzbek.lng
c:\program files (x86)\Webteh\BSPlayer\lang\Valencià.lng
c:\program files (x86)\Webteh\BSPlayer\mmkeybsupp.dll
c:\program files (x86)\Webteh\BSPlayer\plugins\oldskin.dll
c:\program files (x86)\Webteh\BSPlayer\sdk\bsp.h
c:\program files (x86)\Webteh\BSPlayer\sdk\bsp.pas
c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\bspplg.h
c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\bspplg.pas
c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\Sample\sample_plugin.def
c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\Sample\sample_plugin.dsp
c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\Sample\sample_plugin.dsw
c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\Sample\sampleplugin.c
c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\sample_subtitles\sample_sub.c
c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\sample_subtitles\sample_sub.def
c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\sample_subtitles\sample_subtitles.dsp
c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\C\sample_subtitles\sample_subtitles.dsw
c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\Delphi\sample\sample_plugin.dpr
c:\program files (x86)\Webteh\BSPlayer\sdk\plugins\Delphi\sample_subtitles\sample_sub.dpr
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\actaspbg.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\actsubbg.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\actsubpbg.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\actvolbg.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b1n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b1u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b2n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b2u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b3a.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b3d.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b3n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b3u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b4a.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b4d.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b4n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b4u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b5a.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b5d.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b5n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b5u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b6n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b7n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b8.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\b8n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\balbtnn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btn_dn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btn_ln.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btn_rn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btn_un.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btncolorn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btngrp1bg.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btnmenun.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\btnmenuu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eq.ini
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eqbtn1a.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eqbtn1n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eqbtn2n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eqbtn2u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eqbtnn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\eqmain.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn1n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn1u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn2n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn2u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn3n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn3u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn4n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exabtn4u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exaudioa.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exaudion.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exaudiou.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn1n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn1u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn2n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn2u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn3n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn3u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn4n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdbtn4u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdvda.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdvdn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exdvdu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exitn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exitu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exradioa.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exradion.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exradiou.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\extbg.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\extva.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\extvn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\extvu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn1a.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn1n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn2n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn2u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn3n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn3u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn4n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn4u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn5n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn5u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn6n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn6u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn7n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn7u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn8n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvbtn8u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvideoa.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvideon.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\exvideou.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsactbg.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb1d.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb1n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb1u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb2d.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb2n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb2u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb3d.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb3n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb3u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb4d.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb4n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb4u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb5d.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb5n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsb5u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsmain.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsn.BMP
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsnextd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsnextn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsnextu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsopend.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsopenn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsopenu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fspaused.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fspausen.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fspauseu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsplayd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsplayn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsplayu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsprevd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsprevn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsprevu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsseek.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsseeku.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsstopd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsstopn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsstopu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\fsu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\grp2.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\main.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\arr2n.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\arr2u.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\arrn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\arru.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\audiosec.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\audiosec_big.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\bgmedia.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\bottomsec.ini
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnaddn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnaddpln.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnclosed.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnclosen.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btncloseu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnmaxd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnmaxn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnmaxu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnmind.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnminn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnminu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnnextd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnnextn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnnextu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnpaused.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnpausen.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnpauseu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnplayd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnplayn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnplayu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnprevd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnprevn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnprevu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrefresha.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrefreshn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrepa.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrepn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrestd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrestn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnrestu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnshufa.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\btnshufn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\busy.mng
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ctrlsimg.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\dvdsec.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\dvdsec_big.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\edb.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ede.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\img_bar1.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ltbm.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\main.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\media_tv_sep_top.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_adddn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_adddu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_addfln.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_addflu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_addfn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_addfu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_addln.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_addlu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_pausen.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_pauseu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_playn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_playu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_refrn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_refru.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\ml_video_defaultbg.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\othersec.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\pic_place.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\podsec.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\podsec_big.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\radiosec.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\radiosec_big.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\searchbtn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\seek.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\seekbg.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\seekbtnd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\seekbtnn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\seekbtnu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\skin.ini
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\thumbaudio.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\thumbbg.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\thumbbga.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\tvsec.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\tvsec_big.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\videosec.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\videosec_big.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\medialib\volume.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\minimizen.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\minimizeu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\mutea.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\muted.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\muten.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\muteu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\nextd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\nextn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\nextu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\opend.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\openn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\openu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\paused.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\pausen.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\pauseu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\playd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\playn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\playu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\plist.ini
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\prevd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\prevn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\prevu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\rgn.dat
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\rgnfs.dat
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\seek.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\seeku.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\skin.ini
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\skinfs.ini
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_closed.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_closen.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_closeu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_maxd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_maxn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_maxu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_mind.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_minn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\sm_minu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\smenud.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\smenun.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\smenuu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\stopd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\stopn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\stopu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\voldd.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\voldn.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\voldu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\volud.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\volume.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\volun.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Base\voluu.bmp
c:\program files (x86)\Webteh\BSPlayer\Skins\Bat lite.bsz
c:\program files (x86)\Webteh\BSPlayer\Skins\BSplayer.v1.bsz
c:\program files (x86)\Webteh\BSPlayer\Skins\mediaBOX v-1.bsz
c:\program files (x86)\Webteh\BSPlayer\Skins\MediaBOX V-2.bsz
c:\program files (x86)\Webteh\BSPlayer\uninstall.EXE
c:\users\Gebruiker\AppData\Roaming\BSplayer Pro
c:\users\Gebruiker\AppData\Roaming\BSplayer Pro\BSplayer.xml
c:\users\Gebruiker\AppData\Roaming\BSplayer Pro\EQ.xml
c:\users\Gebruiker\AppData\Roaming\BSplayer
c:\users\Gebruiker\AppData\Roaming\BSplayer\bslib\BSPMLIB.DAT
c:\users\Gebruiker\AppData\Roaming\BSplayer\bslib\BSPMLIB2.DAT
c:\users\Gebruiker\AppData\Roaming\BSplayer\BSplayer.xml
c:\users\Gebruiker\AppData\Roaming\BSplayer\bsplist.bsl
c:\users\Gebruiker\AppData\Roaming\BSplayer\EQ.xml
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-07-20 to 2013-08-20 ))))))))))))))))))))))))))))))
.
.
2013-08-20 12:33 . 2013-08-20 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-19 13:59 . 2013-08-19 13:59 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-19 13:59 . 2013-08-19 13:59 -------- d-----w- c:\program files (x86)\Trend Micro
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-19 08:06 . 2012-02-18 00:57 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-18 09:32 . 2013-02-04 12:14 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-14 15:34 . 2012-11-10 15:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-14 15:34 . 2011-12-16 09:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-05 03:34 . 2013-07-11 05:47 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 05:47 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 05:47 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Facebook Update"="c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-21 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-08-18 2314416]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-7-1 1945128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys;c:\windows\SYSNATIVE\DRIVERS\dvmio.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 15:34]
.
2013-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954901341-383252444-2500990738-1000Core.job
- c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-14 17:25]
.
2013-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954901341-383252444-2500990738-1000UA.job
- c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-14 17:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-12-16 171520]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.130.3 195.130.131.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\966tnf13.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={31BAF64C-ECA8-4095-A41B-2647037B7BB3}&mid=608ff1477af347d1be571943ef5ea3e4-a02703f07077a19be9159f751d22ed12fb2a9109〈=nl&ds=AVG&pr=fr&d=2013-02-04 13:14&pid=avg&sg=0&v=15.3.0.11&sap=ku&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-BSPlayerf - c:\program files (x86)\Webteh\BSPlayer\uninstall.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1954901341-383252444-2500990738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1954901341-383252444-2500990738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-08-20 14:51:08
ComboFix-quarantined-files.txt 2013-08-20 12:51
ComboFix2.txt 2013-08-20 10:38
.
Pre-Run: 329.743.568.896 bytes beschikbaar
Post-Run: 329.674.694.656 bytes beschikbaar
.
- - End Of File - - FD5B703513A8A0A32FC03F9A7AD20C8A
A36C5E4F47E84449FF07ED3517B43A31
-
ComboFix 13-08-19.02 - Gebruiker 20/08/2013 12:26:07.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3835.1721 [GMT 2:00]
Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-07-20 to 2013-08-20 ))))))))))))))))))))))))))))))
.
.
2013-08-20 10:34 . 2013-08-20 10:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-19 13:59 . 2013-08-19 13:59 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-19 13:59 . 2013-08-19 13:59 -------- d-----w- c:\program files (x86)\Trend Micro
2013-07-28 18:09 . 2013-07-28 18:12 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\BSplayer
2013-07-28 18:09 . 2013-07-28 18:09 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\BSplayer Pro
2013-07-28 18:09 . 2013-07-28 18:09 -------- d-----w- c:\program files (x86)\Webteh
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-19 08:06 . 2012-02-18 00:57 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-18 09:32 . 2013-02-04 12:14 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-14 15:34 . 2012-11-10 15:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-14 15:34 . 2011-12-16 09:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-05 03:34 . 2013-07-11 05:47 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 05:47 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 05:47 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Facebook Update"="c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-21 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-08-18 2314416]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-7-1 1945128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys;c:\windows\SYSNATIVE\DRIVERS\dvmio.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 15:34]
.
2013-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954901341-383252444-2500990738-1000Core.job
- c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-14 17:25]
.
2013-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954901341-383252444-2500990738-1000UA.job
- c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-14 17:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-12-16 171520]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.130.3 195.130.131.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\966tnf13.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={31BAF64C-ECA8-4095-A41B-2647037B7BB3}&mid=608ff1477af347d1be571943ef5ea3e4-a02703f07077a19be9159f751d22ed12fb2a9109〈=nl&ds=AVG&pr=fr&d=2013-02-04 13:14&pid=avg&sg=0&v=15.3.0.11&sap=ku&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1954901341-383252444-2500990738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1954901341-383252444-2500990738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-08-20 12:38:05
ComboFix-quarantined-files.txt 2013-08-20 10:38
.
Pre-Run: 329.523.331.072 bytes beschikbaar
Post-Run: 329.883.557.888 bytes beschikbaar
.
- - End Of File - - 5EE8E7A9144851DC4DBC485ECD22603C
A36C5E4F47E84449FF07ED3517B43A31
-
Laptop is traag, zou iemand dit logje eens kunnen controleren?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:01:14, on 19/08/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\agent.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP SimplePass Identity Protection Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13160 bytes
alvast bedankt!
-
oké, het is weg nu, thanks.
-
malwarebytes geeft echter wel deze log weer:
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download
Databaseversie: v2013.08.10.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Craeghs :: PORTCRAEGHS [administrator]
10/08/2013 16:31:45
MBAM-log-2013-08-10 (16-40-03).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 213869
Verstreken tijd: 3 minuut/minuten, 56 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Geen actie ondernomen.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Geen actie ondernomen.
Registerwaarden gedetecteerd: 1
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Data: -> Geen actie ondernomen.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:\Users\Craeghs\Downloads\installer_total_audio_converter.exe (PUP.BundleInstaller.DT) -> Geen actie ondernomen.
(einde)
-
Momenteel ondervindt ik geen problemen meer.
hartelijk bedankt!
-
Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by Craeghs on za 10/08/2013 at 14:18:44,12.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Craeghs\Downloads\zoek.exe [script inserted]
==== System Restore Info ======================
10/08/2013 14:19:38 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1B90E85D-BB1F-4A8A-B82B-48F50E44A2F8} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B12D7E35-54D6-4FA6-9773-05BC0773FFB8} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\defaulttabupdate deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\defaulttabupdate deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default
---- Lines delta removed from prefs.js ----
user_pref("avg.install.userHPSettings", "http://www1.delta-search.com/?affid=1215612&babsrc=hp_ss&mntrid=425d0aa3c4b1ab36");
user_pref("avg.install.userSPSettings", "Delta Search");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id", "425d9bf50000000000000aa3c4b1ab36");
user_pref("extensions.delta.instlDay", "15799");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.022:08:38");
---- Lines delta modified from prefs.js ----
---- Lines delta removed from user.js ----
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "425d9bf50000000000000aa3c4b1ab36");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15799");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.022:08:38");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);
---- Lines babylon removed from prefs.js ----
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.dfltLng", "nl");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "425d9bf50000000000000aa3c4b1ab36");
user_pref("extensions.BabylonToolbar.instlDay", "15647");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=425d9bf50000000000000aa3c4b1ab36&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.818:23:30");
---- Lines babylon modified from prefs.js ----
---- Lines babylon removed from user.js ----
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=425d9bf50000000000000aa3c4b1ab36&q=");
user_pref("extensions.BabylonToolbar.id", "425d9bf50000000000000aa3c4b1ab36");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.instlDay", "15647");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.818:23:30");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.dfltLng", "nl");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.admin", false);
---- Lines search.com removed from prefs.js ----
---- Lines search.com modified from prefs.js ----
---- Lines search.com removed from user.js ----
---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from prefs.js ----
---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1373450314781,\"rdfTime\":1373450314750}}},{\"name\":\"app-profile\",\"addons\":{\"zoompage@DW-dev\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\zoompage@DW-dev.xpi\",\"mtime\":1376133423861},\"{33e0daa6-3af3-d8b5-6752-10e949c61516}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{33e0daa6-3af3-d8b5-6752-10e949c61516}\",\"mtime\":1354458030331,\"rdfTime\":1337563998000},\"{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}\",\"mtime\":1354457999561,\"rdfTime\":1351151260000},\"{ad708c09-d51b-45b3-9d28-4eba2681febf}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{ad708c09-d51b-45b3-9d28-4eba2681febf}\",\"mtime\":1376131539796,\"rdfTime\":1376131533726},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1376133286457},\"{66E978CD-981F-47DF-AC42-E3CF417C1467}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi\",\"mtime\":1376134351252}}}]");
---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from user.js ----
---- Lines {ad708c09-d51b-45b3-9d28-4eba2681febf} removed from prefs.js ----
---- Lines {ad708c09-d51b-45b3-9d28-4eba2681febf} modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1373450314781,\"rdfTime\":1373450314750}}},{\"name\":\"app-profile\",\"addons\":{\"zoompage@DW-dev\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\zoompage@DW-dev.xpi\",\"mtime\":1376133423861},\"{disabled}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{disabled}\",\"mtime\":1354458030331,\"rdfTime\":1337563998000},\"{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}\",\"mtime\":1354457999561,\"rdfTime\":1351151260000},\"{ad708c09-d51b-45b3-9d28-4eba2681febf}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{ad708c09-d51b-45b3-9d28-4eba2681febf}\",\"mtime\":1376131539796,\"rdfTime\":1376131533726},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1376133286457},\"{66E978CD-981F-47DF-AC42-E3CF417C1467}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi\",\"mtime\":1376134351252}}}]");
---- Lines {ad708c09-d51b-45b3-9d28-4eba2681febf} removed from user.js ----
---- FireFox user.js and prefs.js backups ----
user_20131008_1428_.backup
prefs_20131008_1428_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
==== Deleting Files \ Folders ======================
"C:\ProgramData\jcipxsaerchkozh" deleted
"C:\ProgramData\zddsribnbfcvarn" deleted
"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\delta.xml" deleted
"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\babylon.xml" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml" deleted
"C:\Users\Craeghs\AppData\Roaming\cache.dat" deleted
"C:\windows\SysNative\Tasks\DealPly" deleted
"C:\ProgramData\dsgsdgdsgdsgw.pad" deleted
"C:\windows\SysNative\Tasks\BrowserProtect" deleted
"C:\END" deleted
"C:\windows\Launcher.exe" deleted
"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\browsemngr.xml" deleted
"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\babylon.xml" deleted
"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\search-here.xml" deleted
"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\Web Search.xml" deleted
"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\bprotector_extensions.sqlite" deleted
"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\bprotector_prefs.js" deleted
"C:\Users\Public\Desktop\iLivid.lnk" deleted
"C:\Users\Craeghs\Desktop\SoftonicDownloader_voor_free-youtube-download.exe" deleted
"C:\Users\Craeghs\Desktop\SoftonicDownloader_voor_free-youtube-download.exe" deleted
"C:\Users\Craeghs\AppData\Roaming\Udys\valui.exe" deleted
"C:\Users\Craeghs\AppData\Roaming\Bomeri\unat.ecy" deleted
"C:\Users\Craeghs\AppData\Roaming\Gepyup\iqiqe.ire" deleted
"C:\Users\Craeghs\AppData\Roaming\Guvean\paepu.qyv" deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted
"C:\Users\Craeghs\AppData\Roaming\Awlo" deleted
"C:\Users\Craeghs\AppData\Roaming\Rayp" deleted
"C:\Users\Craeghs\AppData\Roaming\Udys" deleted
"C:\Users\Craeghs\AppData\Roaming\Bomeri" deleted
"C:\Users\Craeghs\AppData\Roaming\Gepyup" deleted
"C:\Users\Craeghs\AppData\Roaming\Guvean" deleted
"C:\Program Files (x86)\TornTV.com" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted
"C:\Program Files (x86)\DealPly" deleted
"C:\Program Files (x86)\Protected Search" deleted
"C:\Program Files (x86)\MarineAquarium3Free_57EI" deleted
"C:\Program Files (x86)\Complitly" deleted
"C:\Program Files (x86)\Conduit" deleted
"C:\Users\Craeghs\AppData\Roaming\Complitly" deleted
"C:\found.000" deleted
"C:\found.001" deleted
"C:\Users\Craeghs\AppData\Roaming\DVDVideoSoftIEHelpers" deleted
"C:\Users\Craeghs\AppData\Roaming\Babylon" deleted
"C:\Users\Craeghs\AppData\Roaming\DealPly" deleted
"C:\Users\Craeghs\AppData\Roaming\File Scout" deleted
"C:\Users\Craeghs\AppData\Roaming\DefaultTab" deleted
"C:\Users\Craeghs\AppData\Roaming\OpenCandy" deleted
"C:\ProgramData\BrowserProtect" not deleted
"C:\ProgramData\Ask" deleted
"C:\ProgramData\Babylon" deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly" deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search" deleted
"C:\Users\Craeghs\AppData\Local\APN" deleted
"C:\Users\Craeghs\AppData\Local\Conduit" deleted
"C:\Users\Craeghs\AppData\LocalLow\BabylonToolbar" deleted
"C:\Users\Craeghs\AppData\LocalLow\Conduit" deleted
"C:\windows\SysNative\tasks\ProtectedSearch" deleted
"C:\windows\SysWow64\searchplugins" deleted
"C:\windows\SysWow64\Extensions" deleted
"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\jetpack" deleted
"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\extensions\staged" deleted
"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}" deleted
"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}" deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default
- Zoom Page - %ProfilePath%\extensions\zoompage@DW-dev
- New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
- Protected Toolbar - %ProfilePath%\extensions\{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
- Zoom Page - %ProfilePath%\extensions\zoompage@DW-dev.xpi
- New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
66640A55AEFF3819C94E0A8D40D7E0AD - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Craeghs\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dlfienamagdnkekbbbocojppncdambda - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx[]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]
nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"
"Search Page"="http://www.google.com"
"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Default_Search_URL"="http://www.google.com/ie"
"Search Bar"="http://www.google.com/ie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"
"Default_Search_URL"="http://www.google.com/ie"
"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="
"SearchAssistant"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{B12D7E35-54D6-4FA6-9773-05BC0773FFB8}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B12D7E35-54D6-4FA6-9773-05BC0773FFB8}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.be/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{b7fca997-d0fb-4fe0-8afd-255e89cf9671} Yahoo Url="http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF"
{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing Url="http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Craeghs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Craeghs\AppData\Local\Mozilla\Firefox\Profiles\d0ca05cj.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Craeghs\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found
"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not found
"C:\Users\Craeghs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\ProgramData\BrowserProtect" not found
==== EOF on za 10/08/2013 at 14:32:45,55 ======================
-
Beste,
Mijn vriendin klaagde dat haar laptop traag was geworden (zacht uitgedrukt als je t mij vraagt..).
Ik heb al heel wat toolbars verwijderd maar er zijn wel meer problemen vrees ik. bij deze dus een HJT-logje dat je eens mag bekijken.
Alvast bedankt!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:59:54, on 10/08/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)
Boot mode: Normal
Running processes:
C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Users\Craeghs\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Users\Craeghs\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Craeghs\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Protected Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Protected Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Protected Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Protected Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Protected Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Craeghs\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Craeghs\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Craeghs\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Craeghs\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = Craeghs\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Craeghs\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~2\261519~1.190\{c16c1~1\browse~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Craeghs\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - Unknown owner - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe
--
End of file - 15437 bytes
-
Zoek.exe Version 4.0.0.2 Updated 21-June-2013
Tool run by deben on vr 21/06/2013 at 14:49:19,77.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Firefox Extensions ======================
ProfilePath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default
- Mediavid - %ProfilePath%\extensions\cb9ad6f4-a6db-493e-8aab-6a2b525d06f5@6cb56be9-0226-40cd-be18-54220b0b7b03.com
- FreeHDSport TV - %ProfilePath%\extensions\fhdp@fhdp.tv.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
2BF85B6162528E0635DD8D632EB975C8 - C:\Users\deben\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll - Facebook Desktop
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\deben\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
==== Deleting Files \ Folders ======================
"C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default\extensions\fhdp@fhdp.tv.xpi" deleted
"C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default\extensions\cb9ad6f4-a6db-493e-8aab-6a2b525d06f5@6cb56be9-0226-40cd-be18-54220b0b7b03.com" deleted
==== EOF on vr 21/06/2013 at 14:50:14,41 ======================
Bedankt!
-
Beste,
had deze week niet veel tijd, vandaar dat het even heeft geduurd.
het in inmiddels gelukt zoek.exe te openen. dit is het logbestand:
Zoek.exe Version 4.0.0.2 Updated 18-June-2013
Tool run by deben on do 20/06/2013 at 15:03:40,64.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== FireFox Fix ======================
ProfilePath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\0
user.js not found
---- Lines Mediavid removed from prefs.js ----
---- Lines Mediavid modified from prefs.js ----
---- Lines FreeHDSport TV removed from prefs.js ----
---- Lines FreeHDSport TV modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs_20131006_2017_.backup
prefs_20131106_0954_.backup
prefs_20132006_1505_.backup
ProfilePath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default
user.js not found
---- Lines Mediavid removed from prefs.js ----
---- Lines Mediavid modified from prefs.js ----
---- Lines FreeHDSport TV removed from prefs.js ----
---- Lines FreeHDSport TV modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs_20131006_2017_.backup
prefs_20131106_0954_.backup
prefs_20132006_1505_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\cb9ad6f4-a6db-493e-8aab-6a2b525d06f5@6cb56be9-0226-40cd-be18-54220b0b7b03.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\fhdp@fhdp.tv.xpi]
==== Firefox Extensions ======================
ProfilePath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default
- Mediavid - %ProfilePath%\extensions\cb9ad6f4-a6db-493e-8aab-6a2b525d06f5@6cb56be9-0226-40cd-be18-54220b0b7b03.com
- FreeHDSport TV - %ProfilePath%\extensions\fhdp@fhdp.tv.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
2BF85B6162528E0635DD8D632EB975C8 - C:\Users\deben\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll - Facebook Desktop
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\deben\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
==== Chrome Look ======================
Google Drive - deben - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - deben - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - deben - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Norton Identity Protection - deben - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Gmail - deben - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== EOF on do 20/06/2013 at 15:06:01,39 ======================
de laptop heeft geen problemen meer gehad.
bedankt!!
-
Beste,
ik krijg Zoek.exe niet meer geopend , ook niet als ik het als administrator uitvoer. als ik het opnieuw download ook niet.
er zijn intussen wel geen problemen meer..
alvast bedankt!
-
Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by deben on di 11/06/2013 at 9:54:24,47.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== FireFox Fix ======================
ProfilePath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\0
user.js not found
---- Lines MapsGalaxy removed from prefs.js ----
---- Lines MapsGalaxy modified from prefs.js ----
---- Lines Mediavid removed from prefs.js ----
---- Lines Mediavid modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs_20131006_2017_.backup
prefs_20131106_0954_.backup
ProfilePath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default
user.js not found
---- Lines MapsGalaxy removed from prefs.js ----
---- Lines MapsGalaxy modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1370419451162,\"rdfTime\":1368303951000}}},{\"name\":\"app-profile\",\"addons\":{\"39ffxtbr@MapsGalaxy_39.com\":{\"descriptor\":\"C:\\\\Users\\\\deben\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ahegsr6j.default\\\\extensions\\\\39ffxtbr@MapsGalaxy_39.com\",\"mtime\":1370419397970,\"rdfTime\":1370419394102},\"cb9ad6f4-a6db-493e-8aab-6a2b525d06f5@6cb56be9-0226-40cd-be18-54220b0b7b03.com\":{\"descriptor\":\"C:\\\\Users\\\\deben\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ahegsr6j.default\\\\extensions\\\\cb9ad6f4-a6db-493e-8aab-6a2b525d06f5@6cb56be9-0226-40cd-be18-54220b0b7b03.com\",\"mtime\":1370878057845,\"rdfTime\":1370779442000},\"fhdp@fhdp.tv\":{\"descriptor\":\"C:\\\\Users\\\\deben\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ahegsr6j.default\\\\extensions\\\\fhdp@fhdp.tv.xpi\",\"mtime\":1368358750099}}}]");
---- Lines Mediavid removed from prefs.js ----
---- Lines Mediavid modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs_20131006_2017_.backup
prefs_20131106_0954_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
"MapsGalaxy Search Scope Monitor"=-
"MapsGalaxy_39 Browser Plugin Loader"=-
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MapsGalaxy Home Page Guard 64 bit"=-
==== Deleting Files \ Folders ======================
"C:\Program Files (x86)\SweetIM" not found
"C:\Program Files (x86)\MapsGalaxy_39" not found
"C:\Windows\Syswow64\jmdp" not found
"C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\39ffxtbr@MapsGalaxy_39.com" deleted
"C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default\extensions\39ffxtbr@MapsGalaxy_39.com" deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default
- Mediavid - %ProfilePath%\extensions\cb9ad6f4-a6db-493e-8aab-6a2b525d06f5@6cb56be9-0226-40cd-be18-54220b0b7b03.com
- FreeHDSport TV - %ProfilePath%\extensions\fhdp@fhdp.tv.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default
7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash
2BF85B6162528E0635DD8D632EB975C8 - C:\Users\deben\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll - Facebook Desktop
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\deben\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
==== EOF on di 11/06/2013 at 9:55:06,12 ======================
# AdwCleaner v2.303 - Verslag gemaakt op 11/06/2013 om 10:07:47
# Geactualiseerd op 08/06/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : deben - DEBEN-VAIO
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\deben\Downloads\adwcleaner.exe
# Optie [Verwijderen]
***** [Diensten] *****
***** [Files / Mappen] *****
File Verwijderd : C:\Users\deben\Desktop\TornTV.lnk
Map Verwijderd : C:\Users\deben\AppData\Roaming\dvdvideosoftiehelpers
Map Verwijderd : C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default\jetpack
***** [Register] *****
Sleutel Verwijderd : HKCU\Software\1ClickDownload
Sleutel Verwijderd : HKCU\Software\APN PIP
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\searchqutoolbar
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartBar
Sleutel Verwijderd : HKCU\Software\AppDataLow\Toolbar
Sleutel Verwijderd : HKCU\Software\Conduit
Sleutel Verwijderd : HKCU\Software\DataMngr
Sleutel Verwijderd : HKCU\Software\ilivid
Sleutel Verwijderd : HKCU\Software\IM
Sleutel Verwijderd : HKCU\Software\ImInstaller
Sleutel Verwijderd : HKCU\Software\MapsGalaxy_39
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Sleutel Verwijderd : HKCU\Software\WNLT
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Sleutel Verwijderd : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Sleutel Verwijderd : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\sim-packages
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Sleutel Verwijderd : HKLM\Software\Conduit
Sleutel Verwijderd : HKLM\Software\DeviceVM
Sleutel Verwijderd : HKLM\Software\DVDVideoSoftTB
Sleutel Verwijderd : HKLM\Software\IB Updater
Sleutel Verwijderd : HKLM\Software\iLividSRTB
Sleutel Verwijderd : HKLM\Software\MapsGalaxy_39
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Sleutel Verwijderd : HKLM\Software\PIP
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A17090E-A5E2-4E0A-8176-330A54611CFD}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74F6D582-5B40-4433-A71B-505374625775}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Sleutel Verwijderd : HKLM\SOFTWARE\DataMngr
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Sleutel Verwijderd : HKLM\SOFTWARE\Tarma Installer
Waarde Verwijderd : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Waarde Verwijderd : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
Waarde Verwijderd : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [39ffxtbr@MapsGalaxy_39.com]
Waarde Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [browsers] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Het register bevat geen enkele ongeoorloofde invoer.
-\\ Mozilla Firefox v21.0 (nl)
File : C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js
[OK] De file bevat geen enkele ongeoorloofde invoer.
File : C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default\prefs.js
Verwijderd : user_pref("browser.search.defaultenginename", "SweetIM Search");
Verwijderd : user_pref("browser.search.selectedEngine", "SweetIM Search");
Verwijderd : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=6&barid={9E6A31D0-BAF8-11E2-8282-[...]
-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]
File : C:\Users\deben\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner[s1].txt - [11708 octets] - [11/06/2013 10:07:47]
########## EOF - C:\AdwCleaner[s1].txt - [11769 octets] ##########
alvast bedankt Mako!
-
Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by deben on ma 10/06/2013 at 20:14:19,34.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\internet explorer\urlsearchhooks\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IB Updater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IB Updater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IBUpdaterService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IBUpdaterService deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\0
user.js not found
---- Lines EEE6C361-6118-11DC-9C72-001320C79847 removed from prefs.js ----
---- Lines EEE6C361-6118-11DC-9C72-001320C79847 modified from prefs.js ----
---- Lines SweetIM removed from prefs.js ----
---- Lines SweetIM modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs_20131006_2017_.backup
ProfilePath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default
user.js not found
---- Lines EEE6C361-6118-11DC-9C72-001320C79847 removed from prefs.js ----
---- Lines EEE6C361-6118-11DC-9C72-001320C79847 modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}\":{\"descriptor\":\"C:\\\\Program Files\\\\IB Updater\\\\Firefox\",\"mtime\":1362514294925,\"rdfTime\":1359466114000},\"39ffxtbr@MapsGalaxy_39.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\MapsGalaxy_39\\\\bar\\\\1.bin\",\"mtime\":1370419397924,\"rdfTime\":1370419394102}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1370419451162,\"rdfTime\":1368303951000}}},{\"name\":\"app-profile\",\"addons\":{\"39ffxtbr@MapsGalaxy_39.com\":{\"descriptor\":\"C:\\\\Users\\\\deben\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ahegsr6j.default\\\\extensions\\\\39ffxtbr@MapsGalaxy_39.com\",\"mtime\":1370419397970,\"rdfTime\":1370419394102},\"cb9ad6f4-a6db-493e-8aab-6a2b525d06f5@6cb56be9-0226-40cd-be18-54220b0b7b03.com\":{\"descriptor\":\"C:\\\\Users\\\\deben\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ahegsr6j.default\\\\extensions\\\\cb9ad6f4-a6db-493e-8aab-6a2b525d06f5@6cb56be9-0226-40cd-be18-54220b0b7b03.com\",\"mtime\":1370878057845,\"rdfTime\":1370779442000},\"fhdp@fhdp.tv\":{\"descriptor\":\"C:\\\\Users\\\\deben\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ahegsr6j.default\\\\extensions\\\\fhdp@fhdp.tv.xpi\",\"mtime\":1368358750099},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\deben\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ahegsr6j.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1368358860660}}}]");
---- Lines SweetIM removed from prefs.js ----
user_pref("browser.search.defaultenginename", "SweetIM Search");
user_pref("browser.search.selectedEngine", "SweetIM Search");
user_pref("keyword.URL", "http://search.sweetim.com/search.asp?src=6&barid={9E6A31D0-BAF8-11E2-8282-64273797DE10}&crg=3.1010000.10011&st=23&q=");
---- Lines SweetIM modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs_20131006_2017_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
"MapsGalaxy Search Scope Monitor"=-
"MapsGalaxy_39 Browser Plugin Loader"=-
==== Deleting Files \ Folders ======================
"C:\user.js" deleted
"C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi" deleted
"C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default\searchplugins\SweetIM Search.xml" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml" deleted
"C:\Users\deben\AppData\Roaming\skype.dat" deleted
"C:\windows\SysNative\dmwu.exe" deleted
"C:\ProgramData\7ofiwin.pad" deleted
"C:\ProgramData\kjhy64.txt" deleted
"C:\user.js" deleted
"C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default\searchplugins\MyStart Search.xml" deleted
"C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default\searchplugins\SweetIM Search.xml" deleted
"C:\PROGRA~3\Wincert\win32cert.dll" deleted
"C:\PROGRA~3\Wincert\win32prop.dll" deleted
"C:\ProgramData\Wincert\win32cert.dll" deleted
"C:\ProgramData\Wincert\win32prop.dll" deleted
"C:\Windows\Syswow64\jmdp\lmrn.dll" deleted
"C:\Windows\Syswow64\jmdp\msvcp100.dll" deleted
"C:\Windows\Syswow64\jmdp\msvcr100.dll" deleted
"C:\Windows\Syswow64\jmdp\sqlite3.dll" deleted
"C:\Windows\Syswow64\jmdp\stij.exe" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brstub.dll" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39hkstub.dll" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegratorStub64.dll" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\Hpg64.dll" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8RES.DLL" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brstub.dll" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39hkstub.dll" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegratorStub64.dll" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\Hpg64.dll" deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8RES.DLL" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll" deleted
"C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" deleted
"C:\Users\deben\AppData\Roaming\iolo" deleted
"C:\Program Files (x86)\SweetIM" not deleted
"C:\Program Files (x86)\MapsGalaxy_39" not deleted
"C:\Program Files (x86)\DVDVideoSoftTB" deleted
"C:\Program Files\IB Updater" deleted
"C:\PROGRA~3\Wincert" deleted
"C:\Program Files (x86)\TornTV.com" deleted
"C:\Program Files (x86)\FirstRowSportApp.com" deleted
"C:\Program Files (x86)\Search Results Toolbar" deleted
"C:\Program Files (x86)\DVDVideoSoftTB" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted
"C:\Program Files (x86)\Yontoo" deleted
"C:\Program Files (x86)\MapsGalaxy_39" not deleted
"C:\Program Files (x86)\sweetpacks bundle uninstaller" deleted
"C:\Program Files\IB Updater" deleted
"C:\Program Files (x86)\SweetIM" not deleted
"C:\Program Files (x86)\Conduit" deleted
"C:\Program Files (x86)\Searchqu Toolbar" deleted
"C:\Users\deben\AppData\Roaming\OpenCandy" deleted
"C:\ProgramData\Browser Manager" deleted
"C:\ProgramData\Ask" deleted
"C:\ProgramData\boost_interprocess" deleted
"C:\ProgramData\Wincert" deleted
"C:\ProgramData\SweetIM" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\Users\deben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com" deleted
"C:\Users\deben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com" deleted
"C:\Users\deben\AppData\Local\Ilivid Player" deleted
"C:\Users\deben\AppData\Local\Conduit" deleted
"C:\Users\deben\AppData\LocalLow\DVDVideoSoftTB" deleted
"C:\Users\deben\AppData\LocalLow\DataMngr" deleted
"C:\Users\deben\AppData\LocalLow\searchquband" deleted
"C:\Users\deben\AppData\LocalLow\Conduit" deleted
"C:\Users\deben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" deleted
"C:\Windows\Syswow64\jmdp" not deleted
"C:\Windows\Syswow64\ARFC" deleted
"C:\Windows\Syswow64\WNLT" deleted
"C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default\jetpack" deleted
"C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" deleted
"C:\Program Files (x86)\SweetIM\Messenger" not deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar" not deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin" not deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar" not deleted
"C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin" not deleted
"C:\Program Files (x86)\SweetIM\Messenger" not deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\deben\AppData\Local\Temp ====
2013-06-08 09:43:53 F7C120110847B47C7D2DC9F3643AF90F 76640 ----a-w- C:\Users\deben\AppData\Local\Temp\TUUUninstallHelper.exe
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-06-05 11:37:16 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-05-15 08:33:54 AF2E16242AA723F68F461B6EAE2EAD3D 983400 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2013-05-15 08:33:53 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-06-05 08:03:14 -------- d-----w- C:\Program Files (x86)\MapsGalaxy_39
2013-05-12 11:40:11 -------- d-----w- C:\Program Files (x86)\SweetIM
======= C: =====
2013-06-10 14:33:57 1954EFB7F8F139DA6C5D2FE5CDD9DABB 3416 ------w- C:\bootsqm.dat
====== C:\Users\deben\AppData\Roaming ======
2013-06-10 15:29:18 -------- d-----r- C:\users\deben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
====== C:\Users\deben ======
2013-06-05 11:36:38 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\deben\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-05 11:33:47 B36B2E3CA24D80973C59BFBDA1C4800B 4378864 ----a-w- C:\Users\deben\Downloads\ccsetup402.exe
====== C: exe-files ==
2013-06-08 09:43:53 F7C120110847B47C7D2DC9F3643AF90F 76640 ----a-w- C:\Users\deben\AppData\Local\Temp\TUUUninstallHelper.exe
2013-06-05 11:36:38 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\deben\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-05 11:33:47 B36B2E3CA24D80973C59BFBDA1C4800B 4378864 ----a-w- C:\Users\deben\Downloads\ccsetup402.exe
2013-06-04 19:31:06 17EFB4C5F996F783E90BE1EB0077BA40 477560 ----a-w- C:\Users\deben\AppData\Local\Temp\MSS\3.0.318.3\McUICnt.exe
=== C: other files ==
2013-06-05 11:37:16 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Facebook Update"="C:\Users\deben\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Elbserver"="C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay"
"Spotify Web Helper"="C:\Users\deben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
"Dolby Home Theater v4"="C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe -autostart"
"ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SweetIM"="C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
"MapsGalaxy Search Scope Monitor"="C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe /m=2 /w /h"
"MapsGalaxy_39 Browser Plugin Loader"="C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Facebook Update"="C:\Users\deben\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Elbserver"="C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay"
"Spotify Web Helper"="C:\Users\deben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"AtherosBtStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"AthBtTray"="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"MapsGalaxy Home Page Guard 64 bit"="C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\deben\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\deben\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
==== Startup Folders ======================
2012-07-11 19:07:44 1322 ----a-w- C:\users\deben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undertermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1488088736-1313127206-2769114686-1001Core.job --a------ C:\Users\deben\AppData\Local\Facebook\Update\FacebookUpdate.exe [24/07/2012 16:55]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1488088736-1313127206-2769114686-1001UA.job --a------ C:\Users\deben\AppData\Local\Facebook\Update\FacebookUpdate.exe [24/07/2012 16:55]
==== Firefox Extensions ======================
ProfilePath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\0
- MapsGalaxy - %ProfilePath%\extensions\39ffxtbr@MapsGalaxy_39.com
- Torntv - %ProfilePath%\extensions\torntv@torntv.com.xpi
ProfilePath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default
- MapsGalaxy - %ProfilePath%\extensions\39ffxtbr@MapsGalaxy_39.com
- Mediavid - %ProfilePath%\extensions\cb9ad6f4-a6db-493e-8aab-6a2b525d06f5@6cb56be9-0226-40cd-be18-54220b0b7b03.com
- FreeHDSport TV - %ProfilePath%\extensions\fhdp@fhdp.tv.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\ahegsr6j.default
7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash
2BF85B6162528E0635DD8D632EB975C8 - C:\Users\deben\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll - Facebook Desktop
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\deben\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
==== Deleting Files \ Folders ======================
"C:\Users\deben\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\torntv@torntv.com.xpi" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\IB Updater\source.crx[]
jbpkiefagocgkmemidfngdkamloieekf - C:\Program Files (x86)\TornTV.com\torn10.crx[]
kkfggacklibaabdomphfdpcodjgihgon - C:\Program Files (x86)\FirstRowSportApp.com\stv10.crx[]
niapdbllcanepiiimjjndipklodoedlc - No path found[]
Norton Identity Protection - deben - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
==== Chrome Fix ======================
C:\Users\deben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage deleted successfully
C:\Users\deben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^UX^xdm170^YY^be&ptb=36C28743-013B-4A3F-8A80-7A9AC8FF3F01&si=KI_MAPS_FIG_BEL_116"
"Default_Page_URL"="http://vaioportal.sony.eu"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{25F70F62-98D0-43A9-9510-989E28A1C9F5} eBay Url="http://rover.ebay.com/rover/1/1553-42507-16445-59/4?mpre=http://shop.benl.ebay.be/?oemInLn=ieSrch-Q112&_nkw={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-1488088736-1313127206-2769114686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kkfggacklibaabdomphfdpcodjgihgon deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\deben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\deben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\deben\AppData\Local\Mozilla\Firefox\Profiles\ahegsr6j.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\deben\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\deben\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\windows\SysNative\dmwu.exesearch" deleted
"C:\Program Files (x86)\SweetIM" not found
"C:\Program Files (x86)\MapsGalaxy_39" not found
"C:\Program Files (x86)\MapsGalaxy_39" not found
"C:\Program Files (x86)\SweetIM" not found
"C:\Windows\Syswow64\jmdp" not found
==== EOF on ma 10/06/2013 at 20:22:30,57 ======================
-
ik had het ukash virus op mijn laptop, door systeemherstel krijg k het politiescherm niet meer, maar enk dat het niet volledig weg is.
hieronder het hijackthislogje en malwarebyteslog
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:04:01, on 5/06/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
FIREFOX: 21.0 (nl)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Users\deben\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Users\deben\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Users\deben\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to the VAIO portal
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^UX^xdm170^YY^be&ptb=36C28743-013B-4A3F-8A80-7A9AC8FF3F01&si=KI_MAPS_FIG_BEL_116
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: (no name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll
O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
O2 - BHO: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O3 - Toolbar: (no name) - !{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O3 - Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\deben\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\deben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - Startup: Facebook Messenger.lnk = deben\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\deben\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~3\Wincert\WIN32C~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: DCDhcpService - Atheros Communication Inc. - C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MapsGalaxyService (MapsGalaxy_39Service) - COMPANYVERS_NAME - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 16334 bytes
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download
Databaseversie: v2013.06.05.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
deben :: DEBEN-VAIO [administrator]
5/06/2013 14:07:32
MBAM-log-2013-06-05 (14-11-15).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 219126
Verstreken tijd: 3 minuut/minuten, 30 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Geen actie ondernomen.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Geen actie ondernomen.
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
alvast bedankt,
Glenn
Blauw scherm atikmdag.sys
in Archief Windows 8.1
Geplaatst:
Oké, dan moet ik terug Openoffice op m'n laptop instaleren en office verwijderen..
Nieuwe driver van de grafische kaart heb ik zojuist geïnstalleerd.