Ga naar inhoud

Kwesterman67

Lid
  • Items

    12
  • Registratiedatum

  • Laatst bezocht

Alles dat geplaatst werd door Kwesterman67

  1. Oké. Gedaan. Succesvol denk ik, want er is een logje.
  2. Had inderdaad al twee keer eerder gedaan. AVG gooide roet in het eten nadat hij weer opstartte. Maar heb die andere twee samples niet mee. Kan ik Zoek nog een keer doen met dezelfde code?
  3. Lijkt geen vuiltje aan de lucht nu. Ik kijk het echter nog een paar dagen aan
  4. Zoek.exe Version 4.0.0.2 Updated 03-June-2013 Tool run by Bastiaan on do 13-06-2013 at 16:42:29,58. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results11-06-2013-2057.log 223 bytes C:\zoek-results11-06-2013-2125.log 17497 bytes C:\zoek-results13-06-2013-1631.log 11786 bytes ==== Creating Sample_13-06-2013_1645.zip ====================== C:\Users\Public\Desktop\sample_13-06-2013_1645.zip created successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Files \ Folders ====================== "C:\Users\Bastiaan\AppData\Roaming\pejo\vifier.bat" not found ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx[22-05-2013 14:09] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12-12-2011 15:13] Docs - Bastiaan - Default\Extensions\aohghmighlieiainnegkcijnfilokake AVG Security Toolbar - Bastiaan - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{3C7F0032-CCDD-43D1-8F94-FE04D9DFFFAE}" {3C7F0032-CCDD-43D1-8F94-FE04D9DFFFAE} Yahoo Url="http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {92BB7481-26F0-4D3B-BF07-5E12D7BC0768} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}" {E439E89B-686E-440A-95BE-F13292C12507} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox" ==== Reset Google Chrome ====================== C:\users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Bastiaan\Desktop\AVG PC Tuneup 2011.lnk - C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe C:\Users\Bastiaan\Desktop\DivX Movies.lnk - C:\Users\Bastiaan\Videos\DivX Movies C:\Users\Bastiaan\Desktop\GearBox.lnk - C:\Program Files (x86)\Line6\GearBox\GearBox.exe C:\Users\Bastiaan\Desktop\HiJackThis.lnk - C:\Users\Bastiaan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe C:\Users\Bastiaan\Desktop\Microsoft Word.lnk - C:\Windows\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe C:\Users\Bastiaan\Desktop\Play MPE Player.lnk - C:\Program Files (x86)\Play MPE\Player\MPEPlayer.exe C:\Users\Bastiaan\Desktop\Tracks Eraser Pro.lnk - C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\te.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Users\Public\Desktop\Babylon.lnk - C:\Users\Bastiaan\AppData\Local\Babylon\Setup\Setup.exe "C:\Users\Bastiaan\AppData\Local\Temp\1D3F0F46-BAB0-7891-A773-C5BFA59A2DD6\Setup.exe" -toolbar.exe" /rt /mnt /mds /mhp /babTrack="affID=19764" /s /aflt=babsst /instlref=sst /srcExt=ss -rc C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\DivX Plus Converter.lnk - C:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe SW_SHOWNORMAL C:\Users\Public\Desktop\DivX Plus Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe C:\Users\Public\Desktop\Internetbrowser selecteren.lnk - C:\Windows\System32\browserchoice.exe /launch C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Public\Desktop\Play HP Games.lnk - C:\Program Files (x86)\HP Games\onplay\onplay.exe "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src desktopoem C:\Users\Public\Desktop\Play MPE Player 5.lnk - C:\Windows\Installer\{B818D973-20EF-4830-B642-061AD59B5C53}\_D52A372B0F44040535D34C.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\Studio One 2 x64.lnk - C:\Program Files\PreSonus\Studio One 2\Studio One.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Verwijder HitmanPro 3.7.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe /uninstall ==== shortcuts in Quick Launch ====================== C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk - C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Play MPE Player V5.lnk - C:\Program Files (x86)\Play MPE\Player 5\PlayMPEPlayer5.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Play MPE Player.lnk - C:\Program Files (x86)\Play MPE\Player\MPEPlayer.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk - C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word.lnk - C:\Windows\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\FileUncompresser.lnk - C:\Users\Bastiaan\Desktop\FileUncompresser.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bastiaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bastiaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Bastiaan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Bastiaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on do 13-06-2013 at 16:48:26,00 ====================== - - - Updated - - - http://www.mijnbestand.nl/Bestand-XH4JZQN7BR4G.zip
  5. Mmm iets te voorbarig. Schermpje kwam toch terug, en ook het politiescherm. Had daarvoor nog wel AVG opnieuw geïnstalleerd en laten scannen. Kunnen we misschien van voor af aan beginnen? Want nu krijg ik bij Hijack ook deze (onderste) te zien. Bij het opstarten die andere (bovenste) Logje hieronder, maar of die dan goed is? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:10:53, on 11-6-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [pejo] "C:\Users\Bastiaan\AppData\Roaming\pejo\vifier.bat" O4 - HKCU\..\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\a20qe.dat,XFG00 O4 - Startup: regmonstd.lnk = C:\Windows\System32\rundll32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.line6.net O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Tracks Eraser Service (tepsrv) - Acesoft - C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12678 bytes
  6. Heb je deze zelf aangemaakt ? O4 - HKCU\..\Run: [pejo] "C:\Users\Bastiaan\AppData\Roaming\pejo\vifier.ba Ik heb geen flauw idee wat het is... Ik denk van niet. Wat betreft dat aparte schermpje dat verscheen als ik opstartte. Heb er nog een bedreiging uitgehaald en nu verschijnt die niet meer. Moet ik alsnog dat uit het vorige bericht doen?
  7. Oh er is toch nog een ding. Het was er opeens. Een maand komt dit steeds in beeld nadat mijn computer is opgestart. Kan dit kwaad? Zoals je ziet zijn de pictogrammen moeten de pictogrammen op mijn bureaublad dan nog laden.
  8. Lijkt dus opgelost. Moet er nog Hijack ofzo aan te pas komen om dat te checken?
  9. Vooralsnog probleemloos. Hitman heeft meerdere bedreigingen en dergelijke verwijderd. Kan weer in de reguliere modus opstarten. Dat zogenaamde politiebericht popt in ieder geval niet meer op.
  10. Gedaan. HitmanPro 3.7.6.201 www.hitmanpro.com Computer name . . . . : BASTIAAN-HP Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : Bastiaan-HP\Bastiaan UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-06-11 22:03:16 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 52s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 10 Traces . . . . . . . : 4366 Objects scanned . . . : 1.740.200 Files scanned . . . . : 22.046 Remnants scanned . . : 437.428 files / 1.280.726 keys Malware _____________________________________________________________________ C:\Users\Bastiaan\AppData\Roaming\Caswudkt\Caswudkt.scr -> Deleted Size . . . . . . . : 11.264 bytes Age . . . . . . . : 22.9 days (2013-05-20 01:29:00) Entropy . . . . . : 6.0 SHA-256 . . . . . : 13B04CD3E8CA9FCE3BE5D824DC18177CA905D6459C8236D080E7F4BB1B0D2581 > G Data . . . . . . : Trojan.BAT.Agent.EB > Ikarus . . . . . . : Trojan.Agent4!IK Fuzzy . . . . . . : 111.0 Forensic Cluster -0.0s C:\Windows\Prefetch\ATTRIB.EXE-73917FEA.pf -0.0s C:\Windows\Prefetch\ATTRIB.EXE-73917FEA.pf -0.0s C:\Users\Bastiaan\AppData\Roaming\Caswudkt\ 0.0s C:\Users\Bastiaan\AppData\Roaming\Caswudkt\Caswudkt.scr 0.0s C:\Users\Bastiaan\AppData\Roaming\Caswudkt\Caswudkt.scr 0.5s C:\Windows\Prefetch\RUNDLL32.EXE-A749F2A1.pf 0.9s C:\Windows\Prefetch\MAKECAB.EXE-4CDBAF68.pf 0.9s C:\Windows\Prefetch\MAKECAB.EXE-4CDBAF68.pf 0.9s C:\Windows\Prefetch\MAKECAB.EXE-4CDBAF68.pf 0.9s C:\Windows\Prefetch\MAKECAB.EXE-4CDBAF68.pf 0.9s C:\Windows\Prefetch\MAKECAB.EXE-4CDBAF68.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\AppID\BrowserConnection.DLL\ (SearchQU) HKLM\SOFTWARE\Classes\AppID\DnsBHO.DLL\ (SearchQU) HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}\ (SearchQU) HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}\ (SearchQU) HKLM\SOFTWARE\Classes\b\ (Babylon) HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon) HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon) HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon) HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon) HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon) HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ (SearchQU) HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ (SearchQU) HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\ (SearchQU) HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\ (SearchQU) HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods) HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods) HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon) HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\ (SearchQU) HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon) HKLM\SOFTWARE\Classes\Prod.cap\ (Claro) HKLM\SOFTWARE\Classes\s\ (Softonic) HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ (SearchQU) HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ (SearchQU) HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ (SearchQU) HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon) HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\BrowserConnection.DLL\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\DnsBHO.DLL\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\DataMngr\ (SearchQU) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ (SearchQU) HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon) HKLM\SOFTWARE\Wow6432Node\BabylonToolbar\ (Babylon) HKLM\SOFTWARE\Wow6432Node\DealPly\ (Delta Search) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ (SearchQU) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar\ (Babylon) HKU\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\BabylonToolbar\ (Babylon) HKU\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\DataMngr\ (SearchQU) HKU\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\DealPly\ (Delta Search) HKU\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}\ (Babylon) HKU\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}\ (SearchQU) Cookies _____________________________________________________________________ C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.movad.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.muzzy.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.rtvnh.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adhese.be C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.as4x.tmcs.ticketmaster.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.comeon.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpallmedia.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kleineuil.tv C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mrgreen.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.thegauntlet.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.twitpic.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserving.unibet.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adverteerdirect.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.musicpublishers.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:banner.studenten.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:be.sitestat.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluemango.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmednl.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:deltalloyd.adservinginternational.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ffddela.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:jobtrack.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:kpn.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ptvgoalv15.122.2o7.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:rts.pgmediaserve.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpel.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:translinksystemsbv.112.2o7.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.at.atwola.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:vodafonebranding.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:webonl.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.belstat.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.studenten.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:zeddigitalnl.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\00FL9HAT.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0DJUPXFM.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0E7B6C5B.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0H2WZI5V.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0INJ6L21.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0JHW31PD.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0K3038PO.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0P5KTZR0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0RJ2GL60.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0RUS7JG0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0YVA1IT9.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\10XAXMV6.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\183IHETQ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\1BJR1QHY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\1KF1SB8B.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\1NPXDBM0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\1SF1TTD4.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\1WCFP7IQ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\1Y0JE9YB.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\24EDKGR0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\260VQNGJ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2AY14STD.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2N92TJV7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2Q2AV7TM.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2Q3HX1ZO.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2Q7XZIF1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2TYEMWMY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2UGW5VXP.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2WL3RME7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\39ZN7VJ6.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\3JBKCKVL.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\3JD4OOXG.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\3L686J1T.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\3X9DIW3D.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\46WOBBX3.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\4KV5ODXS.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\5MBCHGCF.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\5YW17BLU.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\60P47JFP.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\67DD9WZM.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\6JB14EF3.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\6N6EPZMP.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\6OZ2TV69.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\6SGBKPUX.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\7AY7SCZE.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\7EQ3FFYA.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\7RJGW342.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\7TP9VDWI.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\90M9YXJ8.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\93EDCE1I.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\9BNM6O8R.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\9LEOJOP0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\9TYZMD5P.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\9XTQ6FZL.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\A3FYT8V0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\AGF45OLI.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\AIXSLT5K.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\AQ6S6A40.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\AX3LHIGY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\AYU60F6U.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\B7ZUKWMB.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\BA11G9T5.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\BPEK0NM7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\BSYD34RL.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\BUOFF0JX.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\BWAKKX7B.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\C46F84RX.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\C8AZAKMA.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\CLCACXP2.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\CW8PB78B.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\D2G14QQ1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\D538B7OQ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DAM33Q6M.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DBDNUFCU.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DJS0A0M1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DLHUBCBD.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DM7E70ZV.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DQL96Z96.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DY6TEORP.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\E4ZL6WNJ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\E60TUNE7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\E7NDNMHM.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\E8M1LEYB.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\E9DYF557.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\EDZK8JRV.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\EGR8DD60.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ELVUAP02.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\FF3QOBD7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\FGGR7AJ2.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\FJ06VO7M.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\FUFHHOME.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\FZS8BLKA.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\G3WX3EAU.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\GBAHR7WE.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\GFYNVCWY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\GRGAH3YV.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\GTM88H0O.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\H2EY2S76.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\H2H5VD93.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\HTB2D3BK.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\HUFD7QRY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\HVL3TQ51.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\HWZG9GGO.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\I08G1DGR.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\I43ADFQ7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\I669PC3H.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\IDHGU812.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\IHWS2M0B.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\IL6JPXZI.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ILZ5ZBYQ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\IMR73D57.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\IXELL551.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\IYOKXHVA.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\J8EIJ21P.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\JJ1NMP18.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\JKSD8K9H.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\JM82NSZ2.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\JNTCRQ1T.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\K34WF0BZ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\K41WOZPV.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\K4Q1CZQR.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\K7KODE5P.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KBFE29R3.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KCM40WM3.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KE65982P.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KF7I1M8W.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KLAQQKN4.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KNQ86WZ6.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KOJS4J9J.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KSDQARO8.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\LYNTBVQ0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\M1JPWHQY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\M2TE6KFK.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\MBWZOJB1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\MXU8UT5U.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\N0QEG3ES.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\N6J0ONBI.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\NCMERUHT.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\NH899VXU.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\NQTJQBZ7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\NSM62I7W.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\NW1CC14T.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\O648NJG7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\OCYMEHMS.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\P27Z1ZCK.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PAEUL9ZC.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PFQLN1DT.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PHPE6AJL.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PI6JWYS1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PIRH1OVG.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PLDE4KNY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PSUWSW2E.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PTHORIB1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PYH7C12V.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Q4WO2H3H.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Q8YWPEVL.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\QC44KEB2.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\QGV0EH7O.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\QJA3AHHH.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\QYWI4LV7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\RUBRJ1X9.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\S1KWUG2L.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\S2JSNQIN.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\S2KP9J51.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\S84UC6WR.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\S8LGOHWI.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\SC1LB9FN.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\SIOXEZLZ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\SLLZCFMS.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\SMS1I2I9.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\STR0600Z.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\T5TKZEBR.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\TD3A4R4M.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\TEID9AUH.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\TWBIJH37.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\U65UHK16.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\UQFQOXT5.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\UUY8UM6C.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\VVZXKRUC.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\VW8XDDN1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\WRXHJRHI.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\XDKPR4LA.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\XDWF0PMM.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\XW9K5122.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\XZTH8MZ2.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Y060X2XG.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Y2PUYNH9.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Y31RK5ZW.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Y65A7R4J.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Y9BBCBPU.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Z03HU57I.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Z42Y0QF9.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Z43Y2W3P.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ZH187FH0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ZMPXTQ8S.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ZRX9Z14F.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ZT8086KB.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ZU7KHMH7.txt
  11. Hele lap tekst. Hoop dat er wat tussen zit. Zoek.exe Version 4.0.0.2 Updated 03-June-2013 Tool run by Bastiaan on di 11-06-2013 at 20:58:35,80. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Safe Mode NETWORK Internet Access Detected ==== Older Logs ====================== C:\zoek-results11-06-2013-2057.log 223 bytes ==== Possible Rootkit Infection ====================== C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\L C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\@ C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U\00000001.@ C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U\80000000.@ C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U\800000cb.@ C:\Windows\installer\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\L C:\Windows\installer\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U ==== Creating Sample_11-06-2013_2100.zip ====================== Copied file C:\Users\Bastiaan\atuvzsda4or6q.exe to sample\atuvzsda4or6q.exe Copied file C:\Users\Bastiaan\qsqsz64ep1mhi.exe to sample\qsqsz64ep1mhi.exe Copied file C:\ProgramData\rundll32.exe to sample\rundll32.exe sample\atuvzsda4or6q.exe renamed to 2E14536FF7E741979FBCF70F396DE16D sample\qsqsz64ep1mhi.exe renamed to 649950BAEBAE40B249F51F161CAD3A92 sample\rundll32.exe renamed to 51138BEEA3E2C21EC44D0932C71762A8 C:\Users\Public\Desktop\sample_11-06-2013_2100.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully ==== Deleting Files \ Folders ====================== "C:\ProgramData\fgoghqxvehdogol" deleted "C:\ProgramData\4a3ir.pad" deleted "C:\ProgramData\eq02a.pad" deleted "C:\ProgramData\g2j9.pad" deleted "C:\ProgramData\as98213.txt" deleted "C:\ProgramData\kjhy64.txt" deleted "C:\ProgramData\9j2g.dat" deleted "C:\ProgramData\a20qe.dat" deleted "C:\ProgramData\ri3a4.dat" deleted "C:\ProgramData\eq02a.js" deleted "C:\ProgramData\eq02a.reg" deleted "C:\ProgramData\eq02a.bat" deleted "C:\END" deleted "C:\Users\Bastiaan\atuvzsda4or6q.exe" deleted "C:\Users\Bastiaan\qsqsz64ep1mhi.exe" deleted "C:\ProgramData\rundll32.exe" deleted "C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\@" deleted "C:\Users\Bastiaan\AppData\Roaming\Ushaof\ywzys.tiz" deleted "C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U\00000001.@" deleted "C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U\80000000.@" deleted "C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U\800000cb.@" deleted "C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}" deleted "C:\Windows\installer\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}" deleted "C:\Users\Bastiaan\AppData\Roaming\Satyo" deleted "C:\Users\Bastiaan\AppData\Roaming\Ushaof" deleted "C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\L" deleted "C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U" deleted "C:\Windows\installer\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\L" deleted "C:\Windows\installer\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U" deleted "C:\Program Files (x86)\BabylonToolbar" deleted "C:\Program Files (x86)\Windows iLivid Toolbar" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly" deleted "C:\Users\Bastiaan\AppData\Local\PackageAware" deleted "C:\Users\Bastiaan\AppData\Local\Babylon" deleted "C:\Users\Bastiaan\AppData\LocalLow\boost_interprocess" deleted "C:\Users\Bastiaan\AppData\LocalLow\DataMngr" deleted "C:\Users\Bastiaan\AppData\LocalLow\searchqutoolbar" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx[22-05-2013 14:09] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12-12-2011 15:13] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[] YouTube - Bastiaan - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Bastiaan - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AVG Security Toolbar - Bastiaan - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof DivX Plus Web Player HTML5 \u003Cvideo\u003E - Bastiaan - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Gmail - Bastiaan - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}" {3C7F0032-CCDD-43D1-8F94-FE04D9DFFFAE} Yahoo Url="http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {92BB7481-26F0-4D3B-BF07-5E12D7BC0768} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}" {E439E89B-686E-440A-95BE-F13292C12507} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox" ==== Reset Google Chrome ====================== C:\users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Bastiaan\Desktop\AVG PC Tuneup 2011.lnk - C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe C:\Users\Bastiaan\Desktop\DivX Movies.lnk - C:\Users\Bastiaan\Videos\DivX Movies C:\Users\Bastiaan\Desktop\GearBox.lnk - C:\Program Files (x86)\Line6\GearBox\GearBox.exe C:\Users\Bastiaan\Desktop\HiJackThis.lnk - C:\Users\Bastiaan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe C:\Users\Bastiaan\Desktop\Microsoft Word.lnk - C:\Windows\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe C:\Users\Bastiaan\Desktop\Play MPE Player.lnk - C:\Program Files (x86)\Play MPE\Player\MPEPlayer.exe C:\Users\Bastiaan\Desktop\Tracks Eraser Pro.lnk - C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\te.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Users\Public\Desktop\Babylon.lnk - C:\Users\Bastiaan\AppData\Local\Babylon\Setup\Setup.exe "C:\Users\Bastiaan\AppData\Local\Temp\1D3F0F46-BAB0-7891-A773-C5BFA59A2DD6\Setup.exe" -toolbar.exe" /rt /mnt /mds /mhp /babTrack="affID=19764" /s /aflt=babsst /instlref=sst /srcExt=ss -rc C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\DivX Plus Converter.lnk - C:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe SW_SHOWNORMAL C:\Users\Public\Desktop\DivX Plus Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe C:\Users\Public\Desktop\Internetbrowser selecteren.lnk - C:\Windows\System32\browserchoice.exe /launch C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Public\Desktop\Play HP Games.lnk - C:\Program Files (x86)\HP Games\onplay\onplay.exe "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src desktopoem C:\Users\Public\Desktop\Play MPE Player 5.lnk - C:\Windows\Installer\{B818D973-20EF-4830-B642-061AD59B5C53}\_D52A372B0F44040535D34C.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\Studio One 2 x64.lnk - C:\Program Files\PreSonus\Studio One 2\Studio One.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk - C:\Windows\System32\rundll32.exe C:\PROGRA~3\a20qe.dat,XFG00 ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== shortcuts in Quick Launch ====================== C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk - C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Play MPE Player V5.lnk - C:\Program Files (x86)\Play MPE\Player 5\PlayMPEPlayer5.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Play MPE Player.lnk - C:\Program Files (x86)\Play MPE\Player\MPEPlayer.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk - C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word.lnk - C:\Windows\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\FileUncompresser.lnk - C:\Users\Bastiaan\Desktop\FileUncompresser.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bastiaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Bastiaan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bastiaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Bastiaan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Bastiaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on di 11-06-2013 at 21:25:19,43 ======================
  12. Hallo, een virus kaapt mijn computer. Krijg steeds een politiebericht te zien die het opstartproces belemmerd. Nep natuurlijk. Moet zogenaamd geld overmaken. Ik heb overigns het idee dat mijn computer het voor dit virus ook al niet helemaal lekker liep. Dus ik houd rekening met meerdere virus. Ik zit nu in de veilige modus met netwerkmogelijkheden. Maar ook hier heb ik er last van. Of heb ik last van nog een virus. Als ik de computer even met rust laat gaat het ook mis. Dan verlies ik de controle over de muis en gebeuren er allerlei dingen waar ik niet op zit te wachten. Hetzelfde geldt voor werken in de veilige modus zónder netwerkmogelijkheden. Weet iemand raad? Voor de zekerheid alvast een logje met Hijack gemaakt. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:10:53, on 11-6-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [pejo] "C:\Users\Bastiaan\AppData\Roaming\pejo\vifier.bat" O4 - HKCU\..\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\a20qe.dat,XFG00 O4 - Startup: regmonstd.lnk = C:\Windows\System32\rundll32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.line6.net O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Tracks Eraser Service (tepsrv) - Acesoft - C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12678 bytes
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.