Kwesterman67
-
Items
12 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Kwesterman67
-
-
Had inderdaad al twee keer eerder gedaan. AVG gooide roet in het eten nadat hij weer opstartte. Maar heb die andere twee samples niet mee. Kan ik Zoek nog een keer doen met dezelfde code?
-
Lijkt geen vuiltje aan de lucht nu. Ik kijk het echter nog een paar dagen aan
-
Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by Bastiaan on do 13-06-2013 at 16:42:29,58.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results11-06-2013-2057.log 223 bytes
C:\zoek-results11-06-2013-2125.log 17497 bytes
C:\zoek-results13-06-2013-1631.log 11786 bytes
==== Creating Sample_13-06-2013_1645.zip ======================
C:\Users\Public\Desktop\sample_13-06-2013_1645.zip created successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Files \ Folders ======================
"C:\Users\Bastiaan\AppData\Roaming\pejo\vifier.bat" not found
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx[22-05-2013 14:09]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12-12-2011 15:13]
Docs - Bastiaan - Default\Extensions\aohghmighlieiainnegkcijnfilokake
AVG Security Toolbar - Bastiaan - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{3C7F0032-CCDD-43D1-8F94-FE04D9DFFFAE}"
{3C7F0032-CCDD-43D1-8F94-FE04D9DFFFAE} Yahoo Url="http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{92BB7481-26F0-4D3B-BF07-5E12D7BC0768} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}"
{E439E89B-686E-440A-95BE-F13292C12507} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"
==== Reset Google Chrome ======================
C:\users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Bastiaan\Desktop\AVG PC Tuneup 2011.lnk - C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Users\Bastiaan\Desktop\DivX Movies.lnk - C:\Users\Bastiaan\Videos\DivX Movies
C:\Users\Bastiaan\Desktop\GearBox.lnk - C:\Program Files (x86)\Line6\GearBox\GearBox.exe
C:\Users\Bastiaan\Desktop\HiJackThis.lnk - C:\Users\Bastiaan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\Bastiaan\Desktop\Microsoft Word.lnk - C:\Windows\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe
C:\Users\Bastiaan\Desktop\Play MPE Player.lnk - C:\Program Files (x86)\Play MPE\Player\MPEPlayer.exe
C:\Users\Bastiaan\Desktop\Tracks Eraser Pro.lnk - C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\te.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Users\Public\Desktop\Babylon.lnk - C:\Users\Bastiaan\AppData\Local\Babylon\Setup\Setup.exe "C:\Users\Bastiaan\AppData\Local\Temp\1D3F0F46-BAB0-7891-A773-C5BFA59A2DD6\Setup.exe" -toolbar.exe" /rt /mnt /mds /mhp /babTrack="affID=19764" /s /aflt=babsst /instlref=sst /srcExt=ss -rc
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\DivX Plus Converter.lnk - C:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe SW_SHOWNORMAL
C:\Users\Public\Desktop\DivX Plus Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Public\Desktop\Internetbrowser selecteren.lnk - C:\Windows\System32\browserchoice.exe /launch
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Play HP Games.lnk - C:\Program Files (x86)\HP Games\onplay\onplay.exe "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src desktopoem
C:\Users\Public\Desktop\Play MPE Player 5.lnk - C:\Windows\Installer\{B818D973-20EF-4830-B642-061AD59B5C53}\_D52A372B0F44040535D34C.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\Studio One 2 x64.lnk - C:\Program Files\PreSonus\Studio One 2\Studio One.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Verwijder HitmanPro 3.7.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe /uninstall
==== shortcuts in Quick Launch ======================
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk - C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Play MPE Player V5.lnk - C:\Program Files (x86)\Play MPE\Player 5\PlayMPEPlayer5.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Play MPE Player.lnk - C:\Program Files (x86)\Play MPE\Player\MPEPlayer.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word.lnk - C:\Windows\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\FileUncompresser.lnk - C:\Users\Bastiaan\Desktop\FileUncompresser.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bastiaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bastiaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Bastiaan\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Bastiaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on do 13-06-2013 at 16:48:26,00 ======================
- - - Updated - - -
-
Mmm iets te voorbarig. Schermpje kwam toch terug, en ook het politiescherm. Had daarvoor nog wel AVG opnieuw geïnstalleerd en laten scannen.
Kunnen we misschien van voor af aan beginnen? Want nu krijg ik bij Hijack ook deze (onderste) te zien. Bij het opstarten die andere (bovenste)
Logje hieronder, maar of die dan goed is?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:10:53, on 11-6-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [pejo] "C:\Users\Bastiaan\AppData\Roaming\pejo\vifier.bat"
O4 - HKCU\..\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\a20qe.dat,XFG00
O4 - Startup: regmonstd.lnk = C:\Windows\System32\rundll32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.line6.net
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Tracks Eraser Service (tepsrv) - Acesoft - C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12678 bytes
-
Heb je deze zelf aangemaakt ? O4 - HKCU\..\Run: [pejo] "C:\Users\Bastiaan\AppData\Roaming\pejo\vifier.ba
Ik heb geen flauw idee wat het is... Ik denk van niet. Wat betreft dat aparte schermpje dat verscheen als ik opstartte. Heb er nog een bedreiging uitgehaald en nu verschijnt die niet meer. Moet ik alsnog dat uit het vorige bericht doen?
-
Oh er is toch nog een ding. Het was er opeens. Een maand komt dit steeds in beeld nadat mijn computer is opgestart. Kan dit kwaad? Zoals je ziet zijn de pictogrammen moeten de pictogrammen op mijn bureaublad dan nog laden.
-
Lijkt dus opgelost. Moet er nog Hijack ofzo aan te pas komen om dat te checken?
-
Vooralsnog probleemloos. Hitman heeft meerdere bedreigingen en dergelijke verwijderd. Kan weer in de reguliere modus opstarten. Dat zogenaamde politiebericht popt in ieder geval niet meer op.
-
Gedaan.
HitmanPro 3.7.6.201 www.hitmanpro.com Computer name . . . . : BASTIAAN-HP Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : Bastiaan-HP\Bastiaan UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-06-11 22:03:16 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 52s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 10 Traces . . . . . . . : 4366 Objects scanned . . . : 1.740.200 Files scanned . . . . : 22.046 Remnants scanned . . : 437.428 files / 1.280.726 keys Malware _____________________________________________________________________ C:\Users\Bastiaan\AppData\Roaming\Caswudkt\Caswudkt.scr -> Deleted Size . . . . . . . : 11.264 bytes Age . . . . . . . : 22.9 days (2013-05-20 01:29:00) Entropy . . . . . : 6.0 SHA-256 . . . . . : 13B04CD3E8CA9FCE3BE5D824DC18177CA905D6459C8236D080E7F4BB1B0D2581 > G Data . . . . . . : Trojan.BAT.Agent.EB > Ikarus . . . . . . : Trojan.Agent4!IK Fuzzy . . . . . . : 111.0 Forensic Cluster -0.0s C:\Windows\Prefetch\ATTRIB.EXE-73917FEA.pf -0.0s C:\Windows\Prefetch\ATTRIB.EXE-73917FEA.pf -0.0s C:\Users\Bastiaan\AppData\Roaming\Caswudkt\ 0.0s C:\Users\Bastiaan\AppData\Roaming\Caswudkt\Caswudkt.scr 0.0s C:\Users\Bastiaan\AppData\Roaming\Caswudkt\Caswudkt.scr 0.5s C:\Windows\Prefetch\RUNDLL32.EXE-A749F2A1.pf 0.9s C:\Windows\Prefetch\MAKECAB.EXE-4CDBAF68.pf 0.9s C:\Windows\Prefetch\MAKECAB.EXE-4CDBAF68.pf 0.9s C:\Windows\Prefetch\MAKECAB.EXE-4CDBAF68.pf 0.9s C:\Windows\Prefetch\MAKECAB.EXE-4CDBAF68.pf 0.9s C:\Windows\Prefetch\MAKECAB.EXE-4CDBAF68.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf 2.4s C:\Windows\Prefetch\NETSH.EXE-CD959116.pf Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\AppID\BrowserConnection.DLL\ (SearchQU) HKLM\SOFTWARE\Classes\AppID\DnsBHO.DLL\ (SearchQU) HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}\ (SearchQU) HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}\ (SearchQU) HKLM\SOFTWARE\Classes\b\ (Babylon) HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon) HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon) HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon) HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon) HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon) HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ (SearchQU) HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ (SearchQU) HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\ (SearchQU) HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\ (SearchQU) HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods) HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods) HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon) HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\ (SearchQU) HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon) HKLM\SOFTWARE\Classes\Prod.cap\ (Claro) HKLM\SOFTWARE\Classes\s\ (Softonic) HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ (SearchQU) HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ (SearchQU) HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ (SearchQU) HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon) HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\BrowserConnection.DLL\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\DnsBHO.DLL\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ (SearchQU) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\DataMngr\ (SearchQU) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ (SearchQU) HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon) HKLM\SOFTWARE\Wow6432Node\BabylonToolbar\ (Babylon) HKLM\SOFTWARE\Wow6432Node\DealPly\ (Delta Search) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ (SearchQU) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar\ (Babylon) HKU\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\BabylonToolbar\ (Babylon) HKU\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\DataMngr\ (SearchQU) HKU\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\DealPly\ (Delta Search) HKU\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}\ (Babylon) HKU\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}\ (SearchQU) Cookies _____________________________________________________________________ C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.movad.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.muzzy.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.rtvnh.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adhese.be C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.as4x.tmcs.ticketmaster.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.comeon.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpallmedia.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kleineuil.tv C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mrgreen.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.thegauntlet.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.twitpic.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserving.unibet.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adverteerdirect.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.musicpublishers.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:banner.studenten.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:be.sitestat.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluemango.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmednl.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:deltalloyd.adservinginternational.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ffddela.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:jobtrack.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:kpn.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ptvgoalv15.122.2o7.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:rts.pgmediaserve.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpel.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:translinksystemsbv.112.2o7.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.at.atwola.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:vodafonebranding.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:webonl.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.belstat.nl C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.studenten.net C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:zeddigitalnl.solution.weborama.fr C:\Users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\00FL9HAT.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0DJUPXFM.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0E7B6C5B.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0H2WZI5V.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0INJ6L21.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0JHW31PD.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0K3038PO.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0P5KTZR0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0RJ2GL60.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0RUS7JG0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\0YVA1IT9.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\10XAXMV6.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\183IHETQ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\1BJR1QHY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\1KF1SB8B.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\1NPXDBM0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\1SF1TTD4.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\1WCFP7IQ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\1Y0JE9YB.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\24EDKGR0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\260VQNGJ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2AY14STD.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2N92TJV7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2Q2AV7TM.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2Q3HX1ZO.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2Q7XZIF1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2TYEMWMY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2UGW5VXP.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\2WL3RME7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\39ZN7VJ6.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\3JBKCKVL.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\3JD4OOXG.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\3L686J1T.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\3X9DIW3D.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\46WOBBX3.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\4KV5ODXS.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\5MBCHGCF.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\5YW17BLU.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\60P47JFP.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\67DD9WZM.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\6JB14EF3.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\6N6EPZMP.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\6OZ2TV69.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\6SGBKPUX.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\7AY7SCZE.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\7EQ3FFYA.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\7RJGW342.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\7TP9VDWI.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\90M9YXJ8.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\93EDCE1I.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\9BNM6O8R.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\9LEOJOP0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\9TYZMD5P.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\9XTQ6FZL.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\A3FYT8V0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\AGF45OLI.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\AIXSLT5K.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\AQ6S6A40.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\AX3LHIGY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\AYU60F6U.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\B7ZUKWMB.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\BA11G9T5.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\BPEK0NM7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\BSYD34RL.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\BUOFF0JX.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\BWAKKX7B.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\C46F84RX.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\C8AZAKMA.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\CLCACXP2.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\CW8PB78B.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\D2G14QQ1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\D538B7OQ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DAM33Q6M.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DBDNUFCU.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DJS0A0M1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DLHUBCBD.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DM7E70ZV.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DQL96Z96.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\DY6TEORP.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\E4ZL6WNJ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\E60TUNE7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\E7NDNMHM.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\E8M1LEYB.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\E9DYF557.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\EDZK8JRV.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\EGR8DD60.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ELVUAP02.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\FF3QOBD7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\FGGR7AJ2.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\FJ06VO7M.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\FUFHHOME.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\FZS8BLKA.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\G3WX3EAU.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\GBAHR7WE.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\GFYNVCWY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\GRGAH3YV.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\GTM88H0O.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\H2EY2S76.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\H2H5VD93.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\HTB2D3BK.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\HUFD7QRY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\HVL3TQ51.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\HWZG9GGO.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\I08G1DGR.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\I43ADFQ7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\I669PC3H.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\IDHGU812.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\IHWS2M0B.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\IL6JPXZI.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ILZ5ZBYQ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\IMR73D57.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\IXELL551.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\IYOKXHVA.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\J8EIJ21P.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\JJ1NMP18.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\JKSD8K9H.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\JM82NSZ2.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\JNTCRQ1T.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\K34WF0BZ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\K41WOZPV.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\K4Q1CZQR.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\K7KODE5P.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KBFE29R3.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KCM40WM3.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KE65982P.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KF7I1M8W.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KLAQQKN4.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KNQ86WZ6.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KOJS4J9J.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\KSDQARO8.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\LYNTBVQ0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\M1JPWHQY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\M2TE6KFK.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\MBWZOJB1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\MXU8UT5U.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\N0QEG3ES.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\N6J0ONBI.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\NCMERUHT.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\NH899VXU.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\NQTJQBZ7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\NSM62I7W.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\NW1CC14T.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\O648NJG7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\OCYMEHMS.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\P27Z1ZCK.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PAEUL9ZC.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PFQLN1DT.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PHPE6AJL.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PI6JWYS1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PIRH1OVG.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PLDE4KNY.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PSUWSW2E.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PTHORIB1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\PYH7C12V.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Q4WO2H3H.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Q8YWPEVL.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\QC44KEB2.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\QGV0EH7O.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\QJA3AHHH.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\QYWI4LV7.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\RUBRJ1X9.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\S1KWUG2L.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\S2JSNQIN.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\S2KP9J51.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\S84UC6WR.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\S8LGOHWI.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\SC1LB9FN.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\SIOXEZLZ.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\SLLZCFMS.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\SMS1I2I9.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\STR0600Z.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\T5TKZEBR.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\TD3A4R4M.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\TEID9AUH.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\TWBIJH37.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\U65UHK16.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\UQFQOXT5.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\UUY8UM6C.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\VVZXKRUC.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\VW8XDDN1.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\WRXHJRHI.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\XDKPR4LA.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\XDWF0PMM.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\XW9K5122.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\XZTH8MZ2.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Y060X2XG.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Y2PUYNH9.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Y31RK5ZW.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Y65A7R4J.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Y9BBCBPU.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Z03HU57I.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Z42Y0QF9.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\Z43Y2W3P.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ZH187FH0.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ZMPXTQ8S.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ZRX9Z14F.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ZT8086KB.txt C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Cookies\ZU7KHMH7.txt -
Hele lap tekst. Hoop dat er wat tussen zit.
Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by Bastiaan on di 11-06-2013 at 20:58:35,80.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
==== Older Logs ======================
C:\zoek-results11-06-2013-2057.log 223 bytes
==== Possible Rootkit Infection ======================
C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\L
C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U
C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\@
C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U\00000001.@
C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U\80000000.@
C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U\800000cb.@
C:\Windows\installer\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\L
C:\Windows\installer\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U
==== Creating Sample_11-06-2013_2100.zip ======================
Copied file C:\Users\Bastiaan\atuvzsda4or6q.exe to sample\atuvzsda4or6q.exe
Copied file C:\Users\Bastiaan\qsqsz64ep1mhi.exe to sample\qsqsz64ep1mhi.exe
Copied file C:\ProgramData\rundll32.exe to sample\rundll32.exe
sample\atuvzsda4or6q.exe renamed to 2E14536FF7E741979FBCF70F396DE16D
sample\qsqsz64ep1mhi.exe renamed to 649950BAEBAE40B249F51F161CAD3A92
sample\rundll32.exe renamed to 51138BEEA3E2C21EC44D0932C71762A8
C:\Users\Public\Desktop\sample_11-06-2013_2100.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-4047963056-2528863786-3777644263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully
==== Deleting Files \ Folders ======================
"C:\ProgramData\fgoghqxvehdogol" deleted
"C:\ProgramData\4a3ir.pad" deleted
"C:\ProgramData\eq02a.pad" deleted
"C:\ProgramData\g2j9.pad" deleted
"C:\ProgramData\as98213.txt" deleted
"C:\ProgramData\kjhy64.txt" deleted
"C:\ProgramData\9j2g.dat" deleted
"C:\ProgramData\a20qe.dat" deleted
"C:\ProgramData\ri3a4.dat" deleted
"C:\ProgramData\eq02a.js" deleted
"C:\ProgramData\eq02a.reg" deleted
"C:\ProgramData\eq02a.bat" deleted
"C:\END" deleted
"C:\Users\Bastiaan\atuvzsda4or6q.exe" deleted
"C:\Users\Bastiaan\qsqsz64ep1mhi.exe" deleted
"C:\ProgramData\rundll32.exe" deleted
"C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\@" deleted
"C:\Users\Bastiaan\AppData\Roaming\Ushaof\ywzys.tiz" deleted
"C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U\00000001.@" deleted
"C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U\80000000.@" deleted
"C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U\800000cb.@" deleted
"C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}" deleted
"C:\Windows\installer\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}" deleted
"C:\Users\Bastiaan\AppData\Roaming\Satyo" deleted
"C:\Users\Bastiaan\AppData\Roaming\Ushaof" deleted
"C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\L" deleted
"C:\Users\Bastiaan\AppData\Local\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U" deleted
"C:\Windows\installer\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\L" deleted
"C:\Windows\installer\{f0a4fc63-9bcf-4802-cbe7-64d01470e2bb}\U" deleted
"C:\Program Files (x86)\BabylonToolbar" deleted
"C:\Program Files (x86)\Windows iLivid Toolbar" deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly" deleted
"C:\Users\Bastiaan\AppData\Local\PackageAware" deleted
"C:\Users\Bastiaan\AppData\Local\Babylon" deleted
"C:\Users\Bastiaan\AppData\LocalLow\boost_interprocess" deleted
"C:\Users\Bastiaan\AppData\LocalLow\DataMngr" deleted
"C:\Users\Bastiaan\AppData\LocalLow\searchqutoolbar" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx[22-05-2013 14:09]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12-12-2011 15:13]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]
YouTube - Bastiaan - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Bastiaan - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AVG Security Toolbar - Bastiaan - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
DivX Plus Web Player HTML5 \u003Cvideo\u003E - Bastiaan - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Gmail - Bastiaan - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"
{3C7F0032-CCDD-43D1-8F94-FE04D9DFFFAE} Yahoo Url="http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{92BB7481-26F0-4D3B-BF07-5E12D7BC0768} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}"
{E439E89B-686E-440A-95BE-F13292C12507} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"
==== Reset Google Chrome ======================
C:\users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Bastiaan\Desktop\AVG PC Tuneup 2011.lnk - C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Users\Bastiaan\Desktop\DivX Movies.lnk - C:\Users\Bastiaan\Videos\DivX Movies
C:\Users\Bastiaan\Desktop\GearBox.lnk - C:\Program Files (x86)\Line6\GearBox\GearBox.exe
C:\Users\Bastiaan\Desktop\HiJackThis.lnk - C:\Users\Bastiaan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\Bastiaan\Desktop\Microsoft Word.lnk - C:\Windows\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe
C:\Users\Bastiaan\Desktop\Play MPE Player.lnk - C:\Program Files (x86)\Play MPE\Player\MPEPlayer.exe
C:\Users\Bastiaan\Desktop\Tracks Eraser Pro.lnk - C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\te.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Users\Public\Desktop\Babylon.lnk - C:\Users\Bastiaan\AppData\Local\Babylon\Setup\Setup.exe "C:\Users\Bastiaan\AppData\Local\Temp\1D3F0F46-BAB0-7891-A773-C5BFA59A2DD6\Setup.exe" -toolbar.exe" /rt /mnt /mds /mhp /babTrack="affID=19764" /s /aflt=babsst /instlref=sst /srcExt=ss -rc
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\DivX Plus Converter.lnk - C:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe SW_SHOWNORMAL
C:\Users\Public\Desktop\DivX Plus Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Public\Desktop\Internetbrowser selecteren.lnk - C:\Windows\System32\browserchoice.exe /launch
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Play HP Games.lnk - C:\Program Files (x86)\HP Games\onplay\onplay.exe "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src desktopoem
C:\Users\Public\Desktop\Play MPE Player 5.lnk - C:\Windows\Installer\{B818D973-20EF-4830-B642-061AD59B5C53}\_D52A372B0F44040535D34C.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\Studio One 2 x64.lnk - C:\Program Files\PreSonus\Studio One 2\Studio One.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk - C:\Windows\System32\rundll32.exe C:\PROGRA~3\a20qe.dat,XFG00
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== shortcuts in Quick Launch ======================
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk - C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Play MPE Player V5.lnk - C:\Program Files (x86)\Play MPE\Player 5\PlayMPEPlayer5.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Play MPE Player.lnk - C:\Program Files (x86)\Play MPE\Player\MPEPlayer.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word.lnk - C:\Windows\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\FileUncompresser.lnk - C:\Users\Bastiaan\Desktop\FileUncompresser.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Bastiaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bastiaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Bastiaan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bastiaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\users\Bastiaan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Bastiaan\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Bastiaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on di 11-06-2013 at 21:25:19,43 ======================
-
Hallo, een virus kaapt mijn computer. Krijg steeds een politiebericht te zien die het opstartproces belemmerd. Nep natuurlijk. Moet zogenaamd geld overmaken. Ik heb overigns het idee dat mijn computer het voor dit virus ook al niet helemaal lekker liep. Dus ik houd rekening met meerdere virus. Ik zit nu in de veilige modus met netwerkmogelijkheden. Maar ook hier heb ik er last van. Of heb ik last van nog een virus. Als ik de computer even met rust laat gaat het ook mis. Dan verlies ik de controle over de muis en gebeuren er allerlei dingen waar ik niet op zit te wachten. Hetzelfde geldt voor werken in de veilige modus zónder netwerkmogelijkheden.
Weet iemand raad? Voor de zekerheid alvast een logje met Hijack gemaakt.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:10:53, on 11-6-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [pejo] "C:\Users\Bastiaan\AppData\Roaming\pejo\vifier.bat"
O4 - HKCU\..\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\a20qe.dat,XFG00
O4 - Startup: regmonstd.lnk = C:\Windows\System32\rundll32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.line6.net
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Tracks Eraser Service (tepsrv) - Acesoft - C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12678 bytes
Politievirus
in Archief Bestrijding malware & virussen
Geplaatst:
Oké. Gedaan. Succesvol denk ik, want er is een logje.