pvn
-
Items
38 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door pvn
-
-
One Note gebruik normaal allen maar voorschermafdruk bij surfen.
Hierbij het log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Peter at 2014-07-03 21:27:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (14%) free of 48 GB
Total RAM: 2046 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:27:16, on 3/07/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rohos\agent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\iTouch\iTouch.exe
C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Peter\Local Settings\Apps\2.0\HD54BB5L.9JM\KEVQ2JL9.WJ7\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Documents and Settings\Peter\Application Data\Copy\CopyAgent.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peter\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Peter.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: SaveSense - {2e32cfe5-df92-4ae5-b0be-609ed0df74a6} - C:\Program Files\SaveSense\SaveSenseIE.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: PrivDogExtension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll
O2 - BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PrivDogService] "C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rohos] C:\Program Files\Rohos\agent.exe
O4 - HKCU\..\Run: [DellSystemDetect] C:\Documents and Settings\Peter\Local Settings\Apps\2.0\HD54BB5L.9JM\KEVQ2JL9.WJ7\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Copy] "C:\Documents and Settings\Peter\Application Data\Copy\CopyAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O15 - Trusted Zone: *.dell.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\MP3 Skype Recorder\Skype4COM.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rohos Disk service (Rohos Disk) - Tesline-Service SRL - C:\Program Files\Rohos\agent.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
--
End of file - 13639 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job - C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe --launchSchedule {0FB77674-7905-4F34-A362-C5A9A26F8CF9}
C:\WINDOWS\tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job - C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe --launchSchedule {F140D794-60B6-4F00-9235-D6457AA25B22}
C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job - C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe --launchSchedule {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job - C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe --launchSchedule {A6D52E4F-569B-4756-B3D8-DF217313DA85}
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\User_Feed_Synchronization-{2072EA55-B9B4-4954-B93F-503F9DE86B6D}.job - C:\WINDOWS\system32\msfeedssync.exe sync
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\m4ueunkx.default
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\m4ueunkx.default\extensions\
{2fab2e94-d6f9-42de-8839-3510cef6424b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6}]
SaveSense - C:\Program Files\SaveSense\SaveSenseIE.dll [2013-12-06 99304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-07 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2014-01-28 583520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2012-08-02 1335872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-07 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}]
PrivDog Extension - C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll [2014-06-17 937128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED663}]
avast! Ad Blocker - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll [2013-02-18 1366720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2012-08-02 1335872]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-11-08 49152]
"zBrowser Launcher"=C:\Program Files\iTouch\iTouch.exe [2004-03-18 892928]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"PrivDogService"=C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe [2014-06-17 662184]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2013-05-01 421888]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25 1225944]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-05-07 256896]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Rohos"=C:\Program Files\Rohos\agent.exe [2013-09-20 812640]
"DellSystemDetect"=C:\Documents and Settings\Peter\Local Settings\Apps\2.0\HD54BB5L.9JM\KEVQ2JL9.WJ7\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe [2014-04-01 258160]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2014-06-05 24474752]
"Copy"=C:\Documents and Settings\Peter\Application Data\Copy\CopyAgent.exe [2014-06-17 13372416]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\Quickset.exe [2007-05-14 1191936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSystemDetect]
C:\Documents and Settings\Peter\Start Menu\Programs\Dell\Dell System Detect.appref-ms [2013-06-13 370]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [2006-10-12 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2013-04-19 1090912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2013-05-01 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.0.lnk]
C:\PROGRA~1\COMMON~1\PANASO~1\PHOTOF~1\AUTOST~1.EXE [2010-11-19 174064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Dropbox.lnk]
C:\DOCUME~1\Peter\APPLIC~1\Dropbox\bin\Dropbox.exe [2014-05-20 33322312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^EvernoteClipper.lnk]
C:\PROGRA~1\Evernote\Evernote\EVERNO~2.EXE [2014-01-28 1104736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Skype C2C Service"=2
"W32Time"=2
"WmiApSrv"=3
"SENS"=2
"SCardSvr"=3
"ShellHWDetection"=2
"LanmanServer"=2
"wscsvc"=2
"RemoteRegistry"=3
"RDSessMgr"=3
"RSVP"=3
"SysmonLog"=3
"mnmsrvc"=3
"Messenger"=3
"cisvc"=3
"helpsvc"=2
"FastUserSwitchingCompatibility"=3
"ERSvc"=2
"TrkWks"=2
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Peter\Start Menu\Programs\Startup
Dropbox.lnk - C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Documents and Settings\Peter\Application Data\Spotify\spotify.exe"="C:\Documents and Settings\Peter\Application Data\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Peter\Desktop\VIRUS\solutoinstaller.exe"="C:\Documents and Settings\Peter\Desktop\VIRUS\solutoinstaller.exe:*:Enabled:SolutoInstaller"
"C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\AVTJVEJ4\solutoinstaller[2].exe"="C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\AVTJVEJ4\solutoinstaller[2].exe:*:Enabled:SolutoInstaller"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\OC0924GY\solutoinstaller-s68om51nq74i[1].exe"="C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\OC0924GY\solutoinstaller-s68om51nq74i[1].exe:*:Enabled:SolutoInstaller"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Comodo\cCloud\cCloud.exe"="C:\Program Files\Comodo\cCloud\cCloud.exe:*:Enabled:cCloud.exe"
"C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Documents and Settings\Peter\My Documents\Downloads\solutoinstaller-p53az92sd78e.exe"="C:\Documents and Settings\Peter\My Documents\Downloads\solutoinstaller-p53az92sd78e.exe:*:Enabled:SolutoInstaller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2014-07-03 21:24:32 ----D---- C:\rsit
2014-07-03 20:54:09 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-20 02:12:56 ----D---- C:\Documents and Settings\Peter\Application Data\Copy
2014-06-12 01:25:36 ----SHD---- C:\Documents and Settings\Peter\Application Data\wyUpdate AU
2014-06-05 10:40:23 ----D---- C:\Program Files\MSECache
2014-06-05 10:11:16 ----D---- C:\Program Files\Common Files\Java
2014-06-05 10:11:03 ----A---- C:\WINDOWS\system32\javaws.exe
2014-06-05 10:10:50 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-05 10:10:50 ----A---- C:\WINDOWS\system32\javaw.exe
2014-06-05 10:10:50 ----A---- C:\WINDOWS\system32\java.exe
2014-06-05 09:27:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-06-05 09:25:58 ----D---- C:\Program Files\Common Files\DESIGNER
======List of files/folders modified in the last 1 month======
2014-07-03 21:27:14 ----D---- C:\Program Files\trend micro
2014-07-03 21:24:43 ----D---- C:\WINDOWS\Temp
2014-07-03 21:11:49 ----A---- C:\WINDOWS\iTouch.ini
2014-07-03 21:10:44 ----D---- C:\Documents and Settings\Peter\Application Data\Dropbox
2014-07-03 21:10:36 ----D---- C:\Documents and Settings\Peter\Application Data\DropboxMaster
2014-07-03 21:09:27 ----D---- C:\WINDOWS
2014-07-03 21:04:28 ----D---- C:\WINDOWS\Prefetch
2014-07-03 20:59:54 ----D---- C:\WINDOWS\system32\CatRoot2
2014-07-03 20:58:29 ----D---- C:\WINDOWS\system32\inetsrv
2014-07-03 20:54:43 ----A---- C:\WINDOWS\ModemLog_PC Connectivity Bluetooth Modem.txt
2014-07-03 20:54:43 ----A---- C:\WINDOWS\ModemLog_Nokia N73 Bluetooth Modem.txt
2014-07-03 20:54:37 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2014-07-03 20:54:09 ----D---- C:\WINDOWS\system32
2014-07-03 20:54:06 ----D---- C:\Config.Msi
2014-07-03 19:00:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-07-03 18:48:54 ----D---- C:\WINDOWS\CCleaner Back Up
2014-07-03 18:38:16 ----D---- C:\Program Files\CCleaner
2014-07-03 03:03:47 ----RD---- C:\Program Files
2014-07-03 03:03:44 ----SHD---- C:\WINDOWS\Installer
2014-07-03 03:02:31 ----D---- C:\Program Files\Google
2014-07-02 16:11:48 ----RSD---- C:\WINDOWS\assembly
2014-07-02 16:09:54 ----RSD---- C:\WINDOWS\Fonts
2014-07-02 16:09:54 ----D---- C:\Program Files\OpenOffice 4
2014-07-02 14:36:40 ----D---- C:\WINDOWS\WinSxS
2014-07-01 18:25:04 ----D---- C:\Program Files\Rohos
2014-07-01 13:43:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-20 16:26:43 ----D---- C:\Program Files\Duplicate Cleaner
2014-06-20 16:04:14 ----D---- C:\WINDOWS\Minidump
2014-06-20 16:04:14 ----D---- C:\WINDOWS\Debug
2014-06-20 15:52:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-06-20 15:31:31 ----D---- C:\Documents and Settings\Peter\Application Data\Nokia
2014-06-20 14:27:32 ----D---- C:\Documents and Settings\Peter\Application Data\PC Suite
2014-06-20 14:12:27 ----D---- C:\WINDOWS\system32\drivers\UMDF
2014-06-20 12:50:52 ----D---- C:\WINDOWS\system32\drivers
2014-06-20 02:13:49 ----SHD---- C:\WINDOWS\system32\AI_RecycleBin
2014-06-19 23:49:25 ----D---- C:\Program Files\Mozilla Firefox
2014-06-19 01:20:45 ----D---- C:\Documents and Settings\Peter\Application Data\Spotify
2014-06-19 01:17:51 ----D---- C:\MDT
2014-06-12 08:57:07 ----HD---- C:\WINDOWS\inf
2014-06-11 00:47:15 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-06-11 00:46:09 ----D---- C:\WINDOWS\system32\MRT
2014-06-11 00:35:38 ----A---- C:\WINDOWS\system32\MRT.exe
2014-06-10 15:13:08 ----AD---- C:\.Trash-1000
2014-06-05 22:34:12 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-06-05 10:44:27 ----SD---- C:\Documents and Settings\Peter\Application Data\Microsoft
2014-06-05 10:40:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2014-06-05 10:11:16 ----D---- C:\Program Files\Common Files
2014-06-05 10:10:48 ----D---- C:\Program Files\Java
2014-06-05 09:22:50 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2013-02-08 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2013-02-08 39224]
R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-07-21 99176]
R0 gfibto;gfibto; C:\WINDOWS\system32\drivers\gfibto.sys [2013-07-19 13560]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2014-04-16 104920]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2011-08-09 3840]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2014-04-16 15704]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2014-04-16 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2014-04-16 29912]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2013-06-12 21361]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 RHDISK;RHDISK; \??\C:\Program Files\Rohos\RHDISK.SYS []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;WLAN-transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R2 XAudio;XAudio; C:\WINDOWS\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 btaudio;Bluetooth-audioapparaat; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTDriver;Bluetooth virtuele-communicatiestuurprogramma; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
R3 BTKRNL;Bluetooth bus-enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]
R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2004-03-03 14095]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw4x32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2013-02-08 96568]
S0 cerc6;cerc6; C:\WINDOWS\system32\drivers\cerc6.sys []
S1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2013-02-08 170808]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz136;cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys []
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-12-20 27008]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-12-20 36736]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-12-20 69376]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2013-01-23 18560]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2013-01-23 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2013-01-23 137600]
S3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-03-27 74752]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-10-17 19072]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2013-01-23 8192]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2013-01-23 8192]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-04-16 5306504]
R2 DragonUpdater;COMODO Dragon Update Service; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2014-05-21 2135232]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-05-07 182696]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 Rohos Disk;Rohos Disk service; C:\Program Files\Rohos\agent.exe [2013-09-20 812640]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-26 116648]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 XAudioService;XAudioService; C:\WINDOWS\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-26 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-26 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-02 119408]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]
-----------------EOF-----------------
-
Ja, je begrijpt het goed, die bestanden komen overal voor, zowel op C, mijn documenten, willekeurige onderliggende mappen, usb stick als gdrive. In totaal ongeveer 500. Geen idee waar ze voor staan...
-
Dag Clarkie,
De bestanden komen voor in de meeste mappen, er zijn er wel 500.
Mvg
Peter
Als ik er op click opent ONE NOTE zich met volgend bericht:
Eens geopend verdwijnen ze weer en staan ze niet meer in de initiële map.
De vraag is eigenlijk of ik ze via “zoeken” allen in eens kan verwijderen.
-
Goede middag, is het veilig om honderden bestanden "Microsoft Office OneNote Table Of Contents" te verwijderen. Waarvoor dienen die bestanden? Met Dank.
-
Goede Midd
OneNote-inhoudsopgave.onetoc2 (Microsoft Office OneNote Table Of Contents)
- - - Updated - - -
Even opnieuw, kan iemand me vertellen of het veilig is om honderden OneNote-inhoudsopgave.onetoc2 (Microsoft Office OneNote Table Of Contents) te verwijderen.
Met dank
-
Kape,
Update is niet mogelijk gezien ik met xp pro zit....
-
Kape,
Werkt al een stuk beter. Pagina MSN.fr kon ik via SOLUDO veranderen. Wat nog altijd niet werkt is INTERNET OPTIONS (ook niet via controle panel)
Als ik erop klik flits het menu even op en verdwijnt dan weer.
Kan dit verholpen worden?
Avast weer gewisseld voor Comodo.
Mvg,
Peter
-
Kape,
Werkt al een stuk beter. Pagina MSN.fr kon ik via SOLUDO veranderen. Wat nog altijd niet werkt is INTERNET OPTIONS (ook niet via controle panel)
Als ik erop klik flits het menu even op en verdwijnt dan weer.
Kan dit verholpen worden?
Avast weer gewisseld voor Comodo.
Mvg,
Peter
-
Bedankt Kape,
Hierbij het log:
Zoek.exe Version 4.0.0.5 Updated 24-November-2013
Tool run by JULIE on 29/11/2013 at 9:34:46,62.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\JULIE\Desktop\zoek\zoek.exe [script inserted] [Checkboxes used]
==== System Restore Info ======================
29/11/2013 09:51:25 Zoek.exe System Restore Point Created Succesfully.
==== Possible Rootkit Infection ======================
C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Desktop\Install
==== Empty Folders Check ======================
C:\Program Files\Acro Software deleted successfully
C:\Program Files\File Type Assistant deleted successfully
C:\Program Files\Free PDF to Word Doc Converter deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\NirSoft deleted successfully
C:\Program Files\Common Files\PDF Architect deleted successfully
C:\Documents and Settings\All Users\Start Menu\Programs\Free PDF to Word Doc Converter deleted successfully
C:\Documents and Settings\All Users\Application Data\Musicnotes deleted successfully
C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} deleted successfully
C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} deleted successfully
C:\Documents and Settings\GX620\Application Data\Media Player Classic deleted successfully
C:\Documents and Settings\JULIE\Application Data\Sweetpacks deleted successfully
C:\Documents and Settings\JULIE\Application Data\uTorrent deleted successfully
C:\Documents and Settings\JULIE\Local Settings\Application Data\Avg2013 deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Documents and Settings\JULIE\Application Data\Mozilla\Firefox\Profiles\qud148ew.default\prefs.js:
Added to C:\Documents and Settings\JULIE\Application Data\Mozilla\Firefox\Profiles\qud148ew.default\prefs.js:
user_pref("browser.startup.homepage", "Google");
user_pref("browser.search.defaulturl", "Google=");
user_pref("browser.newtab.url", "Google");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "Google=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Documents and Settings\JULIE\Application Data\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]phd10\prefs.js:
user_pref("browser.startup.homepage", "Yahoo France");
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.selectedEngine", "Yahoo");
user_pref("keyword.URL", "Yahoo Search - Recherche Web=");
Added to C:\Documents and Settings\JULIE\Application Data\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]phd10\prefs.js:
user_pref("browser.startup.homepage", "Google");
user_pref("browser.search.defaulturl", "Google=");
user_pref("browser.newtab.url", "Google");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "Google=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
==== Deleting Files \ Folders ======================
C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} not found
C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} not found
C:\Documents and Settings\JULIE\usrusmt2.tmp deleted
C:\Documents and Settings\All Users\Application Data\InstallMate deleted
C:\Documents and Settings\All Users\Application Data\Package Cache deleted
C:\Documents and Settings\GX620\Local Settings\Application Data\BearShare deleted
C:\Documents and Settings\JULIE\Local Settings\Application Data\Software deleted
C:\Documents and Settings\LocalService\Local Settings\Application Data\Software deleted
C:\user.js deleted
"C:\WINDOWS\tasks\AVG_REG_0913b.job" deleted
"C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job" deleted
"C:\WINDOWS\tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job" deleted
"C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1580818891-1417001333-1003.job" deleted
"C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1580818891-1417001333-1004.job" deleted
"C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1580818891-1417001333-1005.job" deleted
"C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1580818891-1417001333-1003.job" deleted
"C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1580818891-1417001333-1004.job" deleted
"C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1580818891-1417001333-1005.job" deleted
"C:\Documents and Settings\All Users\Application Data\F8BAA3F3C992E6890000F8B9AB3DEA55\F8BAA3F3C992E6890000F8B9AB3DEA55" deleted
"C:\Documents and Settings\All Users\Application Data\F8BAA3F3C992E6890000F8B9AB3DEA55\F8BAA3F3C992E6890000F8B9AB3DEA55.ico" deleted
"C:\Documents and Settings\All Users\Application Data\F8BAA3F3C992E6890000F8B9AB3DEA55" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2013-11-25 14:18:33 D0FBC21805855396820D9C8A6A082A6A 43152 ----a-w- C:\WINDOWS\avastSS.scr
====== C:\DOCUME~1\JULIE\LOCALS~1\Temp ====
2013-11-24 11:15:22 244ED0E8BA77CFA7CA28BE69B8F14447 915368 ----a-w- C:\Documents and Settings\JULIE\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
====== Java Cache =====
2013-11-27 19:33:17 76C8396B8DFA77938A919B13CA2BF6D9 10061 ----a-w- C:\Documents and Settings\JULIE\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2\5b00f142-48058456
2013-11-27 19:33:16 3AA71F6D0F3B0DA12034611B9FCB104F 79 ----a-w- C:\Documents and Settings\JULIE\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\53\5b8942b5-6.0.lap
====== C:\WINDOWS\system32 =====
2013-11-25 14:18:38 F0B1660638A5324AFCE1C739D768B3D8 269216 ----a-w- C:\WINDOWS\System32\aswBoot.exe
2013-11-24 11:17:54 B01416804D89B5EC1D206E6DF542DFAB 145408 ----a-w- C:\WINDOWS\System32\javacpl.cpl
2013-11-24 11:17:54 9223A2810B73069F4A03A636052EF14A 264616 ----a-w- C:\WINDOWS\System32\javaws.exe
2013-11-24 11:17:39 DC1342498BEE7EF1646E9D63138B69CC 175016 ----a-w- C:\WINDOWS\System32\javaw.exe
2013-11-24 11:17:39 9BF46C7F21E75FA0BB03AA93368CC66C 94632 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll
2013-11-24 11:17:39 658633D255FEF154EA1CB8705B4468C5 174504 ----a-w- C:\WINDOWS\System32\java.exe
====== C:\WINDOWS\system32\drivers =====
2013-11-25 14:18:43 8BCD47E79EAA40C387D7B9DCEC41DE2D 57672 ----a-w- C:\WINDOWS\System32\drivers\aswTdi.sys
2013-11-25 14:18:42 F385467DF95D0A73775CB3B076B8B969 49944 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2013-11-25 14:18:42 BADA8FD627F1D0E22308211C33F0BDB5 178304 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2013-11-25 14:18:42 259E864BFB9268CD7CEFA5849A3B374B 403440 ----a-w- C:\WINDOWS\System32\drivers\aswsp.sys
2013-11-25 14:18:41 D5730129EA9ADF7AE710DA0B14F9DE19 35656 ----a-w- C:\WINDOWS\System32\drivers\aswFsBlk.sys
2013-11-25 14:18:41 6F23333C8358D267718F9ECB21CBB6F4 70384 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2013-11-25 14:18:41 50C85412AD31F5C0F687F00C2E34C673 774392 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2013-11-25 14:18:40 29CB7009F11470A24B1D49849A6118A5 54832 ----a-w- C:\WINDOWS\System32\drivers\aswRdr.sys
====== C:\WINDOWS\Tasks ======
2013-11-25 14:26:21 13CE73B8A40032AED2EAD066F5072FDD 364 ---ha-w- C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-11-22 09:14:55 171E719A8FE7755ADD232C0C0A18AF87 1084 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1580818891-1417001333-1005Core.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-11-28 23:45:49 -------- d-----w- C:\Program Files\trend micro
2013-11-28 11:25:11 -------- d-----w- C:\Program Files\Adblock Plus for IE
2013-11-28 10:55:09 -------- d-----w- C:\Program Files\Dropbox
2013-11-28 10:52:40 35334016 ----a-w- C:\Program Files\Dropbox 2.4.7.exe
======= C: =====
2013-11-29 08:52:31 37D44C9BDE58E6C9BE5B1EE3AC4EC8F4 90 ----a-w- C:\folders.txt
====== C:\Documents and Settings\JULIE\Application Data ======
2013-11-28 11:26:57 -------- d-----w- C:\Documents and Settings\JULIE\Local Settings\Application Data\Adblock Plus for IE
2013-11-28 11:25:13 -------- d-----w- C:\Documents and Settings\JULIE\Application Data\Adblock Plus for IE
2013-11-28 10:54:49 -------- d-----w- C:\Documents and Settings\JULIE\Start Menu\Programs\Dropbox
2013-11-28 10:53:56 -------- d-----w- C:\Documents and Settings\JULIE\Application Data\Dropbox
2013-11-25 14:11:26 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2013
====== C:\Documents and Settings\JULIE ======
2013-11-28 23:45:24 B9B5E09AACBCCEC00D4C4452F7ABB8FB 781909 ----a-w- C:\Documents and Settings\JULIE\Desktop\RSIT.exe
2013-11-28 20:25:56 -------- d--h--r- C:\Documents and Settings\JULIE\Recent
====== C: exe-files ==
2013-11-29 08:25:23 18386D0E20887CE1868638511220014D 1272832 ----a-w- C:\RECYCLER\S-1-5-21-1343024091-1580818891-1417001333-1005\Dc1.exe
2013-11-28 23:45:51 FAAE6704627CE37C8E0FB59341604BC5 64467 ----a-w- C:\Program Files\trend micro\JULIE.exe
2013-11-28 23:45:24 B9B5E09AACBCCEC00D4C4452F7ABB8FB 781909 ----a-w- C:\Documents and Settings\JULIE\Desktop\RSIT.exe
2013-11-28 10:55:09 495402813BAC6E506F17306373878F5B 29770248 ----a-w- C:\Program Files\Dropbox\DropboxProxy.exe
2013-11-28 10:52:40 D59FF1C6B3E970350F5B29BF53E16AE5 35334016 ----a-w- C:\Program Files\Dropbox 2.4.7.exe
2013-11-25 14:18:38 F0B1660638A5324AFCE1C739D768B3D8 269216 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2013-11-24 11:17:54 9223A2810B73069F4A03A636052EF14A 264616 ----a-w- C:\WINDOWS\system32\javaws.exe
2013-11-24 11:17:39 DC1342498BEE7EF1646E9D63138B69CC 175016 ----a-w- C:\WINDOWS\system32\javaw.exe
2013-11-24 11:17:39 658633D255FEF154EA1CB8705B4468C5 174504 ----a-w- C:\WINDOWS\system32\java.exe
2013-11-24 11:15:22 244ED0E8BA77CFA7CA28BE69B8F14447 915368 ----a-w- C:\Documents and Settings\JULIE\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
2013-11-22 15:17:34 2A6BE138266B9C6A76BEAF931C725EB4 469072 ----a-w- C:\Documents and Settings\JULIE\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
2013-11-22 09:14:55 EB8EEB98D01B5D31898D8E53C3789832 59784 ----atw- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleUpdateBroker.exe
2013-11-22 09:14:55 CEFEBDB9E274BD90C12D131ED25CC819 59784 ----atw- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe
2013-11-22 09:14:54 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
2013-11-22 09:14:54 4AFFF5FE4E69C8E7C5F1E4F3511301CF 818968 ----a-w- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleUpdateSetup.exe
2013-11-22 09:14:42 CF7B0E597C1F34E528285495721DEEE9 237960 ----atw- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleCrashHandler.exe
2013-11-22 09:14:42 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleUpdate.exe
2013-11-22 09:14:42 0DC0DE2966A6DBA4CFBF6639DF44F5BA 319880 ----atw- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
=== C: other files ==
2013-11-29 08:25:22 BC7ACE2C646A01D194CBBD8B43CAD4DA 1398596 ----a-w- C:\RECYCLER\S-1-5-21-1343024091-1580818891-1417001333-1005\Dc2.com
2013-11-25 14:18:43 8BCD47E79EAA40C387D7B9DCEC41DE2D 57672 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2013-11-25 14:18:42 F385467DF95D0A73775CB3B076B8B969 49944 ----a-w- C:\WINDOWS\system32\drivers\aswRvrt.sys
2013-11-25 14:18:42 BADA8FD627F1D0E22308211C33F0BDB5 178304 ----a-w- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-11-25 14:18:42 259E864BFB9268CD7CEFA5849A3B374B 403440 ----a-w- C:\WINDOWS\system32\drivers\aswsp.sys
2013-11-25 14:18:41 D5730129EA9ADF7AE710DA0B14F9DE19 35656 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2013-11-25 14:18:41 6F23333C8358D267718F9ECB21CBB6F4 70384 ----a-w- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2013-11-25 14:18:41 50C85412AD31F5C0F687F00C2E34C673 774392 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-11-25 14:18:40 29CB7009F11470A24B1D49849A6118A5 54832 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-1343024091-1580818891-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"Google Update"="C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
"Google Update"="C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn /f"
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn /f"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn /f"
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn /f"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe -osboot"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"Google Update"="C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
"Google Update"="C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bubble Dock]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LBubble Dock"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\GX620\\Application Data\\Nosibay\\Bubble Dock\\LBubble Dock.exe\" /winstartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON BX300F Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_SBA"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIEJE.EXE /FU \"C:\\WINDOWS\\TEMP\\E_SBA.tmp\" /EF \"HKCU\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OPTENET_GUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optgui"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\CONTRO~1\\bin\\optgui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\snp2std]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vsnp2std"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\vsnp2std.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smax4pnp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tisapeksyrte]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tisapeksyrte"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\JULIE\\tisapeksyrte.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\program files\\real\\realplayer\\update\\realsched.exe\" -osboot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
"backup"="C:\\WINDOWS\\pss\\McAfee Security Scan Plus.lnkCommon Startup"
"command"="C:\\PROGRA~1\\MCAFEE~1\\30982A~1.207\\SSSCHE~1.EXE "
"item"="McAfee Security Scan Plus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
==== Startup Folders ======================
2013-11-28 13:49:53 1024 ----a-w- C:\Documents and Settings\JULIE\Start Menu\Programs\Startup\Dropbox.lnk
2013-06-29 14:33:27 695 ----a-w- C:\Documents and Settings\JULIE\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02/09/2012 10:25]
C:\WINDOWS\tasks\avast\Undetermined Task.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12/03/2010 21:08]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12/03/2010 21:08]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1580818891-1417001333-1005Core.job --a------ [undetermined Task]
C:\WINDOWS\tasks\ReclaimerResumeInstall_JULIE.job --a------ C:\Documents and Settings\JULIE\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [22/11/2013 16:17]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [11/11/2012 14:11]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"="C:\Program Files\Web Assistant\Firefox" []
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\JULIE\Application Data\Mozilla\Firefox\Profiles\qud148ew.default
E5AF72B7353FF8D431A7C463A4229524 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U45
7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
4469481C70FB8FF1A85064DDCE03BF49 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.2
951D672F07618CB0783D57EBD65A6EEC - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.2
D53B3F53C1D01D340E9172CC6F2D6385 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.2
B96B53C659E607F7C1E0AD61D8BD57EB - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.2
B6EF669108C9904ACB9933D836733EBA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.2
3565E1D67807EC10A1E26ED42B42B8F2 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.2
652F8CCB343D0CC33D44146CB2948C0D - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.2
256C847CD03160C9088FB440DB929448 - c:\program files\real\realplayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
9013599B12923A45C029C34E8D2211AC - c:\Program Files\Microsoft Silverlight\5.1.10411.0 begin_of_the_skype_highlighting
5.1.10411.0 FREE end_of_the_skype_highlighting\npctrl.dll - Silverlight Plug-In1FA3B42DA40D0F387A7899A9731A2E94 - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
1FA3B42DA40D0F387A7899A9731A2E94 - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
B0753E73FF63F485521A9DDEB7DE91EB - C:\Program Files\Musicnotes\npmusicn.dll - Musicnotes
0DD1E0A385B888107A1F9206189596CF - C:\Program Files\Musicnotes\NPSibelius.dll - ScorchPlugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
BF2AD333C79072EEBE5AE0D72670E64E - c:\Program Files\Microsoft Silverlight\5.1.10411.0 begin_of_the_skype_highlighting
5.1.10411.0 FREE end_of_the_skype_highlighting\npctrlui.dll - Microsoft® Silverlight68A131335A20B343923A2957EB1E413D - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
algijfiaiapkekcjonmjfiniajogplli - C:\Documents and Settings\All Users\Application Data\Bcool\algijfiaiapkekcjonmjfiniajogplli.crx[]
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[11/11/2012 14:11]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09/10/2013 09:59]
nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files\TornTV.com\torn2_10.crx[]
RealPlayer HTML5Video Downloader Extension - GX620 - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
==== Chrome Fix ======================
C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully
C:\Documents and Settings\GX620\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail"
"Default_page_url"="Google"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_page_url"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
"Start Page"="MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{71047469-F76E-4705-8116-96756417035D}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{21219173-FB2A-4E4B-81DF-CF52DE0AC492} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
{71047469-F76E-4705-8116-96756417035D} Google Url="{searchTerms} - Google Search?}"
==== Reset Google Chrome ======================
C:\Documents and Settings\GX620\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\GX620\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1343024091-1580818891-1417001333-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-1343024091-1580818891-1417001333-1005\Software\Microsoft\Internet Explorer\SearchScopes\{21219173-FB2A-4E4B-81DF-CF52DE0AC492} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\algijfiaiapkekcjonmjfiniajogplli deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bubble Dock deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPTENET_GUI deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tisapeksyrte deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\GX620\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\GX620\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\JULIE\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Documents and Settings\GX620\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\JULIE\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\JULIE\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\All Users\Start Menu\Programs\Fingers for Windows" not deleted
"C:\Documents and Settings\All Users\Start Menu\Programs\Recuva" not deleted
"C:\Documents and Settings\All Users\Start Menu\Programs\Reflex'English Cambridge" not deleted
==== EOF on 29/11/2013 at 10:11:53,17 ======================
-
Bedankt Kape,
Hierbij het log:
Zoek.exe Version 4.0.0.5 Updated 24-November-2013
Tool run by JULIE on 29/11/2013 at 9:34:46,62.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\JULIE\Desktop\zoek\zoek.exe [script inserted] [Checkboxes used]
==== System Restore Info ======================
29/11/2013 09:51:25 Zoek.exe System Restore Point Created Succesfully.
==== Possible Rootkit Infection ======================
C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Desktop\Install
==== Empty Folders Check ======================
C:\Program Files\Acro Software deleted successfully
C:\Program Files\File Type Assistant deleted successfully
C:\Program Files\Free PDF to Word Doc Converter deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\NirSoft deleted successfully
C:\Program Files\Common Files\PDF Architect deleted successfully
C:\Documents and Settings\All Users\Start Menu\Programs\Free PDF to Word Doc Converter deleted successfully
C:\Documents and Settings\All Users\Application Data\Musicnotes deleted successfully
C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} deleted successfully
C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} deleted successfully
C:\Documents and Settings\GX620\Application Data\Media Player Classic deleted successfully
C:\Documents and Settings\JULIE\Application Data\Sweetpacks deleted successfully
C:\Documents and Settings\JULIE\Application Data\uTorrent deleted successfully
C:\Documents and Settings\JULIE\Local Settings\Application Data\Avg2013 deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Documents and Settings\JULIE\Application Data\Mozilla\Firefox\Profiles\qud148ew.default\prefs.js:
Added to C:\Documents and Settings\JULIE\Application Data\Mozilla\Firefox\Profiles\qud148ew.default\prefs.js:
user_pref("browser.startup.homepage", "Google");
user_pref("browser.search.defaulturl", "Google=");
user_pref("browser.newtab.url", "Google");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "Google=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Documents and Settings\JULIE\Application Data\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]phd10\prefs.js:
user_pref("browser.startup.homepage", "Yahoo France");
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.selectedEngine", "Yahoo");
user_pref("keyword.URL", "Yahoo Search - Recherche Web=");
Added to C:\Documents and Settings\JULIE\Application Data\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]phd10\prefs.js:
user_pref("browser.startup.homepage", "Google");
user_pref("browser.search.defaulturl", "Google=");
user_pref("browser.newtab.url", "Google");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "Google=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
==== Deleting Files \ Folders ======================
C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} not found
C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} not found
C:\Documents and Settings\JULIE\usrusmt2.tmp deleted
C:\Documents and Settings\All Users\Application Data\InstallMate deleted
C:\Documents and Settings\All Users\Application Data\Package Cache deleted
C:\Documents and Settings\GX620\Local Settings\Application Data\BearShare deleted
C:\Documents and Settings\JULIE\Local Settings\Application Data\Software deleted
C:\Documents and Settings\LocalService\Local Settings\Application Data\Software deleted
C:\user.js deleted
"C:\WINDOWS\tasks\AVG_REG_0913b.job" deleted
"C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job" deleted
"C:\WINDOWS\tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job" deleted
"C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1580818891-1417001333-1003.job" deleted
"C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1580818891-1417001333-1004.job" deleted
"C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1580818891-1417001333-1005.job" deleted
"C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1580818891-1417001333-1003.job" deleted
"C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1580818891-1417001333-1004.job" deleted
"C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1580818891-1417001333-1005.job" deleted
"C:\Documents and Settings\All Users\Application Data\F8BAA3F3C992E6890000F8B9AB3DEA55\F8BAA3F3C992E6890000F8B9AB3DEA55" deleted
"C:\Documents and Settings\All Users\Application Data\F8BAA3F3C992E6890000F8B9AB3DEA55\F8BAA3F3C992E6890000F8B9AB3DEA55.ico" deleted
"C:\Documents and Settings\All Users\Application Data\F8BAA3F3C992E6890000F8B9AB3DEA55" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2013-11-25 14:18:33 D0FBC21805855396820D9C8A6A082A6A 43152 ----a-w- C:\WINDOWS\avastSS.scr
====== C:\DOCUME~1\JULIE\LOCALS~1\Temp ====
2013-11-24 11:15:22 244ED0E8BA77CFA7CA28BE69B8F14447 915368 ----a-w- C:\Documents and Settings\JULIE\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
====== Java Cache =====
2013-11-27 19:33:17 76C8396B8DFA77938A919B13CA2BF6D9 10061 ----a-w- C:\Documents and Settings\JULIE\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2\5b00f142-48058456
2013-11-27 19:33:16 3AA71F6D0F3B0DA12034611B9FCB104F 79 ----a-w- C:\Documents and Settings\JULIE\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\53\5b8942b5-6.0.lap
====== C:\WINDOWS\system32 =====
2013-11-25 14:18:38 F0B1660638A5324AFCE1C739D768B3D8 269216 ----a-w- C:\WINDOWS\System32\aswBoot.exe
2013-11-24 11:17:54 B01416804D89B5EC1D206E6DF542DFAB 145408 ----a-w- C:\WINDOWS\System32\javacpl.cpl
2013-11-24 11:17:54 9223A2810B73069F4A03A636052EF14A 264616 ----a-w- C:\WINDOWS\System32\javaws.exe
2013-11-24 11:17:39 DC1342498BEE7EF1646E9D63138B69CC 175016 ----a-w- C:\WINDOWS\System32\javaw.exe
2013-11-24 11:17:39 9BF46C7F21E75FA0BB03AA93368CC66C 94632 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll
2013-11-24 11:17:39 658633D255FEF154EA1CB8705B4468C5 174504 ----a-w- C:\WINDOWS\System32\java.exe
====== C:\WINDOWS\system32\drivers =====
2013-11-25 14:18:43 8BCD47E79EAA40C387D7B9DCEC41DE2D 57672 ----a-w- C:\WINDOWS\System32\drivers\aswTdi.sys
2013-11-25 14:18:42 F385467DF95D0A73775CB3B076B8B969 49944 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2013-11-25 14:18:42 BADA8FD627F1D0E22308211C33F0BDB5 178304 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2013-11-25 14:18:42 259E864BFB9268CD7CEFA5849A3B374B 403440 ----a-w- C:\WINDOWS\System32\drivers\aswsp.sys
2013-11-25 14:18:41 D5730129EA9ADF7AE710DA0B14F9DE19 35656 ----a-w- C:\WINDOWS\System32\drivers\aswFsBlk.sys
2013-11-25 14:18:41 6F23333C8358D267718F9ECB21CBB6F4 70384 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2013-11-25 14:18:41 50C85412AD31F5C0F687F00C2E34C673 774392 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2013-11-25 14:18:40 29CB7009F11470A24B1D49849A6118A5 54832 ----a-w- C:\WINDOWS\System32\drivers\aswRdr.sys
====== C:\WINDOWS\Tasks ======
2013-11-25 14:26:21 13CE73B8A40032AED2EAD066F5072FDD 364 ---ha-w- C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-11-22 09:14:55 171E719A8FE7755ADD232C0C0A18AF87 1084 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1580818891-1417001333-1005Core.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-11-28 23:45:49 -------- d-----w- C:\Program Files\trend micro
2013-11-28 11:25:11 -------- d-----w- C:\Program Files\Adblock Plus for IE
2013-11-28 10:55:09 -------- d-----w- C:\Program Files\Dropbox
2013-11-28 10:52:40 35334016 ----a-w- C:\Program Files\Dropbox 2.4.7.exe
======= C: =====
2013-11-29 08:52:31 37D44C9BDE58E6C9BE5B1EE3AC4EC8F4 90 ----a-w- C:\folders.txt
====== C:\Documents and Settings\JULIE\Application Data ======
2013-11-28 11:26:57 -------- d-----w- C:\Documents and Settings\JULIE\Local Settings\Application Data\Adblock Plus for IE
2013-11-28 11:25:13 -------- d-----w- C:\Documents and Settings\JULIE\Application Data\Adblock Plus for IE
2013-11-28 10:54:49 -------- d-----w- C:\Documents and Settings\JULIE\Start Menu\Programs\Dropbox
2013-11-28 10:53:56 -------- d-----w- C:\Documents and Settings\JULIE\Application Data\Dropbox
2013-11-25 14:11:26 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2013
====== C:\Documents and Settings\JULIE ======
2013-11-28 23:45:24 B9B5E09AACBCCEC00D4C4452F7ABB8FB 781909 ----a-w- C:\Documents and Settings\JULIE\Desktop\RSIT.exe
2013-11-28 20:25:56 -------- d--h--r- C:\Documents and Settings\JULIE\Recent
====== C: exe-files ==
2013-11-29 08:25:23 18386D0E20887CE1868638511220014D 1272832 ----a-w- C:\RECYCLER\S-1-5-21-1343024091-1580818891-1417001333-1005\Dc1.exe
2013-11-28 23:45:51 FAAE6704627CE37C8E0FB59341604BC5 64467 ----a-w- C:\Program Files\trend micro\JULIE.exe
2013-11-28 23:45:24 B9B5E09AACBCCEC00D4C4452F7ABB8FB 781909 ----a-w- C:\Documents and Settings\JULIE\Desktop\RSIT.exe
2013-11-28 10:55:09 495402813BAC6E506F17306373878F5B 29770248 ----a-w- C:\Program Files\Dropbox\DropboxProxy.exe
2013-11-28 10:52:40 D59FF1C6B3E970350F5B29BF53E16AE5 35334016 ----a-w- C:\Program Files\Dropbox 2.4.7.exe
2013-11-25 14:18:38 F0B1660638A5324AFCE1C739D768B3D8 269216 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2013-11-24 11:17:54 9223A2810B73069F4A03A636052EF14A 264616 ----a-w- C:\WINDOWS\system32\javaws.exe
2013-11-24 11:17:39 DC1342498BEE7EF1646E9D63138B69CC 175016 ----a-w- C:\WINDOWS\system32\javaw.exe
2013-11-24 11:17:39 658633D255FEF154EA1CB8705B4468C5 174504 ----a-w- C:\WINDOWS\system32\java.exe
2013-11-24 11:15:22 244ED0E8BA77CFA7CA28BE69B8F14447 915368 ----a-w- C:\Documents and Settings\JULIE\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
2013-11-22 15:17:34 2A6BE138266B9C6A76BEAF931C725EB4 469072 ----a-w- C:\Documents and Settings\JULIE\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
2013-11-22 09:14:55 EB8EEB98D01B5D31898D8E53C3789832 59784 ----atw- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleUpdateBroker.exe
2013-11-22 09:14:55 CEFEBDB9E274BD90C12D131ED25CC819 59784 ----atw- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe
2013-11-22 09:14:54 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
2013-11-22 09:14:54 4AFFF5FE4E69C8E7C5F1E4F3511301CF 818968 ----a-w- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleUpdateSetup.exe
2013-11-22 09:14:42 CF7B0E597C1F34E528285495721DEEE9 237960 ----atw- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleCrashHandler.exe
2013-11-22 09:14:42 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleUpdate.exe
2013-11-22 09:14:42 0DC0DE2966A6DBA4CFBF6639DF44F5BA 319880 ----atw- C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
=== C: other files ==
2013-11-29 08:25:22 BC7ACE2C646A01D194CBBD8B43CAD4DA 1398596 ----a-w- C:\RECYCLER\S-1-5-21-1343024091-1580818891-1417001333-1005\Dc2.com
2013-11-25 14:18:43 8BCD47E79EAA40C387D7B9DCEC41DE2D 57672 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2013-11-25 14:18:42 F385467DF95D0A73775CB3B076B8B969 49944 ----a-w- C:\WINDOWS\system32\drivers\aswRvrt.sys
2013-11-25 14:18:42 BADA8FD627F1D0E22308211C33F0BDB5 178304 ----a-w- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-11-25 14:18:42 259E864BFB9268CD7CEFA5849A3B374B 403440 ----a-w- C:\WINDOWS\system32\drivers\aswsp.sys
2013-11-25 14:18:41 D5730129EA9ADF7AE710DA0B14F9DE19 35656 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2013-11-25 14:18:41 6F23333C8358D267718F9ECB21CBB6F4 70384 ----a-w- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2013-11-25 14:18:41 50C85412AD31F5C0F687F00C2E34C673 774392 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-11-25 14:18:40 29CB7009F11470A24B1D49849A6118A5 54832 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-1343024091-1580818891-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"Google Update"="C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
"Google Update"="C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn /f"
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn /f"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn /f"
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn /f"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe -osboot"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"Google Update"="C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
"Google Update"="C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bubble Dock]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LBubble Dock"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\GX620\\Application Data\\Nosibay\\Bubble Dock\\LBubble Dock.exe\" /winstartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON BX300F Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_SBA"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIEJE.EXE /FU \"C:\\WINDOWS\\TEMP\\E_SBA.tmp\" /EF \"HKCU\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OPTENET_GUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optgui"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\CONTRO~1\\bin\\optgui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\snp2std]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vsnp2std"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\vsnp2std.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smax4pnp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tisapeksyrte]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tisapeksyrte"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\JULIE\\tisapeksyrte.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\program files\\real\\realplayer\\update\\realsched.exe\" -osboot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
"backup"="C:\\WINDOWS\\pss\\McAfee Security Scan Plus.lnkCommon Startup"
"command"="C:\\PROGRA~1\\MCAFEE~1\\30982A~1.207\\SSSCHE~1.EXE "
"item"="McAfee Security Scan Plus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
==== Startup Folders ======================
2013-11-28 13:49:53 1024 ----a-w- C:\Documents and Settings\JULIE\Start Menu\Programs\Startup\Dropbox.lnk
2013-06-29 14:33:27 695 ----a-w- C:\Documents and Settings\JULIE\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02/09/2012 10:25]
C:\WINDOWS\tasks\avast\Undetermined Task.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12/03/2010 21:08]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12/03/2010 21:08]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1580818891-1417001333-1005Core.job --a------ [undetermined Task]
C:\WINDOWS\tasks\ReclaimerResumeInstall_JULIE.job --a------ C:\Documents and Settings\JULIE\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [22/11/2013 16:17]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [11/11/2012 14:11]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"="C:\Program Files\Web Assistant\Firefox" []
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\JULIE\Application Data\Mozilla\Firefox\Profiles\qud148ew.default
E5AF72B7353FF8D431A7C463A4229524 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U45
7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
4469481C70FB8FF1A85064DDCE03BF49 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.2
951D672F07618CB0783D57EBD65A6EEC - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.2
D53B3F53C1D01D340E9172CC6F2D6385 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.2
B96B53C659E607F7C1E0AD61D8BD57EB - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.2
B6EF669108C9904ACB9933D836733EBA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.2
3565E1D67807EC10A1E26ED42B42B8F2 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.2
652F8CCB343D0CC33D44146CB2948C0D - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.2
256C847CD03160C9088FB440DB929448 - c:\program files\real\realplayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
9013599B12923A45C029C34E8D2211AC - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
1FA3B42DA40D0F387A7899A9731A2E94 - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
1FA3B42DA40D0F387A7899A9731A2E94 - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
B0753E73FF63F485521A9DDEB7DE91EB - C:\Program Files\Musicnotes\npmusicn.dll - Musicnotes
0DD1E0A385B888107A1F9206189596CF - C:\Program Files\Musicnotes\NPSibelius.dll - ScorchPlugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
BF2AD333C79072EEBE5AE0D72670E64E - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight
68A131335A20B343923A2957EB1E413D - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
algijfiaiapkekcjonmjfiniajogplli - C:\Documents and Settings\All Users\Application Data\Bcool\algijfiaiapkekcjonmjfiniajogplli.crx[]
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[11/11/2012 14:11]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09/10/2013 09:59]
nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files\TornTV.com\torn2_10.crx[]
RealPlayer HTML5Video Downloader Extension - GX620 - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
==== Chrome Fix ======================
C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully
C:\Documents and Settings\GX620\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail"
"Default_page_url"="Google"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_page_url"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
"Start Page"="MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{71047469-F76E-4705-8116-96756417035D}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{21219173-FB2A-4E4B-81DF-CF52DE0AC492} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
{71047469-F76E-4705-8116-96756417035D} Google Url="{searchTerms} - Google Search?}"
==== Reset Google Chrome ======================
C:\Documents and Settings\GX620\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\GX620\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1343024091-1580818891-1417001333-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-1343024091-1580818891-1417001333-1005\Software\Microsoft\Internet Explorer\SearchScopes\{21219173-FB2A-4E4B-81DF-CF52DE0AC492} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\algijfiaiapkekcjonmjfiniajogplli deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bubble Dock deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPTENET_GUI deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tisapeksyrte deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\GX620\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\GX620\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\JULIE\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Documents and Settings\GX620\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\JULIE\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\JULIE\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\All Users\Start Menu\Programs\Fingers for Windows" not deleted
"C:\Documents and Settings\All Users\Start Menu\Programs\Recuva" not deleted
"C:\Documents and Settings\All Users\Start Menu\Programs\Reflex'English Cambridge" not deleted
==== EOF on 29/11/2013 at 10:11:53,17 ======================
-
Clarkie, bedankt voor de uitleg:
Comodo werd verwijderd, nu krijg ik wel melding ivm ontbrekende firewall.
Hierbij het log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by JULIE at 2013-11-29 00:46:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (33%) free of 76 GB
Total RAM: 2038 MB (59% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\AVG_REG_0913b.job
C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
C:\WINDOWS\tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1580818891-1417001333-1005Core.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1580818891-1417001333-1003.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1580818891-1417001333-1004.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1580818891-1417001333-1005.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1580818891-1417001333-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1580818891-1417001333-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1580818891-1417001333-1005.job
C:\WINDOWS\tasks\ReclaimerResumeInstall_JULIE.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-11-11 426736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-25 606544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2013-10-08 448776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-25 606544]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2012-11-11 296096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-11-25 3568312]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-11-14 20584608]
"Google Update"=C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-10-18 116648]
"Google Update"=C:\Documents and Settings\JULIE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-10-18 116648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bubble Dock]
C:\Documents and Settings\GX620\Application Data\Nosibay\Bubble Dock\LBubble Dock.exe /winstartup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON BX300F Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE [2008-01-22 188928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPTENET_GUI]
C:\PROGRA~1\CONTRO~1\bin\optgui.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2013-11-14 20584608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
C:\WINDOWS\vsnp2std.exe [2006-01-06 344064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tisapeksyrte]
C:\Documents and Settings\JULIE\tisapeksyrte.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\program files\real\realplayer\update\realsched.exe [2012-11-11 296096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\30982A~1.207\SSSCHE~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2
"avast! Antivirus"=2
"WebOptimizer"=2
"Web Assistant Updater"=2
"MozillaMaintenance"=3
"McComponentHostService"=3
C:\Documents and Settings\JULIE\Start Menu\Programs\Startup
Dropbox.lnk - C:\Documents and Settings\JULIE\Application Data\Dropbox\bin\Dropbox.exe
OpenOffice.org 3.4.1.lnk - C:\Program Files\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\74271178.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\74271178.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 3 months======
2013-11-29 00:45:49 ----D---- C:\rsit
2013-11-29 00:45:49 ----D---- C:\Program Files\trend micro
2013-11-29 00:21:20 ----SHD---- C:\Config.Msi
2013-11-28 12:25:13 ----D---- C:\Documents and Settings\JULIE\Application Data\Adblock Plus for IE
2013-11-28 12:25:11 ----D---- C:\Program Files\Adblock Plus for IE
2013-11-28 11:55:09 ----D---- C:\Program Files\Dropbox
2013-11-28 11:53:56 ----D---- C:\Documents and Settings\JULIE\Application Data\Dropbox
2013-11-28 11:52:40 ----A---- C:\Program Files\Dropbox 2.4.7.exe
2013-11-25 15:20:59 ----D---- C:\Documents and Settings\JULIE\Application Data\AVAST Software
2013-11-25 15:18:38 ----A---- C:\WINDOWS\system32\aswBoot.exe
2013-11-25 15:17:56 ----D---- C:\Program Files\AVAST Software
2013-11-25 15:17:17 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-11-24 12:17:54 ----A---- C:\WINDOWS\system32\javaws.exe
2013-11-24 12:17:39 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-11-24 12:17:39 ----A---- C:\WINDOWS\system32\javaw.exe
2013-11-24 12:17:39 ----A---- C:\WINDOWS\system32\java.exe
2013-10-28 13:30:20 ----D---- C:\Program Files\GeoGebra 4.2
2013-10-14 19:16:10 ----A---- C:\Program Files\adblockplusie-1.1.exe
2013-09-30 20:10:35 ----D---- C:\Documents and Settings\JULIE\Application Data\xm1
2013-09-30 20:01:56 ----D---- C:\Program Files\Algobox
2013-09-30 08:48:36 ----D---- C:\Documents and Settings\All Users\Application Data\AVG 0913b Campaign
2013-09-25 09:32:54 ----HD---- C:\VTRoot
2013-09-17 09:27:11 ----D---- C:\Program Files\Common Files\Java
2013-09-17 09:25:38 ----A---- C:\DelFix.txt
2013-09-16 22:24:51 ----D---- C:\AdwCleaner
2013-09-16 17:52:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-09-16 16:28:13 ----D---- C:\Documents and Settings\JULIE\Application Data\AVG
2013-09-16 16:25:11 ----D---- C:\Documents and Settings\All Users\Application Data\AVG
2013-09-16 16:24:46 ----SHD---- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-16 16:22:25 ----A---- C:\WINDOWS\system32\avg_tuh_stf_all_2014_146_24c28.exe
2013-09-16 16:06:45 ----D---- C:\Documents and Settings\JULIE\Application Data\TuneUp Software
2013-09-16 16:04:53 ----D---- C:\Program Files\AVG
2013-09-16 15:58:11 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files
2013-09-16 15:58:10 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2013-09-16 15:50:28 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2013-09-16 15:41:29 ----A---- C:\WINDOWS\system32\WindowsXP-KB942288-v3-x86.exe
2013-09-16 15:30:17 ----A---- C:\WINDOWS\system32\mseinstall.exe
2013-09-16 13:54:55 ----SHD---- C:\RECYCLER
2013-09-16 10:21:29 ----D---- C:\WINDOWS\erdnt
2013-09-16 10:05:07 ----D---- C:\WINDOWS\CSC
2013-09-10 17:48:31 ----A---- C:\WINDOWS\system32\autorun_usb_32.exe
======List of files/folders modified in the last 3 months======
2013-11-29 00:45:49 ----RD---- C:\Program Files
2013-11-29 00:42:22 ----D---- C:\Documents and Settings\JULIE\Application Data\Skype
2013-11-29 00:33:01 ----D---- C:\WINDOWS\Temp
2013-11-29 00:26:17 ----D---- C:\WINDOWS\Prefetch
2013-11-29 00:26:09 ----D---- C:\WINDOWS\system32\drivers
2013-11-29 00:24:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-11-29 00:23:55 ----SHD---- C:\WINDOWS\Installer
2013-11-29 00:21:51 ----D---- C:\WINDOWS\system32
2013-11-29 00:21:49 ----SD---- C:\WINDOWS\Tasks
2013-11-29 00:00:14 ----D---- C:\WINDOWS
2013-11-28 23:41:48 ----D---- C:\WINDOWS\system32\CatRoot2
2013-11-28 17:01:48 ----D---- C:\Documents and Settings\All Users\Application Data\Package Cache
2013-11-26 17:35:54 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2013-11-26 17:35:49 ----RD---- C:\Program Files\Skype
2013-11-25 15:18:38 ----D---- C:\WINDOWS\WinSxS
2013-11-25 15:10:48 ----HD---- C:\WINDOWS\inf
2013-11-24 12:17:39 ----D---- C:\Program Files\Java
2013-11-22 10:15:17 ----D---- C:\Documents and Settings\JULIE\Application Data\Mozilla
2013-11-09 12:57:35 ----D---- C:\Documents and Settings\JULIE\Application Data\Winamp
2013-10-27 16:03:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-23 23:52:00 ----D---- C:\WINDOWS\Network Diagnostic
2013-10-22 10:10:26 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-21 20:40:39 ----D---- C:\Documents and Settings\JULIE\Application Data\dvdcss
2013-09-29 14:57:01 ----D---- C:\Program Files\Mozilla Firefox
2013-09-17 09:27:11 ----D---- C:\Program Files\Common Files
2013-09-16 20:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2013-09-16 16:41:13 ----SHD---- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2013-09-16 16:41:13 ----D---- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2013-09-16 15:36:12 ----D---- C:\WINDOWS\SoftwareDistribution
2013-09-16 15:23:24 ----D---- C:\WINDOWS\Debug
2013-09-16 13:45:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2013-09-16 10:05:17 ----D---- C:\Documents and Settings
2013-09-16 08:05:54 ----D---- C:\Program Files\Google
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; \??\C:\WINDOWS\system32\drivers\aswSnx.sys []
R1 aswSP;aswSP; \??\C:\WINDOWS\system32\drivers\aswSP.sys []
R1 aswTdi;aswTdi; \??\C:\WINDOWS\system32\drivers\aswTdi.sys []
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2011-08-09 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 aswFsBlk;aswFsBlk; \??\C:\WINDOWS\system32\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-17 132608]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 rt2870;Conceptronic 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-06-30 722432]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys []
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys []
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pbfilter;pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tccp;tccp; C:\WINDOWS\system32\DRIVERS\tccp.sys [2013-09-10 28824]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-25 50344]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2009-08-24 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-10-08 182696]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service; C:\Program Files\Macrium\Reflect\ReflectService.exe [2012-08-21 224960]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-12 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 250568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-12 135664]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 ?etadpug;Google Update Service (gupdate); C:\Program Files\Google\Desktop\Install\{5e265d20-691f-8eec-2f44-4563ecb2feae}\ \ \???\{5e265d20-691f-8eec-2f44-4563ecb2feae}\GoogleUpdate.exe < []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
Dag allen,
Na het installeren van Avast free AV, begon het probleem:
bij het openen van mijn browser IE 8 krijg ik nu altijd de volgende voor mij vervelende pagina pagina te zien:
MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail
Het laden van die pagina duurt ook een eeuwigheid.
Bij het klikken op Tools, Internet Options, gebeurd er helemaal niets meer, ik kan dus geen nieuwe homepage bepalen.
In Control panel zie nik het icoon Internet Options nog maar ik kan het niet meer openen.
Besturingssysteem: xp pro op dell gx 620, comodo internet security premium, avast free
kan iemend helpen,
Met dank,
Peter
-
Ok,
ik denk dat nu alles opgelost is...
met dank,
Peter
Ik laatst net een nieuwe vraag ivm Proofing tools spaans office 2007
-
Dag allen,
Kan iemand helpen met het vinden van spaanse proofing tools voor mijn office 2007.
Een paar jaar geleden ooit eens tegen betaling gedownload en geinstalleerd, maar na formatteren kan ik het niet meer vinden.
Mvg,
Peter
-
Jion,
C:\Qoobox was niet aanweg.
Hierbij de opstart bestanden
Mvg,
Peter
-
Jion,
Door onbekende reden kan ik dit programme niet installeren, ook niet zonder anti-virus en firewall.
Zou je een alternatief kunnen voorstellen?
Mvg,
Peter
-
Jion,
De vorige handeling werd uitgevoerd met succes.
De opstart verloopt al een stuk sneller.
Is er een mogelijk voor u om te controleren welke processen eventueel kunnen uitgeschakeld worden bij opstart.
In die lijst staan pocessen waarvan ik niet weet of ze overbodig zijn of niet.
Met dank,
Peter
-
Jion,
Avg was niet geinstalleerd op de computer.
Kan het zijn dat er teveel processen automatisch starten bij hat aanzetten van de computer?
Hierbij log na script:
ComboFix 13-09-17.01 - Peter 18/09/2013 11:20:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1112 [GMT 2:00]
Running from: c:\documents and settings\Peter\Desktop\VIRUS\ComboFix.exe
Command switches used :: c:\documents and settings\Peter\Desktop\VIRUS\CFSCRIPT.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2013-08-18 to 2013-09-18 )))))))))))))))))))))))))))))))
.
.
2013-09-17 18:17 . 2013-09-17 18:17 -------- d-----w- c:\documents and settings\Peter\Application Data\Avast Ad Blocker
2013-09-17 17:42 . 2013-08-30 07:48 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-17 17:42 . 2013-08-30 07:48 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-17 17:42 . 2013-08-30 07:48 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-17 17:42 . 2013-08-30 07:48 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-17 17:42 . 2013-08-30 07:48 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-09-17 17:42 . 2013-08-30 07:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-17 17:42 . 2013-08-30 07:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-17 17:42 . 2013-08-30 07:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-17 17:40 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-17 17:39 . 2013-09-17 17:57 -------- d-----w- c:\program files\AVAST Software
2013-09-17 15:46 . 2013-09-17 15:46 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-09-17 15:43 . 2013-09-17 16:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
2013-09-17 15:43 . 2013-09-17 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2013-09-17 15:21 . 2013-09-17 15:21 -------- d-----w- c:\windows\Sun
2013-09-17 15:21 . 2013-09-17 15:21 -------- d-----w- c:\documents and settings\Peter\Local Settings\Application Data\Sun
2013-09-17 15:21 . 2013-09-17 15:21 -------- d-----w- c:\program files\Common Files\Java
2013-09-17 15:21 . 2013-09-17 15:21 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-17 15:21 . 2013-09-17 15:21 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-17 15:21 . 2013-09-17 15:21 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-17 15:21 . 2013-09-17 15:21 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-17 15:21 . 2013-09-17 15:21 -------- d-----w- c:\program files\Java
2013-09-17 13:02 . 2013-09-17 13:02 -------- d-----w- c:\windows\ERUNT
2013-09-17 12:20 . 2013-09-17 12:25 -------- d-----w- C:\AdwCleaner
2013-09-17 11:41 . 2013-09-17 11:41 -------- d-----w- c:\windows\system32\searchplugins
2013-09-17 11:41 . 2013-09-17 11:41 -------- d-----w- c:\windows\system32\Extensions
2013-09-17 09:49 . 2013-09-17 09:50 -------- d-----w- c:\program files\trend micro
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-14 10:18 . 2013-06-13 17:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-14 10:18 . 2013-06-13 17:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-30 07:47 . 2013-06-12 22:42 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-09 01:56 . 2008-04-13 23:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2008-04-13 23:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2008-04-13 23:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2008-04-13 23:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2008-04-13 23:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 12:18 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-18 23:04 . 2013-07-18 23:04 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-07-18 23:04 . 2013-07-18 23:04 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-07-10 10:37 . 2008-04-13 23:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2008-04-13 23:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"zBrowser Launcher"="c:\program files\iTouch\iTouch.exe" [2004-03-18 892928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Peter\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 6.0.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\documents and settings\Peter\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSystemDetect]
c:\documents and settings\Peter\Start Menu\Programs\Dell\Dell System Detect.appref-ms [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 23:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 12:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2013-04-18 23:45 1090912 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Skype C2C Service"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NokiaSuite.exe"=c:\program files\Nokia\Nokia Suite\NokiaSuite.exe -tray
"EPSON BX300F Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE /FU "c:\windows\TEMP\E_SD6.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe"
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Peter\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [17/09/2013 19:42 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [17/09/2013 19:42 177864]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/02/2013 4:37 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [8/02/2013 4:37 39224]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [19/07/2013 1:04 13560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17/09/2013 19:42 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/09/2013 19:42 369584]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [19/06/2013 10:40 22560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/09/2013 19:42 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [17/09/2013 19:42 66336]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [14/04/2008 1:00 14336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/07/2013 17:04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/07/2013 17:04 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/07/2013 17:04 22856]
S0 cerc6;cerc6; [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8/02/2013 4:37 170808]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3/06/2013 16:21 162408]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [?]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [14/05/2013 13:26 3289208]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13 10:18]
.
2013-09-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-09-17 07:47]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-26 20:59]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-26 20:59]
.
2013-09-17 c:\windows\Tasks\User_Feed_Synchronization-{2072EA55-B9B4-4954-B93F-503F9DE86B6D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.be/
IE: Afbeelding knippen - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Kopieer selectie - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Kopieer URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Nieuwe notitie - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Pagina opemen - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-09-18 11:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-2049760794-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1696)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(4792)
c:\windows\system32\WININET.dll
c:\program files\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-09-18 11:30:23
ComboFix-quarantined-files.txt 2013-09-18 09:30
ComboFix2.txt 2013-09-18 08:23
.
Pre-Run: 34.476.380.160 bytes free
Post-Run: 34.480.664.576 bytes free
.
- - End Of File - - ED594D6EEFB468785BD085CFF574BA27
8F558EB6672622401DA993E1E865C861
-
Dag Jion,
Hierbij het log van Combofix:
Peter
ComboFix 13-09-17.01 - Peter 18/09/2013 10:08:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1483 [GMT 2:00]
Running from: c:\documents and settings\Peter\Desktop\VIRUS\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1371740468.1492.bin
c:\documents and settings\All Users\Application Data\1371740468.4112.bin
c:\documents and settings\All Users\Application Data\1371740468.5544.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
c:\windows\system32\Cache
c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK
c:\windows\system32\drivers\DELL_XPS_MM061 .MRK
.
Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-08-18 to 2013-09-18 )))))))))))))))))))))))))))))))
.
.
2013-09-17 18:17 . 2013-09-17 18:17 -------- d-----w- c:\documents and settings\Peter\Application Data\Avast Ad Blocker
2013-09-17 17:42 . 2013-08-30 07:48 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-17 17:42 . 2013-08-30 07:48 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-17 17:42 . 2013-08-30 07:48 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-17 17:42 . 2013-08-30 07:48 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-17 17:42 . 2013-08-30 07:48 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-09-17 17:42 . 2013-08-30 07:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-17 17:42 . 2013-08-30 07:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-17 17:42 . 2013-08-30 07:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-17 17:40 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-17 17:39 . 2013-09-17 17:57 -------- d-----w- c:\program files\AVAST Software
2013-09-17 15:46 . 2013-09-17 15:46 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-09-17 15:43 . 2013-09-17 16:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
2013-09-17 15:43 . 2013-09-17 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2013-09-17 15:21 . 2013-09-17 15:21 -------- d-----w- c:\windows\Sun
2013-09-17 15:21 . 2013-09-17 15:21 -------- d-----w- c:\documents and settings\Peter\Local Settings\Application Data\Sun
2013-09-17 15:21 . 2013-09-17 15:21 -------- d-----w- c:\program files\Common Files\Java
2013-09-17 15:21 . 2013-09-17 15:21 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-17 15:21 . 2013-09-17 15:21 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-17 15:21 . 2013-09-17 15:21 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-17 15:21 . 2013-09-17 15:21 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-17 15:21 . 2013-09-17 15:21 -------- d-----w- c:\program files\Java
2013-09-17 13:02 . 2013-09-17 13:02 -------- d-----w- c:\windows\ERUNT
2013-09-17 12:20 . 2013-09-17 12:25 -------- d-----w- C:\AdwCleaner
2013-09-17 11:41 . 2013-09-17 11:41 -------- d-----w- c:\windows\system32\searchplugins
2013-09-17 11:41 . 2013-09-17 11:41 -------- d-----w- c:\windows\system32\Extensions
2013-09-17 09:49 . 2013-09-17 09:50 -------- d-----w- c:\program files\trend micro
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-14 10:18 . 2013-06-13 17:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-14 10:18 . 2013-06-13 17:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-30 07:47 . 2013-06-12 22:42 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-09 01:56 . 2008-04-13 23:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2008-04-13 23:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2008-04-13 23:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2008-04-13 23:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2008-04-13 23:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 12:18 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-18 23:04 . 2013-07-18 23:04 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-07-18 23:04 . 2013-07-18 23:04 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-07-10 10:37 . 2008-04-13 23:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2008-04-13 23:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"zBrowser Launcher"="c:\program files\iTouch\iTouch.exe" [2004-03-18 892928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Peter\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 6.0.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\documents and settings\Peter\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSystemDetect]
c:\documents and settings\Peter\Start Menu\Programs\Dell\Dell System Detect.appref-ms [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 23:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 12:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2013-04-18 23:45 1090912 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WajamUpdater"=2 (0x2)
"Skype C2C Service"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NokiaSuite.exe"=c:\program files\Nokia\Nokia Suite\NokiaSuite.exe -tray
"EPSON BX300F Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE /FU "c:\windows\TEMP\E_SD6.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe"
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Peter\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [17/09/2013 19:42 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [17/09/2013 19:42 177864]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/02/2013 4:37 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [8/02/2013 4:37 39224]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [19/07/2013 1:04 13560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17/09/2013 19:42 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/09/2013 19:42 369584]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [19/06/2013 10:40 22560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/09/2013 19:42 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [17/09/2013 19:42 66336]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [14/04/2008 1:00 14336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/07/2013 17:04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/07/2013 17:04 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/07/2013 17:04 22856]
S0 cerc6;cerc6; [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8/02/2013 4:37 170808]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3/06/2013 16:21 162408]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [?]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [14/05/2013 13:26 3289208]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13 10:18]
.
2013-09-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-09-17 07:47]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-26 20:59]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-26 20:59]
.
2013-09-17 c:\windows\Tasks\User_Feed_Synchronization-{2072EA55-B9B4-4954-B93F-503F9DE86B6D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.be/
IE: Afbeelding knippen - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Kopieer selectie - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Kopieer URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Nieuwe notitie - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Pagina opemen - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-09-18 10:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-2049760794-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1696)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(2596)
c:\windows\system32\WININET.dll
c:\program files\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\ICO.EXE
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
.
**************************************************************************
.
Completion time: 2013-09-18 10:23:52 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-18 08:23
.
Pre-Run: 34.115.936.256 bytes free
Post-Run: 34.555.650.048 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4198825F22FE9652381C95066276F0B3
8F558EB6672622401DA993E1E865C861
-
Jion,
voorlopig verder geen vragen meer.
Bedankt!
Peter
-
Hierbij laatste log
Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
Databaseversie: v2013.09.17.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Peter :: PETER-PC [administrator]
Bescherming: Ingeschakeld
17/09/2013 15:48:21
mbam-log-2013-09-17 (15-48-21).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 197819
Verstreken tijd: 8 minuut/minuten, 30 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
-
Hierbij de volgende log:
Zoek.exe Version 4.0.0.4 Updated 14-September-2013
Tool run by Peter on di 17/09/2013 at 15:21:40,84.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Peter\Desktop\VIRUS\ZOEK\zoek.exe [script inserted]
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BitGuard deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BitGuard deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
==== Deleting Files \ Folders ======================
"C:\WINDOWS\tasks\BitGuard.job" deleted
==== EOF on di 17/09/2013 at 15:23:51,81 ======================
-
JRT LOG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Microsoft Windows XP x86
Ran by Peter on di 17/09/2013 at 15:06:22,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1960408961-2049760794-1177238915-1003\Software\SweetIM
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on di 17/09/2013 at 15:10:07,67
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
het log
# AdwCleaner v3.004 - Report created 17/09/2013 at 14:25:54
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Peter - PETER-PC
# Running from : C:\Documents and Settings\Peter\Desktop\VIRUS\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\Documents and Settings\All Users\Application Data\BitGuard
Folder Deleted : C:\Documents and Settings\Peter\Start Menu\Programs\BitGuard
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\532dad1b134e946
Key Deleted : HKLM\SOFTWARE\532dad1b134e946
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [4619 octets] - [17/09/2013 14:20:25]
AdwCleaner[s0].txt - [4560 octets] - [17/09/2013 14:25:54]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4620 octets] ##########
OneNote-inhoudsopgave
in Archief OneNote
Geplaatst:
ok bedankt