Ga naar inhoud

Nikko

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    11

  • Registratiedatum

  • Laatst bezocht

Nikko's prestaties

Groentje

Groentje (2/14)

  • Eerste post
  • Actief
  • Gespreksstarter
  • Week één klaar
  • Een maand later

Recente badges

0

Reputatie

  1. Nikko
    Beste Abbs, super bedankt voor al je hulp en tijd! en ook een super merci aan @Passer! Hum, wel vreemd, aangezien zowel het mailadres als het wachtwoord onthouden werd door de browser (FireFox) (geen wijzigingen aangebracht in de komende dagen) Op haveibeenpowned kwam dus enkel 'last.fm' naar voor als hit, maar dat is al zolang geleden dat mijn pa deze dienst gebruikte en hij gebruikt dit nu nooit meer, dat dit geen probleem meer zal vormen voor de toekomst De variant van de Nederlandse politie heb ik net geprobeerd, maar krijg geen mail van hen dus ik vermoed dat het dus geen ergere oorzaken/gevolgen heeft. Ok, wat mij betreft kan deze dan wel op opgelost!
  2. Nikko
    @abbs Hartelijk bedankt voor alle hulp! De screenshots (en dus ook handleiding) van MalwareBytes is/zijn al outdated. Maar het principe is nog steeds duidelijk en ik vind het wel terug wanneer dat nodig is (voorlopig laat ik even de premium versie van 14 dagen even actief). Ik heb DelFix laten draaien en ook een herstelpunt gemaakt. Toch heb ik nog wat vragen: 1) het is dus in dit geval niet waarschijnlijk dat het netwerk van mijn pa gehacked is geweest en zijn traffic gesniffed werd? Omdat ik - toen ik zijn hotmail-account herstelde met een hersteladres - bij account-activiteit enkel pogingen en succesvolle aanmeldingen zag vanaf het IP-adres waarvan de dagen (en weken) ervoor succesvol was aangemeld, waaronder een dag dat ik bij mijn pa thuis was. 2) En is er een manier waarop ik kan achterhalen of zijn e-mailadres is gebruikt om SPAM mee te versturen? Alvast hartelijk bedankt voor alle hulp so far! Mvg, Nikko
  3. Nikko
    @abbs Beste Abbs, Hier even de logs na het fixen en van Emsisoft: Fixlog.txt scan_180815-222946.txt Dat zag er al allebei redelijk proper uit, maar ik hoor graag wat jij/jullie ervan vinden Alvast super bedankt voor je tijd en moeite! Mvg, Nikko
  4. Nikko
    Thx voor de tip, had ik zelf ook aan gedacht. Enkel last.fm had daar een hit op, maar mijn pa heeft dat miss 1 of 2 keer gebruikt (jaren geleden, minstens 3-4 jaar). Hij gebruikt dit nu dus niet meer. Met volgende stappen van abbs (merci alweer!) ga ik straks hopelijk nog mee aan de slag, als ik aan de pc kan met TV.
  5. Nikko
    Beste abbs, Super merci om deze topic in de juiste categorie te plaatsen! En ook bedankt voor je advies alvast! Heb vooralsnog enkel het hotmail-wachtwoord aangepast, rest heb ik nog niet onder handen genomen (rest is ook een beetje minder belangrijk; desnoods worden er nieuwe accounts aangemaakt daarvoor.) Hieronder even de 2 logs: FRST.txt Addition.txt Alvast bedankt! PS: je zult zien dat er nog wat 'Crapware/Bloatware' van Toshiba op staat en wat spelletjes die pre-installed waren. Beide heb ik niet uninstalled omdat ik misschien nog wat handigs daardoor wou verkrijgen of eens wilde zien of die gratis spelletjes nog leuk konden zijn (bijv. van die bloatware kreeg ik ooit eens de melding van een inruiling van bepaalde serie accu's door productiefouten, etc.) De Teamviewer heb ik erop gezet/laten zetten om te assisteren bij printerproblemen ;-)
  6. Nikko
    Beste forumleden, Mijn pa (60+) heeft onlangs de melding gekregen dat hij niet meer in zijn hotmail-mails kon omdat er 'ongeoorloofde handelingen mee gebeurd waren'. Nu heb ik zelf wel wat IT-kennis, maar heb ik geen goed idee in welke volgorde ik best de mogelijke oorzaken afloop. Het kan zijn dat hij ergens verkeerd geklikt heeft ofzo, zodat de oorzaak van deze melding gewoon per ongeluk is ontstaan. Het kan ook zijn dat een ander account van hem (bijvoorbeeld bij een tweede hands verkoop site) gehackt is, omdat hij hetzelfde wachtwoord gebruikte bij verschillende accounts. Maar een key-logger die hij per ongeluk zou geïnstalleerd hebben, is ook goed mogelijk. Daarnaast zou ook zijn netwerk aangetast kunnen zijn, omdat hij niks aan optimalisatie van wachtwoorden doet van zijn SSID's (dus nog altijd de gegenereerde wachtwoorden zoals door Scarlet aangeleverd, voor de 2.4 en 5 Ghz netwerken). Even wat achtergrondinformatie: hij gebruikte dat wachtwoord voor zijn hotmail-mails dus voor meerdere sites/accounts er is al een scan van Windows Defender gebeurd (clean) er is al een scan van Malware Bytes gebeurd (clean) Toshiba 17 inch van budget 4-500 euro, al paar jaar oud (geen indrukwekkende specs dus), Windows 8.1, redelijk up to date lokaal user account Ondertussen is zijn wachtwoord gelukkig gereset via een herstel e-mailadres, maar voorlopig laat ik hem liever niet op die laptop zijn mails checken, totdat ik weet dat alles weer 'clean' is (of clean gemaakt). In welke volgorde (en hoe) zou ik dus best checken wat de oorzaak was van deze melding? Ik kan wel bij de laptop, dus ik kan alle zaken die jullie aanraden wel uitvoeren. Mvg, Nikko PS: ik heb deze maar even onder Windows 8.1 gezet, omdat ik niet wist waar deze beter paste. Sorry als dit niet de beste plaats is.
  7. Nikko
    Ok, dankjewel!
  8. Nikko
    Hallo Pake Ja, dat vermoedde ik ook wel, toen ik dat logje las. (Dit werd gewoon niet getoond in Adwcleaner zelf; dat bedoelde ik.) Na het runnen (dat op zich normaal verliep) van Delfix by Xplode, zag ik alle zogezegd verwijderde bestanden van 't bureaublad nog staan op het bureaublad. Daarna zette ik explorer.exe eens uit en dan weer aan via taakbeheer en toen was alles op 't bureaublad wel weg. De mappen op C:/ (C:\AdwCleaner en C:\Qoobox) waren daarna ook nog niet weg, maar wel leeg (enkel mappen, geen bestanden meer). Deze heb ik manueel verwijderd. Is dat ok? Ik wacht nog even op bevestiging en dan markeer ik als opgelost. Iig al heel erg bedankt voor uw tijd en moeite die u erin hebt willen steken
  9. Nikko
    Hallo Kape Opnieuw bedankt voor het snelle antwoord! De scan leverde geen zichtbare elementen op (ik had meteen na het uitbreken van de crisis;) al gescand met Adwcleaner, zoals ik ook postte in mijn veel te lang openingsbericht xD). Hieronder het korte logje: # AdwCleaner v3.013 - Report created 24/11/2013 at 14:28:25 # Updated 24/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Margreet - PC_MARGREET # Running from : C:\Users\Margreet\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16421 -\\ Mozilla Firefox v25.0.1 (nl) [ File : C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\85oknj5l.default\prefs.js ] [ File : C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default\prefs.js ] ************************* AdwCleaner[R0].txt - [6759 octets] - [03/10/2013 20:16:21] AdwCleaner[R1].txt - [938 octets] - [03/10/2013 21:10:59] AdwCleaner[R2].txt - [1465 octets] - [24/11/2013 14:23:38] AdwCleaner[s0].txt - [6646 octets] - [03/10/2013 20:24:23] AdwCleaner[s1].txt - [1002 octets] - [03/10/2013 21:12:30] AdwCleaner[s2].txt - [1396 octets] - [24/11/2013 14:28:25] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1456 octets] ##########
  10. Nikko
    Beste kape Hartelijk bedankt voor je snelle antwoord! Nee, dat is niet nodig, de rest van Adobe lijkt me allemaal nog in orde te zijn. Toch bedankt! Hieronder vind je het zoek-logje: Zoek.exe Version 4.0.0.5 Updated 24-November-2013 Tool run by Margreet on zo 24/11/2013 at 12:53:51,17. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Margreet\Desktop\zoek.exe [script inserted] [Checkboxes used] ==== System Restore Info ====================== 24/11/2013 12:55:41 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AVS4YOU deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\Program Files\Google deleted successfully C:\ProgramData\YTD YouTube Downloader & Converter deleted successfully C:\Users\Margreet\AppData\Roaming\Publish Providers deleted successfully C:\Users\Margreet\AppData\Local\CutePDF Writer deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3986013921-6903290-1994597622-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D95B0187-2A95-4AAF-993E-B66958DDE1F5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\85oknj5l.default\prefs.js: Added to C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\85oknj5l.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default\prefs.js: Added to C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\85oknj5l.default user.js not found ---- FireFox user.js and prefs.js backups ---- ProfilePath: C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20132411_1305_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] ==== Deleting Files \ Folders ====================== C:\ProgramData\YTD YouTube Downloader & Converter not found C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\user.js deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted "C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\85oknj5l.default\extensions\ytd@mybrowserbar.com" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-11-23 12:05:12 ED3AA31FC4441AEFF19F5D2FD4091C1B 404015507 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\Margreet\AppData\Local\Temp ==== 2013-11-24 11:56:43 0F66E8E2340569FB17E774DAC2010E31 520234 ----a-w- C:\Users\Margreet\AppData\Local\Temp\sqlite3.dll 2013-11-24 11:56:42 7978755B3AE6B5BECD725EA7A2FE28FD 1105920 ----a-w- C:\Users\Margreet\AppData\Local\Temp\siw_sdk.dll 2013-11-23 10:29:29 0E9AD2D3784A0996A5131512939C09C0 1490656 ----a-w- C:\Users\Margreet\AppData\Local\Temp\TC40065400B.temp\WinWDF\x64\WdfCoInstaller01007.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2013-11-23 10:53:28 B2DB6ABA2E292235749B80A9C3DFA867 159232 ----a-w- C:\Windows\SysWOW64\imagehlp.dll 2013-11-23 10:53:26 907281ED4AD35D41B29FFDC211EBAD80 5120 ----a-w- C:\Windows\SysWOW64\wmi.dll 2013-11-23 10:32:06 0805487A6036A9F9C4E7AF7FEF835529 1620992 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL 2013-11-23 10:32:01 674EB817CF6E43B7DF3EC26E06E98D98 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll 2013-11-23 10:31:49 1A9E4EE88B31750E5CA207424143F99C 3968960 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2013-11-23 10:31:48 5D0325AEF9DE48330908EC2E2DB0359F 3913664 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2013-11-23 10:31:45 57EC6102661E0E1D156C1EC251E7CAF8 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2013-11-23 10:31:45 3808FD7522646BEB1CCEA94C45D4228C 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2013-11-23 10:31:45 365A5034093AD9E04F433046C4CDF6AB 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2013-11-23 10:31:45 1B7343C3765638D4D17CB925F84F8ABE 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2013-11-23 10:31:45 0184CC60AB10C8124D69AFB332C6AF1C 1292192 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2013-11-23 10:31:44 B83592F532FB320F0001F8099ECC192B 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2013-11-23 10:31:44 73EF27E157855E3CB18B021BC9622E4C 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2013-11-23 10:31:43 812A161FC470FA832C3F0CC3D7ACA2F9 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2013-11-23 10:31:42 8489D083E46BFD2096A6CECFF6C7C227 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2013-11-23 10:29:45 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2013-11-23 10:29:45 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2013-11-23 10:29:45 42B924C5F3924C1EB2539F22C10D7DF1 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2013-11-23 10:29:45 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2013-11-23 10:29:06 FB19FC5951A88F3C523E35C2C98D23C0 314880 ----a-w- C:\Windows\SysWOW64\webio.dll 2013-11-23 10:28:50 29E9794708DF51DB5DC89FB2E903A0F6 12873728 ----a-w- C:\Windows\SysWOW64\shell32.dll 2013-11-23 10:28:31 68EAAEDF0365168B804E8728368FA946 175104 ----a-w- C:\Windows\SysWOW64\wintrust.dll 2013-11-23 10:27:38 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2013-11-23 10:27:37 7CA1BECEA5DE2643ADDAD32670E7A4C9 140288 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2013-11-23 10:27:37 7B851A8018B1EA00A69707A390004884 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll 2013-11-23 10:26:58 52D33A22DE04BD9F40E1B1A28B46A95C 3217408 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2013-11-23 10:26:55 F5562EFA9E4867D30EC2330B80FCB25C 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll 2013-11-23 10:26:55 2A6BFDEDF2C57923E78F970BB15D7E7D 36864 ----a-w- C:\Windows\SysWOW64\tsgqec.dll 2013-11-23 10:26:32 68783E77D401E6392EA6579EBCEF16C8 514560 ----a-w- C:\Windows\SysWOW64\qdvd.dll 2013-11-23 10:26:32 0AE0C4955E1DE29CCDC9DA1B816FE5EE 1328128 ----a-w- C:\Windows\SysWOW64\quartz.dll 2013-11-23 10:26:25 56E3313690866F99CD17AA1342F64AE1 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2013-11-23 10:26:22 4DC999CED9429939D75682EBD7D48901 663552 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2013-11-23 10:26:15 EF37EDC20412A01DDD9A42E8D939A5A3 163840 ----a-w- C:\Windows\SysWOW64\odbctrac.dll 2013-11-23 10:26:15 E2D83DAA6A229CFDAF129189A9245889 86016 ----a-w- C:\Windows\SysWOW64\odbccu32.dll 2013-11-23 10:26:15 66ABBF38123D3113BB55EBAFCF37AB92 122880 ----a-w- C:\Windows\SysWOW64\odbccp32.dll 2013-11-23 10:26:15 534BF06B2DEE965A1389A9312545AE03 81920 ----a-w- C:\Windows\SysWOW64\odbccr32.dll 2013-11-23 10:26:15 3FDB77D0BBEEB36AE35077ABC0BF80EC 319488 ----a-w- C:\Windows\SysWOW64\odbcjt32.dll 2013-11-23 10:26:01 CC23295DA8F7B5C53F93804D2F5D30EB 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll 2013-11-23 10:26:01 8CC4638FA7B5B921B9080CF962582C0B 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll 2013-11-23 10:26:01 7D27E63B54DB093BB0D9E95F81094D75 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll 2013-11-23 10:26:01 5C6B44F9CAAC475B7B9EBBC29CB7F065 295424 ----a-w- C:\Windows\SysWOW64\atmfd.dll 2013-11-23 10:26:01 2342EC9254F4C60CA98441BD65C89E12 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll 2013-11-23 10:25:55 68DCA1777D7224A79A9DC3D47BED6D32 75776 ----a-w- C:\Windows\SysWOW64\psisrndr.ax 2013-11-23 10:25:55 00ADF21DE55AA97297FAC65E4F3A0256 465408 ----a-w- C:\Windows\SysWOW64\psisdecd.dll 2013-11-23 10:25:37 75F5E1FE8D55CF8E577E0EC5F2290D3F 530432 ----a-w- C:\Windows\SysWOW64\comctl32.dll 2013-11-23 10:25:26 EAADD6E47ED2A7003ACE1793B98CF63F 1389568 ----a-w- C:\Windows\SysWOW64\msxml6.dll 2013-11-23 10:25:26 21D3A18769EC2C4E56756D04E989A221 1236992 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2013-11-23 10:25:25 A45CB10FC8C4DCA23F96FE4D334F64FE 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2013-11-23 10:25:09 310F6F492A3B4B1020ED9BF9CCBBE6B6 376832 ----a-w- C:\Windows\SysWOW64\dpnet.dll 2013-11-23 10:25:07 D23E615E0969AECC1134E372B0B295D1 78336 ----a-w- C:\Windows\SysWOW64\synceng.dll 2013-11-23 10:25:06 BDA0B954A30498B5A7EDC6204CBA07ED 542208 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2013-11-23 10:25:01 86F34E7288DA428E38E2D8C7E806A871 826880 ----a-w- C:\Windows\SysWOW64\rdpcore.dll 2013-11-23 10:25:00 FC415B303B1ECF80B5F130A1F7203D02 492544 ----a-w- C:\Windows\SysWOW64\win32spl.dll 2013-11-23 10:24:14 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\SysWOW64\certutil.exe 2013-11-23 10:24:13 CC917AC4D3F8756FF13174980B474791 43008 ----a-w- C:\Windows\SysWOW64\certenc.dll 2013-11-23 10:23:40 F436E847FA799ECD75AD8C313673F450 145920 ----a-w- C:\Windows\SysWOW64\cfgmgr32.dll 2013-11-23 10:23:40 B28BD86791468F427321458985F6A0E3 252928 ----a-w- C:\Windows\SysWOW64\drvinst.exe 2013-11-23 10:23:40 2EEFF4502F5E13B1BED4A04CCAD64C08 64512 ----a-w- C:\Windows\SysWOW64\devobj.dll 2013-11-23 10:23:40 162D247E995EAEBF3EF4289069E1111C 44544 ----a-w- C:\Windows\SysWOW64\devrtl.dll 2013-11-23 10:15:09 3B7C1A53047FF6ACEFD9BA6E281DEBB7 805376 ----a-w- C:\Windows\SysWOW64\cdosys.dll 2013-11-23 10:14:47 8E01332CC4B68BC6B5B7EFFE374442AA 233472 ----a-w- C:\Windows\SysWOW64\oleacc.dll 2013-11-23 10:14:47 6C765E82B57F2E66CE9C54AC238471D9 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll 2013-11-23 10:14:32 813845D5C5D8325CA5E8B1F547016378 534528 ----a-w- C:\Windows\SysWOW64\EncDec.dll 2013-11-23 10:14:29 F50EC0B39521D098373137E5E3CB4405 1077760 ----a-w- C:\Windows\SysWOW64\DWrite.dll 2013-11-23 10:14:28 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-23 10:14:28 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll 2013-11-23 10:14:18 72910F1DEB838E6E08A9017BFB7D4F0B 41984 ----a-w- C:\Windows\SysWOW64\browcli.dll 2013-11-23 10:14:18 2FCA0D2C59A855C54BAFA22AA329DF0F 57344 ----a-w- C:\Windows\SysWOW64\netapi32.dll 2013-11-23 10:14:15 9DC80A8AAAAAC397BDAB3C67165A824E 690688 ----a-w- C:\Windows\SysWOW64\msvcrt.dll 2013-11-23 10:14:14 7B90C5F0A510852036822EE860CABF26 67072 ----a-w- C:\Windows\SysWOW64\packager.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-11-23 12:14:23 F8FDF7CF9829C2103D56C69A8C9ACED6 31576 ----a-w- C:\Windows\Sysnative\SmartDefragBootTime.exe 2013-11-23 10:53:28 A1BE6A720D02E37F72E9CD89AE9CB3CF 81408 ----a-w- C:\Windows\Sysnative\imagehlp.dll 2013-11-23 10:53:26 C00DB14550E4BD49737F311C644E45FF 5120 ----a-w- C:\Windows\Sysnative\wmi.dll 2013-11-23 10:32:06 D29200AB0B37B7293C6942EAF755295E 1888768 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL 2013-11-23 10:32:01 A3EC566925BEC505E2418C1AC14E541E 624128 ----a-w- C:\Windows\Sysnative\qedit.dll 2013-11-23 10:31:51 63B563F1FC047AB3E21530DBBE773260 5550528 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2013-11-23 10:31:46 D8973E71F1B35CD3F3DEA7C12D49D0F0 1161216 ----a-w- C:\Windows\Sysnative\kernel32.dll 2013-11-23 10:31:46 B22C00ED0491FD7B8803D7DDE2849F4C 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2013-11-23 10:31:46 5B79D52A0388D8DEC5BF68411EA05A02 1732032 ----a-w- C:\Windows\Sysnative\ntdll.dll 2013-11-23 10:31:45 F0970A4BC8395659C22BF53D0FADF16F 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2013-11-23 10:31:45 BF95EA5809E3BBF55370F7CB309FEBD0 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2013-11-23 10:31:45 AA913C4E63B6F3F52E20BC9932205BCC 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2013-11-23 10:31:45 9209EA3F29DFC339A87EFD604E035FE4 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2013-11-23 10:31:45 88EDD0B34EED542745931E581AD21A32 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2013-11-23 10:31:45 49CEA3942A2B99A906EAFC94B853EDBD 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2013-11-23 10:31:45 216BABD555BC550952320EEA89C25DDF 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2013-11-23 10:31:44 659D71E315FB40FFE9AD46CB0588BEB1 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2013-11-23 10:31:43 70A1D465390C393AA118D9764E065B06 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2013-11-23 10:29:46 31FFED18C7B836CEC1B559347E32E151 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2013-11-23 10:29:45 B08EA91C774AA734E0B9881F85CD9F42 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll 2013-11-23 10:29:45 7C46EC9CCDE6E793713FA01DB2EB918E 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2013-11-23 10:29:45 747B9BA5412422F27934CB21131F0A3E 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2013-11-23 10:29:45 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\Sysnative\lsass.exe 2013-11-23 10:29:45 208EAAFF40DA400190AA0605C797BEA2 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2013-11-23 10:29:45 086F906B1D30C0A5D35FE0F6362DAB21 1447936 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2013-11-23 10:29:06 603EBD34E216C5654A2D774EAC98D278 395776 ----a-w- C:\Windows\Sysnative\webio.dll 2013-11-23 10:28:53 C6689007B3A749C49A5438DCF36E0CE4 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll 2013-11-23 10:28:31 959041D7014C97133D859B45BCA0FC58 224256 ----a-w- C:\Windows\Sysnative\wintrust.dll 2013-11-23 10:27:38 780F6ECC4F55D76C9730E6B6C9B31913 1474048 ----a-w- C:\Windows\Sysnative\crypt32.dll 2013-11-23 10:27:38 6B400F211BEE880A37A1ED0368776BF4 184320 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2013-11-23 10:27:37 A6B726DCA228F7878E38368A1BDC68BE 139776 ----a-w- C:\Windows\Sysnative\cryptnet.dll 2013-11-23 10:26:58 F4C640E85DB6450CB221E5224AA2AB51 3717632 ----a-w- C:\Windows\Sysnative\mstscax.dll 2013-11-23 10:26:55 CE4157E4B1E5041D252EF38EB61E9F0C 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll 2013-11-23 10:26:55 9F5C2F0CFEF95B4653E21443CDC0D587 158720 ----a-w- C:\Windows\Sysnative\aaclient.dll 2013-11-23 10:26:33 44A8B9185030EA57F7999383643ADFFB 1572864 ----a-w- C:\Windows\Sysnative\quartz.dll 2013-11-23 10:26:32 E44AFEA3C13A96FC79ABA67E5F0DC3AD 366592 ----a-w- C:\Windows\Sysnative\qdvd.dll 2013-11-23 10:26:25 56325BB1FF19F2A5AC8713756AC41140 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll 2013-11-23 10:26:23 26036E228D2467DE6975AD819C22C043 1217024 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2013-11-23 10:26:15 F4F36FEABB4F86ACA6FFD8819D7642C5 106496 ----a-w- C:\Windows\Sysnative\odbccr32.dll 2013-11-23 10:26:15 D10E13E494C5B4437549BE6A4987125E 163840 ----a-w- C:\Windows\Sysnative\odbccp32.dll 2013-11-23 10:26:15 97DC40842B54AD4E961DECC9345F16FC 106496 ----a-w- C:\Windows\Sysnative\odbccu32.dll 2013-11-23 10:26:15 935AE3DFF21465D600185305479A03F7 212992 ----a-w- C:\Windows\Sysnative\odbctrac.dll 2013-11-23 10:26:01 E1BB958681BE311E7CFF06CFEC5F1F2B 368128 ----a-w- C:\Windows\Sysnative\atmfd.dll 2013-11-23 10:26:01 D6BAE9B4B210D71CDDADC224CEFCDB5F 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll 2013-11-23 10:26:01 A5ED9421B8D09ED4F57CDA386307713E 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll 2013-11-23 10:26:01 796B47A4B82EF1C39F13435B88834C48 41472 ----a-w- C:\Windows\Sysnative\lpk.dll 2013-11-23 10:26:01 142671F462619CB64BA74F5B70136CB4 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll 2013-11-23 10:25:55 78394F2B354BDC28C5C61837872DD132 108032 ----a-w- C:\Windows\Sysnative\psisrndr.ax 2013-11-23 10:25:55 050AF06F8B0463417E4AED9DA5816A65 613888 ----a-w- C:\Windows\Sysnative\psisdecd.dll 2013-11-23 10:25:44 9E5D9177660A76FC8DECDC37A91A5B0D 9216 ----a-w- C:\Windows\Sysnative\rdrmemptylst.exe 2013-11-23 10:25:44 6D5DCC1579B3961D791ABDE286A1CB5E 77312 ----a-w- C:\Windows\Sysnative\rdpwsx.dll 2013-11-23 10:25:44 5B236296E233CAA6BF86BE0C6501A224 149504 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll 2013-11-23 10:25:39 51DFBD18A435BAEC1F71A692373ECE4F 9728 ----a-w- C:\Windows\Sysnative\Wdfres.dll 2013-11-23 10:25:37 9028D1621C43DF8DFBD1C76860412A11 633856 ----a-w- C:\Windows\Sysnative\comctl32.dll 2013-11-23 10:25:28 99B91C5D2FCEF218CAD3600ECB62A799 2002432 ----a-w- C:\Windows\Sysnative\msxml6.dll 2013-11-23 10:25:27 371948BC5911ABA06168FAC91ED25F06 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll 2013-11-23 10:25:25 D0EC440FA8D306E4CEFC8CC4DEFD2AC4 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2013-11-23 10:25:21 19320B121BFE7462EADD50A42C81AFD0 3155968 ----a-w- C:\Windows\Sysnative\win32k.sys 2013-11-23 10:25:09 374CE9DAB2F0CB173B8FCF3AB8DB5D1B 478208 ----a-w- C:\Windows\Sysnative\dpnet.dll 2013-11-23 10:25:07 8699D17DFCFCD327784034DB6BD3A422 95744 ----a-w- C:\Windows\Sysnative\synceng.dll 2013-11-23 10:25:06 44E1A196DFCB53B01FE4B855C3B56A15 715776 ----a-w- C:\Windows\Sysnative\kerberos.dll 2013-11-23 10:25:01 4474A8AEABD056DF636FD4FBEF49353B 1031680 ----a-w- C:\Windows\Sysnative\rdpcore.dll 2013-11-23 10:25:00 67CF11E00D026A5C0C88EA5F84D501E5 751104 ----a-w- C:\Windows\Sysnative\win32spl.dll 2013-11-23 10:24:14 4586B77B18FA9A8518AF76CA8FD247D9 1192448 ----a-w- C:\Windows\Sysnative\certutil.exe 2013-11-23 10:24:13 189B0BAE1B0EDD51CEF1CD3F4CDEE02E 52224 ----a-w- C:\Windows\Sysnative\certenc.dll 2013-11-23 10:23:40 25FBDEF06C4D92815B353F6E792C8129 404480 ----a-w- C:\Windows\Sysnative\umpnpmgr.dll 2013-11-23 10:15:08 1FEB1694B13247A451B274E114AFAC45 1133568 ----a-w- C:\Windows\Sysnative\cdosys.dll 2013-11-23 10:14:47 CF636C92B762B26F0B39B38E92380A09 331776 ----a-w- C:\Windows\Sysnative\oleacc.dll 2013-11-23 10:14:47 C06B32165E23A72A898B7A89679AD754 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll 2013-11-23 10:14:32 1392A9F9E56A876C616D8A33FE272C78 723456 ----a-w- C:\Windows\Sysnative\EncDec.dll 2013-11-23 10:14:30 79BEC88D21DB3611C2A0B453D4846A8E 1545728 ----a-w- C:\Windows\Sysnative\DWrite.dll 2013-11-23 10:14:29 76C196B109E4BFA50132EF50AF6A1C1B 1143296 ----a-w- C:\Windows\Sysnative\FntCache.dll 2013-11-23 10:14:28 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL 2013-11-23 10:14:28 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll 2013-11-23 10:14:28 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL 2013-11-23 10:14:21 45CFBFA8EDC3DF4E2B7FB0D0260FE051 956928 ----a-w- C:\Windows\Sysnative\localspl.dll 2013-11-23 10:14:19 943F527DF79E6B400104341AA7023C75 144384 ----a-w- C:\Windows\Sysnative\cdd.dll 2013-11-23 10:14:18 EEEA40F0EDB0A6E5359E539E15D0BC77 73216 ----a-w- C:\Windows\Sysnative\netapi32.dll 2013-11-23 10:14:18 05F5A0D14A2EE1D8255C2AA0E9E8E694 136704 ----a-w- C:\Windows\Sysnative\browser.dll 2013-11-23 10:14:18 012787CEB35505EB78DF82E0A0072888 59392 ----a-w- C:\Windows\Sysnative\browcli.dll 2013-11-23 10:14:16 C391FC68282A000CDF953F8B6B55D2EF 634880 ----a-w- C:\Windows\Sysnative\msvcrt.dll 2013-11-23 10:14:14 BACE7F36D65968FD07757B239B01F4E2 77312 ----a-w- C:\Windows\Sysnative\packager.dll ====== C:\Windows\Sysnative\drivers ===== 2013-11-23 12:14:23 DD0443BC6CC78A19FD399817F8C51401 17720 ----a-w- C:\Windows\Sysnative\drivers\SmartDefragDriver.sys 2013-11-23 10:53:28 6BD9295CC032DD3077C671FCCF579A7B 23408 ----a-w- C:\Windows\Sysnative\drivers\fs_rec.sys 2013-11-23 10:31:57 9661DA76B4531B2DA272ECCE25A8AF24 42496 ----a-w- C:\Windows\Sysnative\drivers\usbscan.sys 2013-11-23 10:31:57 856E76B3641746ABBC2946BED1372098 32896 ----a-w- C:\Windows\Sysnative\drivers\hidparse.sys 2013-11-23 10:31:57 597C3699384E53CC59587ED50CCE5CA2 76800 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys 2013-11-23 10:29:45 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2013-11-23 10:29:45 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2013-11-23 10:29:45 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2013-11-23 10:26:26 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys 2013-11-23 10:26:19 E61608AA35E98999AF9AAEEEA6114B0A 210944 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys 2013-11-23 10:25:58 4CE278FC9671BA81A138D70823FCAA09 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys 2013-11-23 10:25:51 D711B3C1D5F42C0C2415687BE09FC163 288768 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2013-11-23 10:25:49 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2013-11-23 10:25:39 E2C933EDBC389386EBE6D2BA953F43D8 785624 ----a-w- C:\Windows\Sysnative\drivers\Wdf01000.sys 2013-11-23 10:25:39 AEA0A67275CFBA0E463E00C6E9A1DDAE 54376 ----a-w- C:\Windows\Sysnative\drivers\WdfLdr.sys 2013-11-23 10:25:39 933222B19FF3E7EA5F65517EA1F7D57E 3 ----a-w- C:\Windows\Sysnative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2013-11-23 10:25:31 E9766131EEADE40A27DC27D2D68FBA9C 75120 ----a-w- C:\Windows\Sysnative\drivers\partmgr.sys 2013-11-23 10:25:15 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys 2013-11-23 10:25:05 80B0F7D5CCF86CEB5D402EAAF61FEC31 100864 ----a-w- C:\Windows\Sysnative\drivers\usbcir.sys 2013-11-23 10:25:05 1F775DA4CF1A3A1834207E975A72E9D7 185344 ----a-w- C:\Windows\Sysnative\drivers\usbvideo.sys 2013-11-23 10:25:04 B0435098C81D04CAFFF80DDB746CD3A2 109824 ----a-w- C:\Windows\Sysnative\drivers\USBAUDIO.sys 2013-11-23 10:25:01 51C5ECEB1CDEE2468A1748BE550CFBC8 23552 ----a-w- C:\Windows\Sysnative\drivers\tdtcp.sys 2013-11-23 10:14:30 DB74544B75566C974815E79A62433F29 1910208 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2013-11-23 10:14:30 7942B7AC3FF598F8A1736D51ADAF04E8 376688 ----a-w- C:\Windows\Sysnative\drivers\netio.sys 2013-11-23 10:14:30 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2013-11-23 10:14:20 88612F1CE3BF42256913BF6E61C70D52 983488 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2013-11-23 10:14:19 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys 2013-11-23 10:14:16 E73A7A04FDAC9DD46EE2A4257F09E91C 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys 2013-11-23 10:14:16 ACCEA6BC68D0C9A78EB97EE159028B4E 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys 2013-11-23 10:14:16 A83D0EC9AE4C31704442099D40BA2471 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys 2013-11-23 10:14:16 861C197502A5057E68F0AC75D9EFCDD7 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys 2013-11-23 10:14:16 311C1DD1088E55BEAE15954D17F50646 52736 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2013-11-23 10:14:16 280E90CBF4B2DDD169F0728CB44D726F 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-11-08 20:32:21 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Margreet\AppData\Roaming ====== 2013-11-23 10:30:51 -------- d-----w- C:\Users\Margreet\AppData\Roaming\WinBatch ====== C:\Users\Margreet ====== 2013-11-23 12:09:39 13DBC7B84232604DDACA90BB9296C9A8 2277376 ----a-w- C:\Users\Margreet\Desktop\siw STICK-versie.exe ====== C: exe-files == 2013-11-24 11:59:40 D8008675ADFF725D2D9C45E1BCDF8B41 274032 ----a-w- C:\Users\Margreet\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates\0\updater.exe 2013-11-23 12:14:23 F8FDF7CF9829C2103D56C69A8C9ACED6 31576 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe 2013-11-23 12:09:39 13DBC7B84232604DDACA90BB9296C9A8 2277376 ----a-w- C:\Users\Margreet\Desktop\siw STICK-versie.exe 2013-11-23 10:31:51 63B563F1FC047AB3E21530DBBE773260 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-11-23 10:31:49 1A9E4EE88B31750E5CA207424143F99C 3968960 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2013-11-23 10:31:48 5D0325AEF9DE48330908EC2E2DB0359F 3913664 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2013-11-23 10:31:45 F0970A4BC8395659C22BF53D0FADF16F 112640 ----a-w- C:\Windows\System32\smss.exe 2013-11-23 10:31:45 BF95EA5809E3BBF55370F7CB309FEBD0 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-11-23 10:31:45 3808FD7522646BEB1CCEA94C45D4228C 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2013-11-23 10:31:44 B83592F532FB320F0001F8099ECC192B 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2013-11-23 10:31:42 8489D083E46BFD2096A6CECFF6C7C227 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2013-11-23 10:29:45 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\System32\lsass.exe 2013-11-23 10:25:44 9E5D9177660A76FC8DECDC37A91A5B0D 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2013-11-23 10:24:14 4586B77B18FA9A8518AF76CA8FD247D9 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-11-23 10:24:14 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\SysWOW64\certutil.exe 2013-11-23 10:23:40 B28BD86791468F427321458985F6A0E3 252928 ----a-w- C:\Windows\SysWOW64\drvinst.exe 2013-11-23 09:44:30 76B1717148C114D3A47147B1A5CCFFEA 4379048 ----a-w- C:\Users\Margreet\Desktop\belangrijke setups\ccsetup407.exe 2013-11-23 09:40:25 3AE7B9815BB34037632A87B8AC372202 98144 ----a-w- C:\ProgramData\avg9\update\backup\tareg.exe === C: other files == 2013-11-23 12:14:23 DD0443BC6CC78A19FD399817F8C51401 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys 2013-11-23 10:53:28 6BD9295CC032DD3077C671FCCF579A7B 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2013-11-23 10:31:57 9661DA76B4531B2DA272ECCE25A8AF24 42496 ----a-w- C:\Windows\System32\drivers\usbscan.sys 2013-11-23 10:31:57 856E76B3641746ABBC2946BED1372098 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys 2013-11-23 10:31:57 597C3699384E53CC59587ED50CCE5CA2 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2013-11-23 10:29:45 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\System32\drivers\cng.sys 2013-11-23 10:29:45 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2013-11-23 10:29:45 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-11-23 10:26:26 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-11-23 10:26:19 E61608AA35E98999AF9AAEEEA6114B0A 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2013-11-23 10:25:58 4CE278FC9671BA81A138D70823FCAA09 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-11-23 10:25:51 D711B3C1D5F42C0C2415687BE09FC163 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2013-11-23 10:25:49 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-11-23 10:25:39 E2C933EDBC389386EBE6D2BA953F43D8 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-11-23 10:25:39 AEA0A67275CFBA0E463E00C6E9A1DDAE 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2013-11-23 10:25:31 E9766131EEADE40A27DC27D2D68FBA9C 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2013-11-23 10:25:21 19320B121BFE7462EADD50A42C81AFD0 3155968 ----a-w- C:\Windows\System32\win32k.sys 2013-11-23 10:25:15 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-11-23 10:25:05 80B0F7D5CCF86CEB5D402EAAF61FEC31 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys 2013-11-23 10:25:05 1F775DA4CF1A3A1834207E975A72E9D7 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys 2013-11-23 10:25:04 B0435098C81D04CAFFF80DDB746CD3A2 109824 ----a-w- C:\Windows\System32\drivers\USBAUDIO.sys 2013-11-23 10:25:01 51C5ECEB1CDEE2468A1748BE550CFBC8 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2013-11-23 10:14:51 C1B914A204C838EA42BC39E95B99A4D1 30108038 ----a-w- C:\Users\Margreet\Desktop\belangrijke setups\tpdrv-20091202155841.zip 2013-11-23 10:14:30 DB74544B75566C974815E79A62433F29 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-11-23 10:14:30 7942B7AC3FF598F8A1736D51ADAF04E8 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2013-11-23 10:14:30 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-11-23 10:14:20 88612F1CE3BF42256913BF6E61C70D52 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-11-23 10:14:19 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-11-23 10:14:16 E73A7A04FDAC9DD46EE2A4257F09E91C 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-11-23 10:14:16 ACCEA6BC68D0C9A78EB97EE159028B4E 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-11-23 10:14:16 A83D0EC9AE4C31704442099D40BA2471 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-11-23 10:14:16 861C197502A5057E68F0AC75D9EFCDD7 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-11-23 10:14:16 311C1DD1088E55BEAE15954D17F50646 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-11-23 10:14:16 280E90CBF4B2DDD169F0728CB44D726F 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [HKEY_USERS\S-1-5-21-3986013921-6903290-1994597622-1000\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"="C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL" "HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP" "KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" "AVG9_TRAY"="C:\PROGRA~2\AVG\AVG9\avgtray.exe" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "TWebCamera"=""%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" "TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\System32\\avgrssta.dll" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\Margreet\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba Registration] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Toshiba Registration" "hkey"="HKLM" "command"="C:\\Program Files\\Toshiba\\Registration\\ToshibaReminder.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\MCAFEE~1\\307523~1.318\\SSSCHE~1.EXE " "item"="McAfee Security Scan Plus" ==== Startup Folders ====================== 2009-09-10 08:36:41 1258 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2009-09-10 08:36:41 1258 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3986013921-6903290-1994597622-1000Core.job --a------ [undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3986013921-6903290-1994597622-1000UA.job --a------ [undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate 2" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3986013921-6903290-1994597622-1000Core" [C:\Users\Margreet\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3986013921-6903290-1994597622-1000UA" [C:\Users\Margreet\AppData\Local\Facebook\Update\FacebookUpdate.exe] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default - Visualisateur 3D de 20-20 - %ProfilePath%\extensions\2020Player_IKEA@2020Technologies.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default 37BC12D7E076F77D432C74DAAE08A138 - C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll - 20-20 3D Viewer for IKEA 0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Margreet\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin D94C362E750F8C283BF52537D3DF28B5 - C:\Users\Margreet\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll - Facebook Plugin ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mhkaekfpcppmmioggniknbnbdbcigpkk - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {0993B101-E33A-43E9-8E5B-8AD9D9F6B154} Amazon Url="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {78CA4FBD-A3E8-433A-843E-518E9B21E9EB} eBay Url="http://rover.ebay.com/rover/1/1346-71494-26233-7/4?satitle={searchTerms}" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Margreet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Margreet\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Margreet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Margreet\AppData\Local\Mozilla\Firefox\Profiles\862hi0w1.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Margreet\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Margreet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Users\Margreet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CLEWMX36\d150hyw1dtprld.cloudfront.net" not found ==== EOF on zo 24/11/2013 at 13:13:53,79 ======================
  11. Nikko
    Hallo beste pc- maar eig. mensenredders ;-) Mijn zus haar laptop (Toshiba Satellite L500-1R3) had een tijd terug last van een worm, gevonden door haar verouderde AVG (9.0.932). Ze kon deze jammergenoeg niet verwijderen met deze AVG. Ook had ze problemen met filmpjes bekijken op YouTube, door de Adobe FlashPlayer. (Browser: Mozilla FF 24.0) Wat klein graafwerk leverde o.a. een Toolbar van Babylon op, mee-geïnstalleerd met het een of ander programmaatje, als add-on. Waarschijnlijk zelfs met de installatie van een 'update' van FlashPlayer op 19 sept., zoals ik kan zien in de downloadgeschiedenis van FF: install_flashplayer11x32_mssa_aaa_aih.exe en daarna install_flashplayer11x32_ltr5x64d_awc_aih.exe. Beide bestanden lijken na wat geGoogle toch niet helemaal pluis te zijn, ook al staat er in de downloadgeschiedenis van FF dat ze afkomstig zijn/waren van Adobe. Eerst ben ik zelf aan de slag gegaan met MBAM, AdwCleaner, maar eerst een logje gemaakt met HiJackthis nog. Ik heb ook alles van FlashPlayer zoveel mogelijk verwijderd. Nu lijkt het min of meer opgelost (AVG geeft geen meldingen van wormen meer), maar ik vroeg me af of alle adware en briel verwijderd is, zodat ik een verse FlashPlayer kan installeren en een nieuwe AV installeren. Hieronder een RSIT-logje om te controleren, alstublieft Alvast hartelijk bedankt op voorhand! PS: ik hoop dat ik geen forumregels over het plaatsen van RSIT/hijackthis-logjes gebroken heb; ik heb ernaar gezocht, maar niet gevonden. Logfile of random's system information tool 1.09 (written by random/random) Run by Margreet at 2013-11-08 21:32:21 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 74 GB (48%) free of 153 GB Total RAM: 3933 MB (44% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:32:25, on 8/11/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\trend micro\Margreet.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10023 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService "C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe" C:\Windows\system32\svchost.exe -k NetworkService "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "taskhost.exe" C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" "C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe" "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" C:\Windows\system32\igfxsrvc.exe -Embedding "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" C:\Windows\System32\svchost.exe -k HPZ12 "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray C:\Windows\System32\svchost.exe -k HPZ12 "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" "C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe" "C:\Program Files (x86)\AVG\AVG9\avgnsa.exe" "C:\Program Files (x86)\AVG\AVG9\avgchsva.exe" "C:\Program Files (x86)\AVG\AVG9\avgrsa.exe" /pipeName=98f49834-ba4b-4e44-a7ed-f9a71a7aa00e /coreSdkOptions=30 /logConfFile="C:\ProgramData\avg9\temp\f6eb85fa-bf37-4549-8b6a-8dd2e7275e86-ad4-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG9\" /tempPath="C:\ProgramData\avg9\temp\" C:\Windows\system32\TODDSrv.exe "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" "C:\Program Files\TOSHIBA\TECO\TecoService.exe" C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files\Windows Media Player\wmpnetwk.exe" "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun "C:\Program Files (x86)\AVG\AVG9\avgtray.exe" "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup "C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe" -Embedding C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe" "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe" "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe" "C:\Windows\system32\wuauclt.exe" C:\Windows\system32\svchost.exe -k SDRSVC "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /SCANCFG:11 /SCANTYPE:5 /SCHEDID:1 \??\C:\Windows\system32\conhost.exe /pipeName=213d5674-cdd5-44a3-a2f1-50bec5f01c3f /coreSdkOptions=0 /binaryPath="C:\Program Files (x86)\AVG\AVG9\" taskeng.exe {C031FE84-A276-4AF2-BA14-74881C80F17F} C:\Windows\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup "C:\Windows\system32\taskmgr.exe" /4 "C:\Users\Margreet\Desktop\RSITx64.exe" ======Scheduled tasks folder====== C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3986013921-6903290-1994597622-1000Core.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3986013921-6903290-1994597622-1000UA.job =========Mozilla firefox========= ProfilePath - C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin] "Description"=McAfee Mss Plugin "Path"=C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll C:\Program Files (x86)\Mozilla Firefox\components\ IICAClient.xpt nsIQTScriptablePlugin.xpt C:\Program Files (x86)\Mozilla Firefox\plugins\ CCMSDK.dll cgpcfg.dll CgpCore.dll confmgr.dll ctxlogging.dll ctxmui.dll ICAClObj.class icafile.dll icalogon.dll npicaN.dll NPOFF12.DLL nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll QuickTimePlugin.class sslsdk_b.dll TcpPServ.dll C:\Program Files (x86)\Mozilla Firefox\searchplugins\ yahoo.xml C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default\extensions\ 2020Player_IKEA@2020Technologies.com ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}] MSS+ Identifier - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2006-10-26 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-09-10 41368] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-08-03 709976] "Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2009-08-06 1050000] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-02 165912] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-02 387608] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-02 365592] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-28 7982112] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"=C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [2009-08-12 6203296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] C:\Users\Margreet\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-10 138096] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe [2009-01-05 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [2009-07-30 134032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] C:\PROGRA~2\MCAFEE~1\307523~1.318\SSSCHE~1.EXE [2013-02-05 272248] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2009-08-12 352256] "HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 423936] "KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088] "TWebCamera"=C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun [] "AVG9_TRAY"=C:\PROGRA~2\AVG\AVG9\avgtray.exe [2012-01-27 2077536] "ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2009-09-12 103768] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\Windows\System32\avgrssta.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-08-27 259584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2006-10-26 2210608] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 3 months====== 2013-11-08 21:32:21 ----D---- C:\rsit 2013-11-08 21:32:21 ----D---- C:\Program Files\trend micro 2013-10-04 16:51:46 ----D---- C:\Program Files (x86)\Mozilla Firefox 2013-10-03 21:11:12 ----D---- C:\Users\Margreet\AppData\Roaming\SUPERAntiSpyware.com 2013-10-03 21:11:12 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2013-10-03 20:44:20 ----D---- C:\Windows\pss 2013-10-03 20:42:22 ----SHD---- C:\$RECYCLE.BIN 2013-10-03 20:42:18 ----D---- C:\Windows\temp 2013-10-03 20:42:16 ----A---- C:\ComboFix.txt 2013-10-03 20:30:52 ----A---- C:\Windows\zip.exe 2013-10-03 20:30:52 ----A---- C:\Windows\SWSC.exe 2013-10-03 20:30:52 ----A---- C:\Windows\SWREG.exe 2013-10-03 20:30:52 ----A---- C:\Windows\sed.exe 2013-10-03 20:30:52 ----A---- C:\Windows\PEV.exe 2013-10-03 20:30:52 ----A---- C:\Windows\NIRCMD.exe 2013-10-03 20:30:52 ----A---- C:\Windows\MBR.exe 2013-10-03 20:30:52 ----A---- C:\Windows\grep.exe 2013-10-03 20:29:16 ----D---- C:\Qoobox 2013-10-03 20:28:54 ----D---- C:\Windows\erdnt 2013-10-03 20:16:17 ----D---- C:\AdwCleaner 2013-10-03 19:56:53 ----D---- C:\Users\Margreet\AppData\Roaming\Malwarebytes 2013-10-03 19:56:44 ----D---- C:\ProgramData\Malwarebytes 2013-10-03 19:56:43 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-03 19:56:43 ----A---- C:\Windows\system32\drivers\mbam.sys 2013-09-19 19:42:34 ----D---- C:\ProgramData\McAfee Security Scan 2013-09-19 19:42:31 ----D---- C:\Program Files (x86)\McAfee Security Scan ======List of files/folders modified in the last 3 months====== 2013-11-08 21:32:25 ----D---- C:\Windows\Prefetch 2013-11-08 21:32:21 ----RD---- C:\Program Files 2013-11-08 21:27:44 ----SHD---- C:\System Volume Information 2013-11-08 21:21:45 ----D---- C:\Windows\System32 2013-11-08 21:21:45 ----D---- C:\Windows\inf 2013-11-08 21:21:45 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-11-08 21:20:22 ----D---- C:\Windows\system32\drivers\Avg 2013-11-08 21:20:18 ----D---- C:\Windows\system32\config 2013-10-05 13:41:03 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-05 10:28:01 ----RD---- C:\Program Files (x86) 2013-10-03 21:31:30 ----D---- C:\Windows\system32\NDF 2013-10-03 21:12:30 ----D---- C:\ProgramData 2013-10-03 20:44:20 ----D---- C:\Windows 2013-10-03 20:39:58 ----A---- C:\Windows\system.ini 2013-10-03 20:36:32 ----D---- C:\Windows\SYSWOW64\drivers 2013-10-03 20:36:32 ----D---- C:\Windows\SysWOW64 2013-10-03 20:36:32 ----D---- C:\Windows\AppPatch 2013-10-03 20:36:31 ----D---- C:\Program Files (x86)\Common Files 2013-10-03 20:29:18 ----D---- C:\Windows\system32\drivers 2013-10-03 19:51:07 ----D---- C:\Windows\system32\Tasks 2013-10-03 19:49:20 ----SHD---- C:\Windows\Installer 2013-10-03 19:49:19 ----D---- C:\Config.Msi 2013-09-19 20:06:55 ----D---- C:\Windows\system32\catroot2 2013-08-22 19:47:25 ----D---- C:\ProgramData\avg9 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\Windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840] R1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys [2013-01-15 282976] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys [2011-09-13 35664] R1 AvgTdiA;AVG Free Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys [2011-05-05 317520] R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600] R1 SASDIFSV;SASDIFSV; \??\C:\Users\Margreet\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [2010-02-17 14920] R1 SAS***IL;SAS***IL; \??\C:\Users\Margreet\AppData\Local\Temp\SAS_SelfExtract\SAS***IL64.SYS [2010-02-17 12360] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-08-27 7369600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-28 1966624] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264] R3 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2009-07-30 44912] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-20 274480] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 athr;Stuurprogramma Atheros Extensible draadloze LAN-apparaat; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688] S3 atikmdag;atikmdag; C:\Windows\system32\drivers\atikmdag.sys [2009-07-13 5020672] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 19968] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-07-30 222208] S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys [] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984] S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64.sys [2009-02-03 19456] S3 WinUsb;WinUSB Driver for STLink; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640] R2 avg9wd;AVG Free WatchDog; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-25 308136] R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688] R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368] R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-10-26 335872] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952] R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-08-05 488800] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760] R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560] S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-04 118680] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512] S3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-13 1255736] -----------------EOF-----------------
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.