cindyk
-
Items
9 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door cindyk
-
-
[ATTACH]31025[/ATTACH]
-
gelukt!
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Cindy on wo 26-03-2014 at 11:53:53,40.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cindy\Desktop\zoek.exe [scan all users] [script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-25-230646.log 327 bytes
==== Empty Folders Check ======================
C:\PROGRA~2\BitComet deleted successfully
C:\PROGRA~2\onlinetracks deleted successfully
C:\PROGRA~2\YouWave_Android deleted successfully
C:\Program Files\BitComet deleted successfully
C:\Program Files\mcafee deleted successfully
C:\PROGRA~3\boost_interprocess deleted successfully
C:\PROGRA~3\PCDr deleted successfully
C:\PROGRA~3\SupportSoft deleted successfully
C:\PROGRA~3\{EFEE9A83-B088-419F-B1A2-BCAFEA14C21A} deleted successfully
C:\Users\Cindy\AppData\Local\Dell Edoc Viewer deleted successfully
C:\Users\Cindy\AppData\Local\SupportSoft deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6125F634-B791-FAD7-37AB-4DD442B996AB} deleted successfully
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6125F634-B791-FAD7-37AB-4DD442B996AB} deleted successfully
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38F11BDF-6689-0014-9E53-3B17F0DD7428} deleted successfully
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{38F11BDF-6689-0014-9E53-3B17F0DD7428} deleted successfully
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6A53A30-719A-2682-59DF-10A2FB37B57B} deleted successfully
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6A53A30-719A-2682-59DF-10A2FB37B57B} deleted successfully
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6125F634-B791-FAD7-37AB-4DD442B996AB} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6125F634-B791-FAD7-37AB-4DD442B996AB} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{6125F634-B791-FAD7-37AB-4DD442B996AB} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6125F634-B791-FAD7-37AB-4DD442B996AB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6125F634-B791-FAD7-37AB-4DD442B996AB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6125F634-B791-FAD7-37AB-4DD442B996AB} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38F11BDF-6689-0014-9E53-3B17F0DD7428} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38F11BDF-6689-0014-9E53-3B17F0DD7428} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{38F11BDF-6689-0014-9E53-3B17F0DD7428} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{38F11BDF-6689-0014-9E53-3B17F0DD7428} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38F11BDF-6689-0014-9E53-3B17F0DD7428} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6A53A30-719A-2682-59DF-10A2FB37B57B} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{B6A53A30-719A-2682-59DF-10A2FB37B57B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6A53A30-719A-2682-59DF-10A2FB37B57B} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SpyHunter 4 Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EsgScanner deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EsgScanner deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\esgiguard deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\esgiguard deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CINDY-PC"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
==== Deleting Files \ Folders ======================
C:\ProgramData\50COupoons not found
c:\progra~3\filtel~1 not found
C:\ProgramData\UTUbEroAdBlockker not found
C:\ProgramData\JoniCouppone not found
C:\PROGRA~3\{EFEE9A83-B088-419F-B1A2-BCAFEA14C21A} not found
"C:\Users\Cindy\AppData\Roaming\Computer.exe" not found
C:\Program Files\Enigma Software Group deleted
C:\sh4ldr deleted
C:\ProgramData\DownSave deleted
C:\PROGRA~3\ocianfbjdoijlgcpfkekmhejgjppfdho deleted
C:\Users\Cindy\AppData\LocalLow\{048C6A7B-3D0C-6F8E-8FDB-F6199697BB04} deleted
C:\Users\Cindy\AppData\LocalLow\{4C6B045B-4658-7758-8BFB-B99FDFBF9389} deleted
C:\Users\Cindy\AppData\LocalLow\{6125F634-B791-FAD7-37AB-4DD442B996AB} deleted
C:\Users\Cindy\AppData\LocalLow\{A4C358C7-C883-A763-63E3-754ECCB7A136} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{38F11BDF-6689-0014-9E53-3B17F0DD7428} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{6125F634-B791-FAD7-37AB-4DD442B996AB} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{A4C358C7-C883-A763-63E3-754ECCB7A136} deleted
C:\Users\Cindy\AppData\Local\Packages\windows_ie_ac_001\AC\{048C6A7B-3D0C-6F8E-8FDB-F6199697BB04} deleted
C:\Users\Cindy\AppData\Local\Packages\windows_ie_ac_001\AC\{38F11BDF-6689-0014-9E53-3B17F0DD7428} deleted
C:\Users\Cindy\AppData\Local\Packages\windows_ie_ac_001\AC\{4C6B045B-4658-7758-8BFB-B99FDFBF9389} deleted
C:\Users\Cindy\AppData\Local\Packages\windows_ie_ac_001\AC\{6125F634-B791-FAD7-37AB-4DD442B996AB} deleted
C:\Users\Cindy\AppData\Local\Packages\windows_ie_ac_001\AC\{A4C358C7-C883-A763-63E3-754ECCB7A136} deleted
C:\Users\Cindy\AppData\Local\Packages\windows_ie_ac_001\AC\{B6A53A30-719A-2682-59DF-10A2FB37B57B} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{38F11BDF-6689-0014-9E53-3B17F0DD7428} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{6125F634-B791-FAD7-37AB-4DD442B996AB} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{A4C358C7-C883-A763-63E3-754ECCB7A136} deleted
C:\PROGRA~3\cea2cad3caee4f45 deleted
C:\PROGRA~2\SopCast deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Cindy\AppData\Local\CRE deleted
C:\Users\Cindy\AppData\LocalLow\uTorrentControl_v2 deleted
C:\Users\Cindy\Downloads\Mannenharten Movie NL 2013 BluRay 1080p x264 NL Subs.exe deleted
"C:\windows\SysNative\drivers\EsgScanner.sys" deleted
"C:\Users\Cindy\AppData\Local\0x35t381ja6w6cmcd2r" deleted
"C:\Users\Cindy\AppData\Local\300v0hrfj2i4" deleted
"C:\ProgramData\0x35t381ja6w6cmcd2r" deleted
"C:\ProgramData\300v0hrfj2i4" deleted
"C:\PROGRA~3\gamiipnagaakobenbkakbpgeaeacglbm\gamiipnagaakobenbkakbpgeaeacglbm.crx" deleted
"C:\PROGRA~3\gamiipnagaakobenbkakbpgeaeacglbm\update.xml" deleted
"C:\PROGRA~3\gamiipnagaakobenbkakbpgeaeacglbm" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Cindy\AppData\Local\Temp ====
2014-03-21 13:24:44 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Users\Cindy\AppData\Local\Temp\ESGScanner.sys
2014-03-21 12:49:15 5C28E508C83A3B0DDBB224B04B1418B9 47329360 ----a-w- C:\Users\Cindy\AppData\Local\Temp\SHSetup.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-03-25 19:42:14 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-03-25 19:41:30 EF3B71BD5920BD4C02302AFBABE210A6 88280 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-03-25 19:41:30 92008BFC4A409AD92DFBB50AF392AECC 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-03-25 19:41:30 5F779F8A5599F2DDA479157088E3836E 63192 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
====== C:\Windows\Tasks ======
2014-03-25 23:14:24 6C545E3CD7F69DB54554D61AD5A4A483 3120 ----a-w- C:\Windows\Sysnative\Tasks\{229C6AAE-9962-4CFC-8B67-4E104EAB5D96}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-25 20:07:08 -------- d-----w- C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-03-14 11:31:33 -------- d-----w- C:\PROGRA~2\Anvisoft
======= C: =====
2014-03-21 13:25:24 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
====== C:\Users\Cindy\AppData\Roaming ======
2014-03-21 13:24:36 -------- d-----w- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-03-09 02:53:22 -------- d-----w- C:\Users\Cindy\AppData\Local\Microsoft Games
====== C:\Users\Cindy ======
2014-03-25 20:06:30 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Cindy\Downloads\RSITx64.exe
2014-03-25 19:39:57 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\Cindy\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-22 15:11:59 DF06DC5837316EA78746E3F790A950ED 1950720 ----a-w- C:\Users\Cindy\Downloads\adwcleaner (2).exe
2014-03-21 12:49:05 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Cindy\Downloads\SpyHunter-Installer.exe
2014-03-21 12:38:33 DF06DC5837316EA78746E3F790A950ED 1950720 ----a-w- C:\Users\Cindy\Downloads\adwcleaner (1).exe
2014-03-14 11:35:49 2075EBB7954277A05193412881EC8FDE 1037734 ----a-w- C:\Users\Cindy\Downloads\JRT.exe
2014-03-14 11:35:41 DF06DC5837316EA78746E3F790A950ED 1950720 ----a-w- C:\Users\Cindy\Downloads\adwcleaner.exe
2014-03-14 11:30:46 28439C70930F79686EA27924CAFAFF1A 1381864 ----a-w- C:\Users\Cindy\Downloads\AnviUnIns.exe
2014-03-09 11:10:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst
====== C: exe-files ==
=== C: other files ==
2014-03-21 13:25:24 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Mega Manager"="C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe /Tray"
"BitComet"="C:\Program Files\BitComet\BitComet.exe /tray"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"FLV Player"="C:\Users\Cindy\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe"
"Spotify"="C:\Users\Cindy\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
"Spotify Web Helper"="C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Copy"="C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe"
"uTorrent"="C:\Users\Cindy\AppData\Roaming\uTorrent\uTorrent.exe"
"SuperAdBlocker"="C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
"Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe /mode2"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"adblock pro"="C:\Program Files (x86)\Adblock Pro\abpmain.exe -m"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
"STToasterLauncher"="C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe"
"20131224"="C:\Program Files\AVAST Software\Avast\setup\emupdate\4e90784d-6117-436e-8071-ad5552bbca8a.exe /check"
"Launcher"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Mega Manager"="C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe /Tray"
"BitComet"="C:\Program Files\BitComet\BitComet.exe /tray"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"FLV Player"="C:\Users\Cindy\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe"
"Spotify"="C:\Users\Cindy\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
"Spotify Web Helper"="C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Copy"="C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe"
"uTorrent"="C:\Users\Cindy\AppData\Roaming\uTorrent\uTorrent.exe"
"SuperAdBlocker"="C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~3\\FILTEL~1\\FILTEL~2.DLL"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellComms]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DellComms"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Dell\\DellComms\\bin\\sprtcmd.exe\" /P DellComms"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellSupportCenter]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DellSupportCenter"
"hkey"="HKLM"
"command"="\"c:\\Program Files (x86)\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter"
==== Startup Folders ======================
2010-09-28 23:12:00 829 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
2010-09-28 23:10:12 2000 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2010-09-28 23:12:00 829 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
2010-09-28 23:10:12 2000 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\{0CA5549F-A442-40B2-870D-8E1570E0F515}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" ]Downloading
"C:\Windows\SysNative\tasks\{50420F0B-4848-0EA7-E14B-1F50CF08F162}" [C:\Users\Cindy\AppData\Roaming\adobe\acrobat\10.0\forms\lawynpt.exe]
"C:\Windows\SysNative\tasks\{730B3EC6-48EE-490F-9AC3-F620BFB00032}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.120/en/go/help.faq.installer?LastError=1618]
"C:\Windows\SysNative\tasks\{AFDD0997-E364-49D2-B3BC-D1C38383AF12}" ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"]
"C:\Windows\SysNative\tasks\{D2497C30-31FD-4A98-B2C2-8B4F00059DFA}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17-02-2014 14:37]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10-10-2011 17:09]
UTUbEroAdBlockker - Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gamiipnagaakobenbkakbpgeaeacglbm
Skype Click to Call - Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
uTorrentBar_NL - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
uTorrentControl_v2 - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
UTUbEroAdBlockker - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gamiipnagaakobenbkakbpgeaeacglbm
Skype Click to Call - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
==== Chrome Fix ======================
C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bing.conduit-services.com_0.localstorage deleted successfully
C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bing.conduit-services.com_0.localstorage-journal deleted successfully
C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdn.adbabylon.com_0.localstorage deleted successfully
C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdn.adbabylon.com_0.localstorage-journal deleted successfully
C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully
C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully
C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gamiipnagaakobenbkakbpgeaeacglbm deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gamiipnagaakobenbkakbpgeaeacglbm deleted successfully
C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gamiipnagaakobenbkakbpgeaeacglbm_0.localstorage deleted successfully
C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gamiipnagaakobenbkakbpgeaeacglbm_0.localstorage-journal deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gamiipnagaakobenbkakbpgeaeacglbm_0.localstorage deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gamiipnagaakobenbkakbpgeaeacglbm_0.localstorage-journal deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{62E2CB12-1D8A-463B-BE20-673039477F6E} Bing Url="http://www.bing.com/search?FORM=DLCBDF&PC=MDDC&q={searchTerms}&src=IE-SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{6E598DAC-23B3-4126-B44E-B36AAD02AF04} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1836166144-1085114356-520303975-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6E598DAC-23B3-4126-B44E-B36AAD02AF04} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C9A4BF4A-BA35-29C0-36A3-7BE82BE1FB2A} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\S-5902107913 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellComms deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Cindy\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cindy\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cindy\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=2452 folders=503 112129130 bytes)
==== Empty Temp Folders ======================
C:\Users\Cindy\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Cindy\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda" deleted
"C:\Users\Cindy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K73XLLJC\club777.com" not found
==== EOF on wo 26-03-2014 at 12:40:42,72 ======================
- - - Updated - - -
[ATTACH]30939[/ATTACH] dit keer met attachement
-
Er gebeurde verder niets meer... Ik zal het nog wel eens proberen en nu langer wachten.
-
[ATTACH]30924[/ATTACH]
Is dit gelukt zo?Was niet zeker of dit nu het correcte bestand was..
-
dit was de derde log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Cindy at 2014-03-25 21:07:08
Microsoft Windows 7 Home Premium
System drive C: has 17 GB (4%) free of 462 GB
Total RAM: 3893 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:07:30, on 25-3-2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17267)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Cindy\AppData\Roaming\Spotify\spotify.exe
C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Cindy\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Cindy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: 50COupoons - {6125F634-B791-FAD7-37AB-4DD442B996AB} - C:\ProgramData\50COupoons\H.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [adblock pro] C:\Program Files (x86)\Adblock Pro\abpmain.exe -m
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Mega Manager] C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe /Tray
O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CINDY-PC] C:\Users\Cindy\AppData\Roaming\Computer.exe
O4 - HKCU\..\Run: [FLV Player] C:\Users\Cindy\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
O4 - HKCU\..\Run: [spotify] "C:\Users\Cindy\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Copy] "C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Cindy\AppData\Roaming\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [superAdBlocker] C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Copy] "C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Copy] "C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe" (User 'Default user')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.easetuner.com/download/SOPCORE.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\filtel~1\filtel~1.dll
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14692 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,1024 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,1024 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\Dell\DellDock\DockLogin.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 1994288
\??\C:\Windows\system32\conhost.exe "157977866111775347501798107762-1613403880-47395920-972513570-1092533151672747475
"C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
taskeng.exe {FD481FC1-7D3D-4729-A6F3-692BAE6C9EF0}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
WLIDSvcM.exe 2552
"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe"
C:\Windows\System32\vds.exe
"C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe" C:\Users\Cindy"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Dell\QuickSet\quickset.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe" /Tray
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\Cindy\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
"C:\Windows\System32\StikyNot.exe"
"C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe"
"C:\Users\Cindy\AppData\Roaming\uTorrent\uTorrent.exe"
"C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
"C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
"C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=renderer --js-flags=--harmony-proxies --no-sandbox --lang=en-US --lang=en-US --log-severity=disable --channel="4020.0.30419628\1676592362" /prefetch:673131151
"C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=renderer --js-flags=--harmony-proxies --no-sandbox --lang=en-US --lang=en-US --log-severity=disable --channel="4020.1.2021579296\1434860776" /prefetch:673131151
"C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=renderer --js-flags=--harmony-proxies --no-sandbox --lang=en-US --lang=en-US --log-severity=disable --channel="4020.2.542815304\563324301" /prefetch:673131151
"C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=renderer --js-flags=--harmony-proxies --no-sandbox --lang=en-US --lang=en-US --log-severity=disable --channel="4020.3.1008003653\334972277" /prefetch:673131151
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=gpu-process --channel="4020.4.1781795359\339798199" --no-sandbox --lang=en-US --log-severity=disable --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,19 --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2104 --lang=en-US --log-severity=disable /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5584.0.1223941425\2090735637" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2104 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_EnableZeroSuggest_R7_Stable_Control/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group3 pct:10b stable:r7 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --disable-accelerated-video-decode --channel="5584.1.1986000939\906779822" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_EnableZeroSuggest_R7_Stable_Control/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group3 pct:10b stable:r7 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="5584.3.1314190728\1169959252" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_EnableZeroSuggest_R7_Stable_Control/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group3 pct:10b stable:r7 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="5584.4.635957269\1774358208" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_EnableZeroSuggest_R7_Stable_Control/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group3 pct:10b stable:r7 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="5584.5.487647131\1414373492" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5584.6.832600596\1193772356" --ppapi-flash-args --lang=en-US --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_EnableZeroSuggest_R7_Stable_Control/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group3 pct:10b stable:r7 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="5584.7.1645662224\1193919128" /prefetch:673131151
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Cindy\Desktop\malware log.txt
consent.exe 948 532 00000000039568D0
taskhost.exe $(Arg0)
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Cindy\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38F11BDF-6689-0014-9E53-3B17F0DD7428}]
UTUbEroAdBlockker - C:\ProgramData\UTUbEroAdBlockker\C.x64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6125F634-B791-FAD7-37AB-4DD442B996AB}]
50COupoons - C:\ProgramData\50COupoons\H.x64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-02-17 1390368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6A53A30-719A-2682-59DF-10A2FB37B57B}]
JoniCouppone - C:\ProgramData\JoniCouppone\lKLJX_.x64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6125F634-B791-FAD7-37AB-4DD442B996AB}]
50COupoons - C:\ProgramData\50COupoons\H.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-02-17 1143168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-02-17 1390368]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-02-17 1143168]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-08 2122536]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-04-14 10144288]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-04-08 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-04-08 391192]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-04-08 413720]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2010-04-06 3203440]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-09-23 4240760]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Mega Manager"=C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe [2010-11-03 2113024]
"BitComet"=C:\Program Files\BitComet\BitComet.exe /tray []
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14 20584608]
"CINDY-PC"=C:\Users\Cindy\AppData\Roaming\Computer.exe []
"FLV Player"=C:\Users\Cindy\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe []
"Spotify"=C:\Users\Cindy\AppData\Roaming\Spotify\Spotify.exe [2014-01-16 6118400]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"Spotify Web Helper"=C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-01-16 1171968]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-11 39408]
"Copy"=C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe [2014-02-10 15501968]
"uTorrent"=C:\Users\Cindy\AppData\Roaming\uTorrent\uTorrent.exe [2013-11-16 900440]
"SuperAdBlocker"=C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe [2007-08-01 1564672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellComms]
C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe /P DellComms []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"=C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [2009-10-15 498160]
"Dell Webcam Central"=C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2009-06-24 409744]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-30 421888]
"RIMBBLaunchAgent.exe"=C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-02-18 79192]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-09-09 421776]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"adblock pro"=C:\Program Files (x86)\Adblock Pro\abpmain.exe -m []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-03-22 3767608]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe""=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe []
"Launcher"=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [2010-05-21 165184]
"STToasterLauncher"=C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [2010-05-21 122176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~3\FILTEL~1\FILTEL~2.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-04-01 269824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"=C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 77824]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-03-25 21:07:08 ----D---- C:\rsit
2014-03-25 21:07:08 ----D---- C:\Program Files\trend micro
2014-03-25 20:42:14 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-03-25 20:41:30 ----D---- C:\ProgramData\Malwarebytes
2014-03-25 20:41:30 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 20:41:30 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-03-25 20:41:30 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-03-25 20:41:30 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-03-21 14:25:24 ----A---- C:\autoexec.bat
2014-03-21 14:24:44 ----A---- C:\Windows\system32\drivers\EsgScanner.sys
2014-03-21 14:24:34 ----D---- C:\sh4ldr
2014-03-21 14:24:34 ----D---- C:\Program Files\Enigma Software Group
2014-03-21 13:51:14 ----D---- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-21 13:30:48 ----D---- C:\zoek_backup
2014-03-14 15:09:30 ----D---- C:\Windows\F8BA8B13856D4DFBA28F7EC868142453.TMP
2014-03-14 12:36:07 ----D---- C:\AdwCleaner
2014-03-14 12:31:33 ----D---- C:\Program Files (x86)\Anvisoft
======List of files/folders modified in the last 1 month======
2014-03-25 21:07:24 ----D---- C:\Windows\Temp
2014-03-25 21:07:08 ----RD---- C:\Program Files
2014-03-25 21:05:35 ----D---- C:\Windows\Prefetch
2014-03-25 21:05:30 ----D---- C:\Users\Cindy\AppData\Roaming\uTorrent
2014-03-25 21:03:16 ----D---- C:\Users\Cindy\AppData\Roaming\Spotify
2014-03-25 21:01:12 ----D---- C:\Windows\system32\config
2014-03-25 20:59:21 ----D---- C:\Users\Cindy\AppData\Roaming\Skype
2014-03-25 20:59:18 ----D---- C:\Users\Cindy\AppData\Roaming\Copy
2014-03-25 20:57:54 ----D---- C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-25 20:57:37 ----D---- C:\Windows\SysWOW64
2014-03-25 20:57:01 ----A---- C:\Windows\SYSWOW64\log.txt
2014-03-25 20:56:34 ----D---- C:\Windows\system32\drivers
2014-03-25 20:56:34 ----D---- C:\Windows\Logs
2014-03-25 20:55:16 ----D---- C:\ProgramData\DownSave
2014-03-25 20:41:30 ----RD---- C:\Program Files (x86)
2014-03-25 20:41:30 ----HD---- C:\ProgramData
2014-03-25 20:32:00 ----D---- C:\Windows\system32\Tasks
2014-03-25 12:04:21 ----SHD---- C:\System Volume Information
2014-03-25 02:07:37 ----D---- C:\Windows\System32
2014-03-25 02:07:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-24 12:28:10 ----D---- C:\Windows\system32\catroot2
2014-03-21 14:24:52 ----SHD---- C:\Windows\Installer
2014-03-21 13:51:14 ----D---- C:\Windows
2014-03-18 12:21:57 ----D---- C:\Windows\system32\MRT
2014-03-18 12:18:39 ----A---- C:\Windows\system32\MRT.exe
2014-03-14 10:56:43 ----D---- C:\Program Files\Adblock Pro
2014-03-14 10:49:42 ----D---- C:\Program Files\Microsoft Silverlight
2014-03-14 10:49:37 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 10:11:33 ----D---- C:\ProgramData\Microsoft Help
2014-03-11 23:49:30 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-03-09 12:32:55 ----D---- C:\Users\Cindy\AppData\Roaming\Belastingdienst
2014-03-09 03:45:58 ----D---- C:\Windows\system32\NDF
2014-03-02 01:21:04 ----D---- C:\ProgramData\cea2cad3caee4f45
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-02-17 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-02-17 207904]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-04 540696]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2014-02-17 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2014-02-17 1038072]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2014-02-17 421704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2014-02-17 78648]
R3 BCM43XX;DW WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-02-03 3058168]
R3 BcmVWL;Broadcom Virtual Wireless; C:\Windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-04-01 10322848]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-04-14 2345760]
R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-03-05 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-03-25 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-03-05 63192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-07 321584]
S1 SABDIFSV;SABDIFSV; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 5632]
S1 SAB***IL;SAB***IL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAB***IL.sys [2007-02-20 32256]
S3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [2014-02-17 80184]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-01-07 14872]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2011-02-16 74240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-05-07 245792]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [2005-03-21 4096]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-07-09 52736]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-01 151656]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-09-29 41472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-02-17 50344]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2009-10-01 268824]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-03-05 1809720]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-03-05 857912]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 SABSVC;Super Ad Blocker Service; C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE [2005-08-31 65536]
R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-01-09 1025408]
R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 936848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11 257928]
S3 GoToAssist;GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe [2010-09-29 16680]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-16 194032]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1255736]
-----------------EOF-----------------
-
Het tweede programma was iets anders dan je omschreef, ik kon de dingen waar jij het overhad als pup enzo niet vinden. Daarnaast bestond er geen snelle scan maar een hyperscan. Die heb ik gedaan. Kon op het eind ook niets verwijderen maar alleen in quarantaine zetten. Het volgende log heb ik toen gekopieerd want er kwam geen automatische log na het opstarten:
Malwarebytes Anti-Malware
Malwarebytes : Free Anti-Malware
Scandatum: 25-3-2014
Scantijd: 20:54:55
Logbestand: malware log.txt
Beheerder: Ja
Versie: 2.00.0.1000
Malwaredatabase: v2014.03.25.07
Rootkitdatabase: v2014.03.18.01
Licentie: Proef
Malwarebescherming: Ingeschakeld
Kwaadaardige Website Bescherming: Ingeschakeld
Chameleon: Uitgeschakeld
Besturingssysteem: Windows 7
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Cindy
Scantype: Hyperscan
Resultaat: Voltooid
Objecten Gescand: 199310
Verstreken Tijd: 6 m, 31 s
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Uitgeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Shuriken: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registersleutels: 13
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{A4C358C7-C883-A763-63E3-754ECCB7A136}, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A4C358C7-C883-A763-63E3-754ECCB7A136}, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A4C358C7-C883-A763-63E3-754ECCB7A136}, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\DowonSave.DowonSave, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\DowonSave.DowonSave.5.2, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DowonSave.DowonSave, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DowonSave.DowonSave.5.2, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A4C358C7-C883-A763-63E3-754ECCB7A136}, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1836166144-1085114356-520303975-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A4C358C7-C883-A763-63E3-754ECCB7A136}, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1836166144-1085114356-520303975-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C358C7-C883-A763-63E3-754ECCB7A136}, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A4C358C7-C883-A763-63E3-754ECCB7A136}, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A4C358C7-C883-A763-63E3-754ECCB7A136}, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{A4C358C7-C883-A763-63E3-754ECCB7A136}\INPROCSERVER32, , [f289a95e1e5d999d5fe765dc9e63ec14],
Registerwaardes: 2
PUP.Optional.MindSpark, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TelevisionFanatic Home Page Guard 64 bit, "C:\PROGRA~2\TELEVI~2\bar\1.bin\AppIntegrator64.exe", , [3942d334daa1bd79f1be1c682cd723dd]
PUP.Optional.MindSpark, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BringMeSports Home Page Guard 64 bit, "C:\PROGRA~2\BRINGM~2\bar\1.bin\AppIntegrator64.exe", , [423948bfe69595a1832c731108fb18e8]
Registerdata: 0
(No malicious items detected)
Mappen: 4
PUP.Optional.Conduit.A, C:\Users\Cindy\AppData\Local\Temp\CT2865317, , [6417b94eceadc96d176cef5df30f44bc],
PUP.Optional.Conduit.A, C:\Users\Cindy\AppData\Local\Temp\CT2865317\xpi, , [6417b94eceadc96d176cef5df30f44bc],
PUP.Optional.Conduit.A, C:\Users\Cindy\AppData\Local\Temp\CT3220468, , [512a9077a7d445f1dfa43319ea1828d8],
PUP.Optional.Conduit.A, C:\Users\Cindy\AppData\Local\Temp\CT3220468\xpi, , [512a9077a7d445f1dfa43319ea1828d8],
Bestanden: 10
PUP.Optional.MultiPlug.A, C:\ProgramData\DownSave\M7x5.x64.dll, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.MultiPlug.A, C:\ProgramData\DownSave\M7x5.dll, , [f289a95e1e5d999d5fe765dc9e63ec14],
PUP.Optional.Conduit.A, C:\Users\Cindy\AppData\Local\Temp\CT2865317\CT2865317.xpi, , [6417b94eceadc96d176cef5df30f44bc],
PUP.Optional.Conduit.A, C:\Users\Cindy\AppData\Local\Temp\CT2865317\manifest.json, , [6417b94eceadc96d176cef5df30f44bc],
PUP.Optional.Conduit.A, C:\Users\Cindy\AppData\Local\Temp\CT2865317\xpi\install.rdf, , [6417b94eceadc96d176cef5df30f44bc],
PUP.Optional.Conduit.A, C:\Users\Cindy\AppData\Local\Temp\CT3220468\conduitStatistics.csf, , [512a9077a7d445f1dfa43319ea1828d8],
PUP.Optional.Conduit.A, C:\Users\Cindy\AppData\Local\Temp\CT3220468\CT3220468.xpi, , [512a9077a7d445f1dfa43319ea1828d8],
PUP.Optional.Conduit.A, C:\Users\Cindy\AppData\Local\Temp\CT3220468\initData.json, , [512a9077a7d445f1dfa43319ea1828d8],
PUP.Optional.Conduit.A, C:\Users\Cindy\AppData\Local\Temp\CT3220468\manifest.json, , [512a9077a7d445f1dfa43319ea1828d8],
PUP.Optional.Conduit.A, C:\Users\Cindy\AppData\Local\Temp\CT3220468\xpi\install.rdf, , [512a9077a7d445f1dfa43319ea1828d8],
Fysieke Sectoren: 0
(No malicious items detected)
(end)
- - - Updated - - -
en dit is het laatste log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Cindy at 2014-03-25 21:07:08
Microsoft Windows 7 Home Premium
System drive C: has 17 GB (4%) free of 462 GB
Total RAM: 3893 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:07:30, on 25-3-2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17267)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Cindy\AppData\Roaming\Spotify\spotify.exe
C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Cindy\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Cindy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: 50COupoons - {6125F634-B791-FAD7-37AB-4DD442B996AB} - C:\ProgramData\50COupoons\H.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [adblock pro] C:\Program Files (x86)\Adblock Pro\abpmain.exe -m
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Mega Manager] C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe /Tray
O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CINDY-PC] C:\Users\Cindy\AppData\Roaming\Computer.exe
O4 - HKCU\..\Run: [FLV Player] C:\Users\Cindy\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
O4 - HKCU\..\Run: [spotify] "C:\Users\Cindy\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Copy] "C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Cindy\AppData\Roaming\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [superAdBlocker] C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Copy] "C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Copy] "C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe" (User 'Default user')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.easetuner.com/download/SOPCORE.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\filtel~1\filtel~1.dll
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14692 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,1024 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,1024 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\Dell\DellDock\DockLogin.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 1994288
\??\C:\Windows\system32\conhost.exe "157977866111775347501798107762-1613403880-47395920-972513570-1092533151672747475
"C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
taskeng.exe {FD481FC1-7D3D-4729-A6F3-692BAE6C9EF0}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
WLIDSvcM.exe 2552
"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe"
C:\Windows\System32\vds.exe
"C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe" C:\Users\Cindy"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Dell\QuickSet\quickset.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe" /Tray
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\Cindy\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
"C:\Windows\System32\StikyNot.exe"
"C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe"
"C:\Users\Cindy\AppData\Roaming\uTorrent\uTorrent.exe"
"C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
"C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
"C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=renderer --js-flags=--harmony-proxies --no-sandbox --lang=en-US --lang=en-US --log-severity=disable --channel="4020.0.30419628\1676592362" /prefetch:673131151
"C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=renderer --js-flags=--harmony-proxies --no-sandbox --lang=en-US --lang=en-US --log-severity=disable --channel="4020.1.2021579296\1434860776" /prefetch:673131151
"C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=renderer --js-flags=--harmony-proxies --no-sandbox --lang=en-US --lang=en-US --log-severity=disable --channel="4020.2.542815304\563324301" /prefetch:673131151
"C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=renderer --js-flags=--harmony-proxies --no-sandbox --lang=en-US --lang=en-US --log-severity=disable --channel="4020.3.1008003653\334972277" /prefetch:673131151
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=gpu-process --channel="4020.4.1781795359\339798199" --no-sandbox --lang=en-US --log-severity=disable --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,19 --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2104 --lang=en-US --log-severity=disable /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5584.0.1223941425\2090735637" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2104 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_EnableZeroSuggest_R7_Stable_Control/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group3 pct:10b stable:r7 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --disable-accelerated-video-decode --channel="5584.1.1986000939\906779822" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_EnableZeroSuggest_R7_Stable_Control/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group3 pct:10b stable:r7 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="5584.3.1314190728\1169959252" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_EnableZeroSuggest_R7_Stable_Control/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group3 pct:10b stable:r7 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="5584.4.635957269\1774358208" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_EnableZeroSuggest_R7_Stable_Control/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group3 pct:10b stable:r7 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="5584.5.487647131\1414373492" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5584.6.832600596\1193772356" --ppapi-flash-args --lang=en-US --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_EnableZeroSuggest_R7_Stable_Control/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group3 pct:10b stable:r7 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="5584.7.1645662224\1193919128" /prefetch:673131151
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Cindy\Desktop\malware log.txt
consent.exe 948 532 00000000039568D0
taskhost.exe $(Arg0)
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Cindy\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38F11BDF-6689-0014-9E53-3B17F0DD7428}]
UTUbEroAdBlockker - C:\ProgramData\UTUbEroAdBlockker\C.x64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6125F634-B791-FAD7-37AB-4DD442B996AB}]
50COupoons - C:\ProgramData\50COupoons\H.x64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-02-17 1390368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6A53A30-719A-2682-59DF-10A2FB37B57B}]
JoniCouppone - C:\ProgramData\JoniCouppone\lKLJX_.x64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6125F634-B791-FAD7-37AB-4DD442B996AB}]
50COupoons - C:\ProgramData\50COupoons\H.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-02-17 1143168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-02-17 1390368]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-02-17 1143168]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-08 2122536]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-04-14 10144288]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-04-08 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-04-08 391192]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-04-08 413720]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2010-04-06 3203440]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-09-23 4240760]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Mega Manager"=C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe [2010-11-03 2113024]
"BitComet"=C:\Program Files\BitComet\BitComet.exe /tray []
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14 20584608]
"CINDY-PC"=C:\Users\Cindy\AppData\Roaming\Computer.exe []
"FLV Player"=C:\Users\Cindy\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe []
"Spotify"=C:\Users\Cindy\AppData\Roaming\Spotify\Spotify.exe [2014-01-16 6118400]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"Spotify Web Helper"=C:\Users\Cindy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-01-16 1171968]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-11 39408]
"Copy"=C:\Users\Cindy\AppData\Roaming\Copy\CopyAgent.exe [2014-02-10 15501968]
"uTorrent"=C:\Users\Cindy\AppData\Roaming\uTorrent\uTorrent.exe [2013-11-16 900440]
"SuperAdBlocker"=C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe [2007-08-01 1564672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellComms]
C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe /P DellComms []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"=C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [2009-10-15 498160]
"Dell Webcam Central"=C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2009-06-24 409744]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-30 421888]
"RIMBBLaunchAgent.exe"=C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-02-18 79192]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-09-09 421776]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"adblock pro"=C:\Program Files (x86)\Adblock Pro\abpmain.exe -m []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-03-22 3767608]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe""=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe []
"Launcher"=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [2010-05-21 165184]
"STToasterLauncher"=C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [2010-05-21 122176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~3\FILTEL~1\FILTEL~2.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-04-01 269824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"=C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 77824]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-03-25 21:07:08 ----D---- C:\rsit
2014-03-25 21:07:08 ----D---- C:\Program Files\trend micro
2014-03-25 20:42:14 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-03-25 20:41:30 ----D---- C:\ProgramData\Malwarebytes
2014-03-25 20:41:30 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 20:41:30 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-03-25 20:41:30 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-03-25 20:41:30 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-03-21 14:25:24 ----A---- C:\autoexec.bat
2014-03-21 14:24:44 ----A---- C:\Windows\system32\drivers\EsgScanner.sys
2014-03-21 14:24:34 ----D---- C:\sh4ldr
2014-03-21 14:24:34 ----D---- C:\Program Files\Enigma Software Group
2014-03-21 13:51:14 ----D---- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-21 13:30:48 ----D---- C:\zoek_backup
2014-03-14 15:09:30 ----D---- C:\Windows\F8BA8B13856D4DFBA28F7EC868142453.TMP
2014-03-14 12:36:07 ----D---- C:\AdwCleaner
2014-03-14 12:31:33 ----D---- C:\Program Files (x86)\Anvisoft
======List of files/folders modified in the last 1 month======
2014-03-25 21:07:24 ----D---- C:\Windows\Temp
2014-03-25 21:07:08 ----RD---- C:\Program Files
2014-03-25 21:05:35 ----D---- C:\Windows\Prefetch
2014-03-25 21:05:30 ----D---- C:\Users\Cindy\AppData\Roaming\uTorrent
2014-03-25 21:03:16 ----D---- C:\Users\Cindy\AppData\Roaming\Spotify
2014-03-25 21:01:12 ----D---- C:\Windows\system32\config
2014-03-25 20:59:21 ----D---- C:\Users\Cindy\AppData\Roaming\Skype
2014-03-25 20:59:18 ----D---- C:\Users\Cindy\AppData\Roaming\Copy
2014-03-25 20:57:54 ----D---- C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-25 20:57:37 ----D---- C:\Windows\SysWOW64
2014-03-25 20:57:01 ----A---- C:\Windows\SYSWOW64\log.txt
2014-03-25 20:56:34 ----D---- C:\Windows\system32\drivers
2014-03-25 20:56:34 ----D---- C:\Windows\Logs
2014-03-25 20:55:16 ----D---- C:\ProgramData\DownSave
2014-03-25 20:41:30 ----RD---- C:\Program Files (x86)
2014-03-25 20:41:30 ----HD---- C:\ProgramData
2014-03-25 20:32:00 ----D---- C:\Windows\system32\Tasks
2014-03-25 12:04:21 ----SHD---- C:\System Volume Information
2014-03-25 02:07:37 ----D---- C:\Windows\System32
2014-03-25 02:07:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-24 12:28:10 ----D---- C:\Windows\system32\catroot2
2014-03-21 14:24:52 ----SHD---- C:\Windows\Installer
2014-03-21 13:51:14 ----D---- C:\Windows
2014-03-18 12:21:57 ----D---- C:\Windows\system32\MRT
2014-03-18 12:18:39 ----A---- C:\Windows\system32\MRT.exe
2014-03-14 10:56:43 ----D---- C:\Program Files\Adblock Pro
2014-03-14 10:49:42 ----D---- C:\Program Files\Microsoft Silverlight
2014-03-14 10:49:37 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 10:11:33 ----D---- C:\ProgramData\Microsoft Help
2014-03-11 23:49:30 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-03-09 12:32:55 ----D---- C:\Users\Cindy\AppData\Roaming\Belastingdienst
2014-03-09 03:45:58 ----D---- C:\Windows\system32\NDF
2014-03-02 01:21:04 ----D---- C:\ProgramData\cea2cad3caee4f45
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-02-17 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-02-17 207904]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-04 540696]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2014-02-17 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2014-02-17 1038072]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2014-02-17 421704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2014-02-17 78648]
R3 BCM43XX;DW WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-02-03 3058168]
R3 BcmVWL;Broadcom Virtual Wireless; C:\Windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-04-01 10322848]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-04-14 2345760]
R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-03-05 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-03-25 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-03-05 63192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-07 321584]
S1 SABDIFSV;SABDIFSV; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 5632]
S1 SAB***IL;SAB***IL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAB***IL.sys [2007-02-20 32256]
S3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [2014-02-17 80184]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-01-07 14872]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2011-02-16 74240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-05-07 245792]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [2005-03-21 4096]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-07-09 52736]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-01 151656]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-09-29 41472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-02-17 50344]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2009-10-01 268824]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-03-05 1809720]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-03-05 857912]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 SABSVC;Super Ad Blocker Service; C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE [2005-08-31 65536]
R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-01-09 1025408]
R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 936848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11 257928]
S3 GoToAssist;GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe [2010-09-29 16680]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-16 194032]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1255736]
-----------------EOF-----------------
-
dit is het eerste log:
# AdwCleaner v3.022 - Report created 25/03/2014 at 20:31:58
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Cindy - CINDY-PC
# Running from : C:\Users\Cindy\Downloads\adwcleaner (2).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\boost_interprocess
File Deleted : C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\SpyHunter4Startup
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.17267
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
*************************
AdwCleaner[R0].txt - [20148 octets] - [14/03/2014 12:36:11]
AdwCleaner[R1].txt - [988 octets] - [14/03/2014 15:14:35]
AdwCleaner[R2].txt - [1645 octets] - [21/03/2014 13:39:45]
AdwCleaner[R3].txt - [1542 octets] - [22/03/2014 16:13:06]
AdwCleaner[R4].txt - [1602 octets] - [25/03/2014 20:30:40]
AdwCleaner[s0].txt - [19590 octets] - [14/03/2014 12:40:48]
AdwCleaner[s1].txt - [993 octets] - [14/03/2014 15:15:51]
AdwCleaner[s2].txt - [1478 octets] - [25/03/2014 20:31:58]
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1538 octets] ##########
-
Hai,
Ik heb al een geruimte tijd een of ander virus. Hierdoor verschijnen heel veel dingen in groene lettertjes, openen sommige pagina's niet en komt er in plaats daarvan reclame en op sites waar je iets kan kopen, krijg ik continue balkjes met reclame.
Ik heb al geprobeerd de extension uit te zetten, maar dit kan niet eens. Ik wil er graag van af maar ben zelf nogal een leek wat betreft dit soort dingen.
Kan iemand mij hierbij helpen?
Groetjes Cindy
utuberaddblocker virus
in Archief Bestrijding malware & virussen
Geplaatst:
Hartstikke bedankt voor alle hulp!! Blij dat het nu gefixt is!! Was zonder jou hulp nooit gelukt!