elsebels
-
Items
39 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door elsebels
-
malware of virus?Search Results
elsebels reageerde op elsebels's topic in Archief Bestrijding malware & virussen
Hallo, hier is het volgende logbestand. -
malware of virus?Search Results
elsebels reageerde op elsebels's topic in Archief Bestrijding malware & virussen
dit is het volgende logje Zoek.exe v5.0.0.0 Updated 07-February-2014 Tool run by Els on vr 07/02/2014 at 20:38:00,10. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Els\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 7/02/2014 20:43:46 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Bamboo Dock deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\TomTom DesktopSuite deleted successfully C:\ProgramData\Babylon deleted successfully C:\ProgramData\Computer Updater deleted successfully C:\ProgramData\DriverGenius deleted successfully C:\ProgramData\Oracle deleted successfully C:\Users\Els\AppData\Roaming\Advanced System Protector deleted successfully C:\Users\Els\AppData\Roaming\DGFects deleted successfully C:\Users\Els\AppData\Roaming\Systweak deleted successfully C:\Users\Els\AppData\Roaming\YourFileDownloader deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86a3cdaa-9b25-480e-b73f-c2d359b87966} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{86a3cdaa-9b25-480e-b73f-c2d359b87966} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A057A204-BACC-4D26-8287-79A187E26987} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A057A204-BACC-4D26-8287-79A187E26987} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{691ca8ec-7205-4aa9-bdd6-15493d16f835} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{691ca8ec-7205-4aa9-bdd6-15493d16f835} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Internet Explorer\SearchScopes\{03A06E83-5AB4-4B8E-8E22-181A99666F06} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0A77292D-32D5-456F-82BC-D1F4FFD605E4} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_CLASSES_ROOT\CLSID\{1631550F-191D-4826-B069-D9439253D926} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_CLASSES_ROOT\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_CLASSES_ROOT\CLSID\{86a3cdaa-9b25-480e-b73f-c2d359b87966} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86a3cdaa-9b25-480e-b73f-c2d359b87966} deleted successfully HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-8287-79A187E26987} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987} deleted successfully HKEY_CLASSES_ROOT\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully HKEY_CLASSES_ROOT\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} deleted successfully HKEY_CLASSES_ROOT\CLSID\{691ca8ec-7205-4aa9-bdd6-15493d16f835} deleted successfully HKEY_CLASSES_ROOT\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A057A204-BACC-4D26-8287-79A187E26987} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{691ca8ec-7205-4aa9-bdd6-15493d16f835} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DefaultTabUpdate deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Els\AppData\Roaming\Mozilla\Firefox\Profiles\u1wzl95q.default ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "aa44f455000000000000002243114c55"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15817"); user_pref("extensions.delta.vrsn", "1.8.16.16"); user_pref("extensions.delta.vrsni", "1.8.16.16"); user_pref("extensions.delta.vrsnTs", "1.8.16.1620:25:42"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- FireFox user.js and prefs.js backups ---- user_20140702_2053_.backup prefs_20140702_2053_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NextLive"=- ==== Deleting Files \ Folders ====================== C:\Program Files\PriceGong deleted C:\Users\Els\AppData\Roaming\DefaultTab deleted C:\Program Files\Softonic deleted C:\Program Files\PricePeep deleted C:\Users\Els\AppData\Roaming\newnext.me deleted C:\Program Files\Mobogenie deleted C:\Users\Els\appdata\locallow\Softonic deleted C:\Users\Public\Desktop\WinZip Malware Protector.lnk deleted C:\Program Files\WiseConvert deleted C:\Users\Els\appdata\locallow\WiseConvert deleted C:\ProgramData\EmailNotifier deleted C:\Users\Els\AppData\Local\genienext deleted C:\Users\Els\daemonprocess.txt deleted C:\Users\Els\.android deleted C:\Program Files\GUTDB33.tmp deleted C:\Program Files\GUMDB32.tmp deleted C:\Program Files\Conduit deleted C:\Program Files\Babylon deleted C:\Program Files\Free Offers from Freeze.com deleted C:\Program Files\vmntoolbar deleted C:\Program Files\MyFree Codec deleted C:\extensions deleted C:\Users\Els\AppData\Roaming\Babylon deleted C:\ProgramData\Uniblue\DriverScanner deleted C:\ProgramData\InstallMate deleted C:\ProgramData\Tarma Installer deleted C:\ProgramData\Premium deleted C:\Users\Els\AppData\Local\Systweak deleted C:\Users\Els\AppData\Local\Mobogenie deleted C:\Users\Els\AppData\Local\cache deleted C:\Users\Els\AppData\Local\Conduit deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenSavers deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong deleted C:\Users\Els\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk deleted C:\Users\Els\AppData\LocalLow\store-pp.jbs deleted C:\Users\Els\AppData\LocalLow\searchresultstb deleted C:\Users\Els\AppData\LocalLow\Delta deleted C:\Users\Els\AppData\LocalLow\DataMngr deleted C:\Users\Els\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted C:\Users\Els\AppData\LocalLow\PriceGong deleted C:\Users\Els\AppData\LocalLow\Conduit deleted C:\Windows\system32\tasks\YourFile Update deleted C:\user.js deleted C:\Windows\system32\roboot.exe deleted C:\Windows\System32\AI_RecycleBin deleted C:\Windows\system32\SafeAppRichList.ocx deleted C:\Windows\system32\CUUpdateComponent.ocx deleted C:\Windows\system32\ComputerUpdaterLM.ocx deleted C:\Windows\System32\searchplugins deleted C:\Windows\System32\Extensions deleted C:\Users\Els\Documents\Mobogenie deleted C:\Users\Els\AppData\Roaming\Mozilla\Firefox\Profiles\u1wzl95q.default\searchplugins\babylon.xml deleted C:\Users\Els\AppData\Roaming\Mozilla\Firefox\Profiles\u1wzl95q.default\ilividtoolbargaw deleted "C:\Windows\Installer\1dd03f.msi" deleted "C:\Windows\Installer\1dd03f.msi" deleted "C:\Users\Els\AppData\Roaming\Mozilla\Firefox\Profiles\u1wzl95q.default\searchplugins\delta.xml" deleted "C:\Program Files\WinZip Malware Protector\aspsys.dll" deleted "C:\Program Files\WinZip Malware Protector\Microsoft.Win32.TaskScheduler.DLL" deleted "C:\Program Files\WinZip Malware Protector\System.Data.SQLite.dll" deleted "C:\Program Files\WinZip Malware Protector\unrar.dll" deleted "C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe" deleted "C:\Program Files\WinZip Malware Protector\Xceed.Compression.dll" deleted "C:\Program Files\WinZip Malware Protector\Xceed.FileSystem.dll" deleted "C:\Program Files\WinZip Malware Protector\Xceed.Zip.dll" deleted "C:\Program Files\YourFileDownloader\htmlayout.dll" deleted "C:\Program Files\YourFileDownloader\YourFileUpdater.exe" deleted "C:\Program Files\WinZip Malware Protector" not deleted "C:\Program Files\YourFileDownloader" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Els\AppData\Local\Temp ==== ====== Java Cache ===== 2014-01-18 10:23:17 C9A18C91DBA1F4B1A0341986D84571E7 99 ----a-w- C:\Users\Els\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap 2014-01-18 10:23:18 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Els\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-69a66c53 2014-01-27 09:40:05 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Els\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-59659718 ====== C:\Windows\system32 ===== 2014-01-30 19:28:08 ECC0B4DC8D1B15DA901EBA5F09CA5037 880640 ----a-w- C:\Windows\System32\UniBox10.ocx 2014-01-30 19:28:08 AD0EAC85ABC25B2E3C81C3AD41C10C42 1101824 ----a-w- C:\Windows\System32\UniBox210.ocx 2014-01-30 19:28:08 5D2A12A554889B7378977B229B11130E 212992 ----a-w- C:\Windows\System32\UniBoxVB12.ocx 2014-01-30 19:27:21 41919DDFE4B63E280B9626979660609F 506368 ----a-w- C:\Windows\System32\msxml.dll 2014-01-30 16:17:47 6CB684788C8903F75B06BEDD88C00E8B 16384 ----a-w- C:\Windows\System32\wsusnative32.exe ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== 2014-01-30 16:18:21 96A45FB1DA059F0A68D9A49F50FA6EB0 3100 ----a-w- C:\Windows\system32\Tasks\WinZip Malware Protector_startup ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-02-07 15:10:16 -------- d-----w- C:\Program Files\trend micro 2014-01-30 16:17:47 -------- d-----w- C:\Program Files\WinZip Malware Protector 2014-01-28 20:08:06 -------- d-----w- C:\Program Files\Gmail Notifier ======= C: ===== ====== C:\Users\Els\AppData\Roaming ====== 2014-02-06 16:10:37 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe 2014-01-30 16:17:58 -------- d-----w- C:\Users\Els\AppData\Roaming\Nico Mak Computing 2014-01-09 21:49:07 CFFEAEFCD8A09106684662AEEEECB6A5 132 ----a-w- C:\Users\Els\AppData\Roaming\Adobe GIF Format CS5 Prefs ====== C:\Users\Els ====== 2014-02-07 15:05:40 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Els\Desktop\RSIT.exe 2014-01-30 19:27:36 -------- d---a-w- C:\ProgramData\TEMP 2014-01-30 16:17:48 -------- d-----w- C:\ProgramData\Nico Mak Computing 2014-01-30 16:17:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector 2014-01-28 20:08:55 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\Users\Els\ntuser.pol 2014-01-18 10:21:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ====== C: exe-files == 2014-02-07 15:10:17 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Els.exe 2014-02-07 15:05:40 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Windows.old\Documents and Settings\Els\Desktop\RSIT.exe 2014-02-07 15:05:40 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Els\Desktop\RSIT.exe === C: other files == 2014-02-07 13:17:40 C5D8555A05363EE8A17933523F731209 16150014 ----a-w- C:\Windows.old\ProgramData\Application Data\Nico Mak Computing\WinZip Malware Protector\updates\1671mupdate.zip 2014-02-07 13:17:40 C5D8555A05363EE8A17933523F731209 16150014 ----a-w- C:\Windows.old\Documents and Settings\All Users\Nico Mak Computing\WinZip Malware Protector\updates\1671mupdate.zip 2014-02-07 13:17:40 C5D8555A05363EE8A17933523F731209 16150014 ----a-w- C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1671mupdate.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" "AdobeBridge"="C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe -stealth" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "NortonUtilities"="C:\Program Files\Norton Utilities 14\RMTray.exe /H" [HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1001\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "NBAgent"="C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe /WinStart" "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS5.5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe -launchedbylogin" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "WinampAgent"="C:\Program Files\Winamp\winampa.exe" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" "AdobeBridge"="C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe -stealth" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "NortonUtilities"="C:\Program Files\Norton Utilities 14\RMTray.exe /H" ==== Startup Folders ====================== 2012-12-29 16:52:44 993 ----a-w- C:\Users\Els\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/02/2014 18:47] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25/05/2012 07:52] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25/05/2012 07:52] C:\Windows\tasks\HP Photo Creations Communicator.job --a------ [undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-PC_van_Els-Els" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\Els" [C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe] "C:\Windows\system32\tasks\Els2" [C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe] "C:\Windows\system32\tasks\HPCustParticipation HP Photosmart 6510 series" ["C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe"] "C:\Windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe"] "C:\Windows\system32\tasks\User_Feed_Synchronization-{55836891-6FC8-45E3-BBA6-268238087060}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\WinZip Malware Protector_startup" [C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe] "C:\Windows\system32\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn" [07/02/2014 14:17] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}"="C:\Program Files\PriceGong\2.6.4\FF" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Els\AppData\Roaming\Mozilla\Firefox\Profiles\u1wzl95q.default - Exif Viewer - %ProfilePath%\extensions\exif_viewer@mozilla.doslash.org.xpi - Exif Quick Viewer Add-on for Firefox - %ProfilePath%\extensions\{5EB499FF-8030-4548-A7BA-B8656579E007}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Els\AppData\Roaming\Mozilla\Firefox\Profiles\u1wzl95q.default 86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 3220B1254AEF7A191187EC03F51B3D61 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat B2576571746839180833E048AC2CCA5C - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat C7794A997CEC29173A4401F3AE16C51F - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin D7EFF0B98C370E03D7E2593399D9B669 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision 75A1232EAC640B782CDD2132B5271AA8 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U51 F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect 9CB55B7CF03EE55E2E77AD5A8827148F - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer 2DB60449763CC2079588D2394AB32CA4 - C:\Program Files\TabletPlugins\npwacom.dll - Wacom Dynamic Link Library AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bkomkajifikmkfnjgphkjcfeepbnojok - C:\Program Files\PriceGong\2.6.4\pricegong.crx[] licjnkifamhpbaefhdpacpmihicfbomb - C:\Program Files\PricePeep\pricepeep.crx[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx[30/01/2014 18:24] Google Docs - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf PriceGong - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok YouTube - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf PricePeep - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb Norton Identity Protection - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully C:\Users\Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Search" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{afdbddaa-5d3f-42ee-b79c-185a7020515b}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" {DE30E4A9-7E5C-4707-9563-DBADE277B3B0} Google custom search Url="Zoeken?}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3575866603-3116684763-1735328397-1000\Software\Mozilla\Firefox\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E75EF330-CE64-201E-BEDD-5147DC2A9529} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Softonic deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\1458555922.portal.qtrax.com deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193 deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Els\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Els\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Els\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=760 folders=203 121144841 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\Els\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Els\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Els\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files\WinZip Malware Protector" not found ==== EOF on vr 07/02/2014 at 21:05:22,27 ====================== -
malware of virus?Search Results
elsebels reageerde op elsebels's topic in Archief Bestrijding malware & virussen
Hallo, hier is het nodige log van RSIT Logfile of random's system information tool 1.09 (written by random/random) Run by Els at 2014-02-07 16:10:15 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 652 GB (71%) free of 923 GB Total RAM: 3325 MB (49% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:10:24, on 7/02/2014 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16526) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Windows\system32\taskeng.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\taskeng.exe C:\Program Files\Samsung\Kies\Kies.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe C:\Program Files\YourFileDownloader\YourFileUpdater.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Users\Els\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Norton Utilities 14\nu.exe C:\Program Files\Hewlett-Packard\SmartPrint\bootstrap.exe C:\Users\Els\Desktop\RSIT.exe C:\Program Files\trend micro\Els.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll O1 - Hosts: ::1 localhost O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll O2 - BHO: QpBHO Class - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Els\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll O2 - BHO: QueblesEngine.QueblesHelper - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing) O2 - BHO: VMN Toolbar Astro Gemini - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll O2 - BHO: WiseConvert - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll O3 - Toolbar: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll O3 - Toolbar: Quebles Toolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing) O3 - Toolbar: VMN Toolbar Astro Gemini - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [NextLive] C:\Windows\system32\rundll32.exe "C:\Users\Els\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe /H O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3575866603-3116684763-1735328397-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O4 - Startup: Dropbox.lnk = Els\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Els\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe (file missing) O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Quebles Updater - Techno Design IP - C:\Program Files\Techno Design IP\Quebles Toolbar\QueblesAutoUpdate.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- End of file - 12305 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\HP Photo Creations Communicator.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] Shopping Assistant Plugin - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll [2012-03-18 413568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1658D3A1-9E13-4196-A82A-D70D70880F36}] HP Smart Print BHO - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll [2012-10-31 644000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Norton Identity Protection - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-30 509776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Norton Vulnerability Protection - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL [2012-08-10 387040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL [2013-03-09 4171464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-18 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}] DefaultTab Browser Helper - C:\Users\Els\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [2014-01-28 462968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86a3cdaa-9b25-480e-b73f-c2d359b87966}] QueblesEngine.QueblesHelper - C:\Windows\system32\mscoree.dll [2009-11-08 297808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}] VMN Toolbar Astro Gemini - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2009-04-15 1950656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-15 194128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-18 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}] Softonic Helper Object - C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll [2012-08-02 248936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}] WiseConvert Toolbar - C:\Program Files\WiseConvert\prxtbWise.dll [2011-05-09 176936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] PricePeep - C:\Program Files\PricePeep\pricepeep.dll [2012-10-24 497008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - WiseConvert Toolbar - C:\Program Files\WiseConvert\prxtbWise.dll [2011-05-09 176936] {691ca8ec-7205-4aa9-bdd6-15493d16f835} - Quebles Toolbar - C:\Windows\system32\mscoree.dll [2009-11-08 297808] {A057A204-BACC-4D26-8287-79A187E26987} - VMN Toolbar Astro Gemini - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2009-04-15 1950656] {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - Softonic Toolbar - C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll [2012-08-02 274536] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-30 509776] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-15 194128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712] "NBAgent"=C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2009-09-01 1086760] "AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904] "SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] "AdobeCS5.5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360] "BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2012-03-27 10967656] "NPSStartup"= [] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-05-10 49208] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2012-06-28 74752] "KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-07-26 311152] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-05-25 39408] "AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576] "AdobeBridge"=C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe [2011-03-02 12008296] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2013-07-26 1564016] ""=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-07-26 844656] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2013-07-02 248208] "OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2013-04-22 720064] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "NextLive"=C:\Users\Els\AppData\Roaming\newnext.me\nengine.dll [2013-11-14 1283584] "NortonUtilities"=C:\Program Files\Norton Utilities 14\RMTray.exe [2009-09-14 279912] C:\Users\Els\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\Els\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL [2013-03-09 4171464] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 "EnableLinkedConnections"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "vidc.ptev"=PteVideo.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-02-07 16:10:16 ----D---- C:\Program Files\trend micro 2014-02-07 16:10:15 ----D---- C:\rsit 2014-01-30 20:39:30 ----D---- C:\Users\Els\AppData\Roaming\Norton Utilities 14 2014-01-30 20:27:57 ----D---- C:\ProgramData\Norton Installer 2014-01-30 20:27:36 ----AD---- C:\ProgramData\TEMP 2014-01-30 20:27:21 ----A---- C:\Windows\system32\msxml.dll 2014-01-30 20:27:20 ----D---- C:\Program Files\Norton Utilities 14 2014-01-30 17:17:58 ----D---- C:\Users\Els\AppData\Roaming\Nico Mak Computing 2014-01-30 17:17:48 ----D---- C:\ProgramData\Nico Mak Computing 2014-01-30 17:17:47 ----D---- C:\Program Files\WinZip Malware Protector 2014-01-30 17:17:47 ----A---- C:\Windows\system32\wsusnative32.exe 2014-01-29 19:24:27 ----D---- C:\Windows\Migration 2014-01-28 21:08:51 ----D---- C:\Users\Els\AppData\Roaming\defaulttab 2014-01-28 21:08:50 ----D---- C:\Users\Els\AppData\Roaming\newnext.me 2014-01-28 21:08:11 ----D---- C:\Program Files\Mobogenie 2014-01-28 21:08:06 ----D---- C:\Program Files\Gmail Notifier 2014-01-18 11:23:14 ----D---- C:\Windows\Sun 2014-01-18 11:23:00 ----D---- C:\ProgramData\Oracle 2014-01-18 11:22:05 ----A---- C:\Windows\system32\javaws.exe 2014-01-18 11:21:28 ----A---- C:\Windows\system32\WindowsAccessBridge.dll 2014-01-18 11:21:28 ----A---- C:\Windows\system32\javaw.exe 2014-01-18 11:21:28 ----A---- C:\Windows\system32\java.exe ======List of files/folders modified in the last 1 month====== 2014-02-07 16:10:16 ----RD---- C:\Program Files 2014-02-07 16:10:16 ----D---- C:\Windows\Temp 2014-02-07 16:10:05 ----D---- C:\Windows\Prefetch 2014-02-07 14:20:07 ----D---- C:\Windows\System32 2014-02-07 14:20:07 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-02-07 14:20:06 ----D---- C:\Windows\inf 2014-02-07 14:18:55 ----D---- C:\Users\Els\AppData\Roaming\Dropbox 2014-02-07 14:17:39 ----D---- C:\Windows\system32\Tasks 2014-02-07 14:17:27 ----SHD---- C:\System Volume Information 2014-02-07 14:14:00 ----D---- C:\ProgramData\NVIDIA 2014-02-06 18:47:07 ----A---- C:\Windows\system32\FlashPlayerApp.exe 2014-02-06 18:31:07 ----SHD---- C:\Windows\Installer 2014-02-06 18:31:07 ----HD---- C:\Config.Msi 2014-02-06 18:31:07 ----D---- C:\Windows\system32\drivers 2014-02-06 18:30:46 ----HD---- C:\ProgramData 2014-02-06 17:26:41 ----RD---- C:\Users 2014-01-30 20:45:03 ----D---- C:\Windows 2014-01-30 20:38:05 ----SD---- C:\Windows\Downloaded Program Files 2014-01-30 20:37:43 ----SD---- C:\Users\Els\AppData\Roaming\Microsoft 2014-01-30 16:12:11 ----D---- C:\Windows\Microsoft.NET 2014-01-29 20:06:40 ----D---- C:\Users\Els\AppData\Roaming\Winamp 2014-01-29 20:06:29 ----D---- C:\Windows\Debug 2014-01-29 19:24:47 ----D---- C:\Windows\system32\en-US 2014-01-29 19:24:27 ----SD---- C:\ProgramData\Microsoft 2014-01-29 19:12:44 ----D---- C:\Windows\system32\wbem 2014-01-29 19:11:47 ----D---- C:\Windows\Tasks 2014-01-29 19:11:47 ----D---- C:\Windows\system32\spool 2014-01-29 19:11:47 ----D---- C:\Windows\system32\catroot2 2014-01-29 19:11:46 ----D---- C:\Windows\registration 2014-01-28 21:08:54 ----HD---- C:\Windows\system32\GroupPolicy 2014-01-18 11:22:15 ----D---- C:\Program Files\Common Files\Java 2014-01-15 19:36:08 ----D---- C:\Windows\system32\MRT 2014-01-15 19:34:01 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248] R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NIS\1404000.028\SYMDS.SYS [2013-05-20 367704] R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1404000.028\SYMEFA.SYS [2013-05-22 934488] R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [2013-12-18 1098968] R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [2013-04-15 134744] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2013-11-21 376920] R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140206.001\IDSvix86.sys [2014-01-23 394456] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [2013-03-04 32344] R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [2012-07-27 175264] R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\system32\drivers\NIS\1404000.028\SYMTDIV.SYS [2013-04-24 352344] R3 e1express;Stuurprogramma voor Intel® PRO/1000 PCI Express-netwerkverbinding; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 108120] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-06-14 36608] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2012-03-27 3204200] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140206.024\NAVENG.SYS [2013-12-09 93272] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140206.024\NAVEX15.SYS [2013-12-09 1612376] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2013-02-25 8939296] R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\system32\drivers\NIS\1404000.028\SRTSP.SYS [2013-05-15 603224] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2013-10-03 142496] R3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-11 16240] R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2010-10-11 11312] R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2010-10-11 14120] R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-06-21 84248] S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848] S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-06-21 181912] S3 USBCCID;USB-smartcardlezer; C:\Windows\system32\DRIVERS\usbccid.sys [2009-04-11 30208] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432] R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-07-04 238952] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-06-18 935208] R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-05-20 144368] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 639776] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2009-09-01 87344] R2 Quebles Updater;Quebles Updater; C:\Program Files\Techno Design IP\Quebles Toolbar\QueblesAutoUpdate.exe [2012-08-16 23232] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] R2 TabletServicePen;TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 4869488] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2013-07-02 93072] R2 TouchServicePen;Wacom Consumer Touch Service; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 416112] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 DefaultTabUpdate;DefaultTabUpdate; C:\Users\Els\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe [] S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-25 136176] S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-25 1260320] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06 257928] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-25 136176] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-28 194032] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-03-09 30798512] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168] S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] -----------------EOF----------------- -
malware of virus?Search Results
elsebels plaatste een topic in Archief Bestrijding malware & virussen
Hallo,ik heb onlangs iets gedownload en er is 'iets' meegekomen onder de naam :'search results'.Het is blijkbaar een zoekmachine die mijn computer helemaal verstoort en ik krijg het niet weg.Google doet het bijna niet meer en ook de internet explorer valt steeds weg.Ik heb al een herstel gedaan,er staat ook een Norton virusscanner op m'n PC,maar niets helpt.Ik heb VISTA en kan iemand mij zeggen wat ik moet doen of is het noodzakelijk om naar een expert te gaan.?? els -
Hallo,ik gebruik regelmatig Windows Fotogalerie van Vista.Ook wil ik foto's opslaan in een PSDbestand van Photoshop.Deze zijn in de galerie niet zichtbaar.Een poos geleden kwam er een melding dat ik deze bestanden toch zichtbaar zou kunnen maken en daarvoor moest ik op het internet het juiste programma zoeken....Weet iemand hoe ik dat voor mekaar krijg?
-
piratebay
-
de film stond in AVI bestand en de DVD speler kan deze afspelen.Heb Nero Burning Rom gebruikt,maar de vraag is eigenlijk:hoe moet ik zo'n schijfje 'afsluiten' of 'finaliseren'?
-
Het is een film in AVI bestand en ik heb nero 9 gebruikt. de functie ......??
-
Ik heb iets op DVD gebrand en kan dit prima afspelen op de computer.Nu wil ik dit graag op de TV afspelen,maar dit lukt niet.In de handleiding van de DVDspeler staat dat men de schijfjes eerst moet 'finaliseren'.Anders lukt het afspelen niet.Kan er iemand zeggen wat dit betekent en hoe ik dit moet doen.Ik heb Windows 7.
-
ondertussen werkt alles weer en ik weet niet hoe het komt want ik heb niks speciaals gedaan.Toch bedankt voor de reactie.
-
Ja.De verwisselbare schijven F t.e.m. I zijn zichtbaar.Ik dacht echter dat er voorheen een paar meer waren.
-
Hallo, ik heb geprobeerd om de foto's die op een compact flash kaart staan over te brengen naar de computer.Dit is al enkele keren gelukt door de kaart in de computer te steken.Hij herkent de kaart en vraagt wat er verder moet gebeuren.Ook wordt er vermelding gemaakt in "deze computer" dat de kaart aanwezig is.Nu ,echter,gebeurt er niks meer.Er gaat geen lichtje branden van de kaartlezer,er wordt niks geopend,niks! Met een externe kaartlezer gaat het wel.?!Weet iemand hoe dit komt?
-
bedankt voor de snelle reactie. openen met... staat niet in het lijstje. ???
-
Hallo,ik heb net Google Chroome verwijderd met het gevolg dat mijn snelkoppelingen niet meer werkten.Ondertussen is dit opgelost dankzij jullie,maar nu krijg ik steeds bij een nieuwe snelkoppeling een zelfde standaard pictogram: een wit bladje met gekleurde vierkantjes in.Ik had graag de originele pictogrammen van de desbetreffende programma's terug. Iemand een helplijntje?
