HiJack logje

[Gast kieken10]

Wil er iemand dit nakijken ter onderhoud aub HiJack logje

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:58:24, on 17/02/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16464)

Boot mode: Normal

Running processes:

C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2013\WebProxy.exe

C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files (x86)\PopTray\PopTray.exe

C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

C:\Program Files (x86)\XFastUsb\XFastUsb.exe

C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\ApVxdWin.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavBckPT.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Gebruiker\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=50c2848b-1ea7-492c-95df-3bcfb1ffad86&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=50c2848b-1ea7-492c-95df-3bcfb1ffad86&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=50c2848b-1ea7-492c-95df-3bcfb1ffad86&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=50c2848b-1ea7-492c-95df-3bcfb1ffad86&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [XFastUsb] "C:\Program Files (x86)\XFastUsb\XFastUsb.exe"

O4 - HKLM\..\Run: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"

O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\Inicio.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

O4 - HKCU\..\RunOnce: [LastApplyCpuRatio] 16

O4 - HKCU\..\RunOnce: [ASRXTURUNNING] 0

O4 - Startup: PopTray.lnk = C:\Program Files (x86)\PopTray\PopTray.exe

O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files (x86)\panda security\panda internet security 2013\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 11094 bytes

Mvg

[juisterr]

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  

   
  startupall; 
  filesrcm; 
  

  
  

• Vink nu de onderstaande opties aan.
  
  • 
    
  • Standard Search
    
  • Auto Clean
    
  • Empty All Temp
    
  • Firefox Look
    
  • Chrome Look
    
  • Firefox Defaults
    
  • IE Defaults
    
  • Reset Chrome
    
  • 
    
  • 
    

  [*] Klik nu op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

[Gast kieken10]

Nieuwe log, maar nu ben ik mijn google startpagina kwijt

Zoek.exe Version 4.0.0.1 Updated 16-02-2013

Tool run by Gebruiker on zo 17/02/2013 at 16:33:34,20.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe

C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2013\WebProxy.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files (x86)\PopTray\PopTray.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrls.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe

C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\AVENGINE.EXE

c:\program files (x86)\panda security\panda internet security 2013\firewall\PSHOST.EXE

C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe

C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

C:\Program Files (x86)\XFastUsb\XFastUsb.exe

C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\SRVLOAD.EXE

C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavBckPT.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Gebruiker\Desktop\HijackThis.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\Desktop\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

==== FireFox Fix ======================

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\Conduit" deleted

"C:\Users\Gebruiker\AppData\Roaming\Babylon" deleted

"C:\Users\Gebruiker\AppData\Roaming\YourFileDownloader" deleted

"C:\Users\Gebruiker\AppData\Roaming\OpenCandy" deleted

"C:\Users\Gebruiker\AppData\Roaming\Media Finder" deleted

"C:\ProgramData\InstallMate" deleted

"C:\ProgramData\Tarma Installer" deleted

"C:\ProgramData\Premium" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder" deleted

"C:\Users\Gebruiker\AppData\Local\CRE" deleted

"C:\Users\Gebruiker\AppData\Local\Conduit" deleted

"C:\Users\Gebruiker\AppData\LocalLow\Conduit" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Internet Explorer: 9.0.8112.16421

Memory (RAM): 8175 MB

CPU Info: Intel® Core i5-2550K CPU @ 3.40GHz

CPU Speed: 3466,8 MHz

Sound Card: Luidsprekers (Realtek High Defi |

Realtek Digital Output (Realtek |

Display Adapters: AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Algemeen PnP-beeldscherm |

Screen Resolution: 1024 X 768 - 32 bit

Network: Network Present

Network Adapters: Realtek PCIe GBE Family Controller

CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW SH-222BB

Ports: COM1 LPT Port NOT Present.

Mouse: 8 Button Wheel Mouse Present

Hard Disks: C: 55,8GB | E: 465,8GB | G: 100,0MB

Hard Disks - Free: C: 18,3GB | E: 213,3GB | G: 70,4MB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 12/01/11 | ALASKA - 1072009

Time Zone: Romance (standaardtijd)

Motherboard *: ASRock Z68 Pro3 Gen3

Sun Java version: 1.7.0_13

Country: Belgi‰

Language: NLB

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\GEBRUI~1\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

2013-02-13 14:07:28 EED68558AAA106535E7290C9A8E0D5A3 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2013-02-13 14:07:28 A9919376933F7E43F93E5DA1FFBEFC9F 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2013-02-13 14:07:27 F8D269134EEC097B7E47C818AF4862A7 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll

2013-02-13 14:07:27 CDBFCB9A88E130F1138F80B01C56B680 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2013-02-13 14:07:26 BE157C3800DA3010EFC48280ECF81C16 1103872 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-02-13 14:07:26 9352AF851D98380738161620C916A042 231936 ----a-w- C:\Windows\SysWOW64\url.dll

2013-02-13 14:07:26 6E14642F79C2510626BA399F9BCC4DE6 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2013-02-13 14:07:26 470D8189D7FE9928FFFECBF55AAA3233 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2013-02-13 14:07:25 CBC39CAD3421AB71966BDD98ABF847E0 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-02-13 14:07:25 B49B56B64F57699A1A663D2CF7D0A56F 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-02-13 14:07:24 C079169E6A07FC4412475C02969EB9CE 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-02-13 14:07:24 8843B6A1B8E102841B2DFF02805C5CEC 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-02-13 14:07:23 D171EAA745A2C0C583CDDA13D9088EE4 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-02-13 14:07:23 39511E05F37F0BEF8FA3B85386800BB9 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2013-02-13 14:07:22 C97434C851C4821BD92D2831FDF1ECBE 12321280 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-02-13 14:07:18 0E816EA3C5DCE94C95099E8B38E75E67 9738240 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2013-02-13 11:32:22 82FF919E9236B0137B5C7455B0E1418A 3913064 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2013-02-13 11:32:22 660100CB90F344040EF57F52FC0681C3 3967848 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2013-02-13 11:32:17 E7A4DE9232E097829F62755BC0ABE0F2 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe

2013-02-13 11:32:17 990702DB35E3698AFB298D8743DACF53 2048 ----a-w- C:\Windows\SysWOW64\user.exe

2013-02-13 11:32:17 79FCCC6662CA3DB6E6D2F1FCF3060FB5 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll

2013-02-13 11:32:17 61386FEAEFAD1AF971578602130A22B6 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll

2013-02-13 11:32:17 4F0C624E8E2BE4A8DB0820337B15395D 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe

2013-02-07 12:34:01 6280A479148CAEAD59E17A0CC3789161 697712 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-02-07 12:34:01 3E5633C0E3B4FE04E6EBFFA597227617 74096 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-02-06 19:40:16 79D15C3C4C03674FB88A95D8AFD470FE 273408 ----a-w- C:\Windows\SysWOW64\Pncrt.dll

2013-02-06 19:40:15 CB4CC3D4EA7C94A35F1D81C3D750BC8D 626688 ----a-w- C:\Windows\SysWOW64\vp7vfw.dll

2013-02-06 19:40:15 6D22E6E5F03CDA4EEBED1E68CCAA1695 1184984 ----a-w- C:\Windows\SysWOW64\wvc1dmod.dll

2013-02-03 17:20:52 F78A65AADC6590943371DC606D1746A6 95648 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

====== C:\Windows\SysWOW64\drivers =====

2013-01-30 14:18:08 B979979AB8027F7F53FB16EC4229B7DB 25244 ----a-w- C:\Windows\SysWOW64\drivers\ASPI32.SYS

====== C:\Windows\Sysnative =====

2013-02-13 14:07:28 C126E94D887482CC3EB84180D4DFE84B 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2013-02-13 14:07:28 318551170D0A525969769B224FD07EA7 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2013-02-13 14:07:27 9907747D39B37958180B4BCD756D3C47 248320 ----a-w- C:\Windows\Sysnative\ieui.dll

2013-02-13 14:07:26 FC94371FCE85F391F976F2BB560367CF 237056 ----a-w- C:\Windows\Sysnative\url.dll

2013-02-13 14:07:26 D43FF47399D0972B3D514378EC914272 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe

2013-02-13 14:07:26 87BEA2616EFDEC6A1CB3BFCFB09D816A 1346048 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-02-13 14:07:25 F3500B8809AC8642AF9C51B80B1C946C 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-02-13 14:07:25 91C25CA815433AA0672F7D722C3BF796 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-02-13 14:07:25 5A4BC13F8C53017C9147B448870562CD 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2013-02-13 14:07:24 47C1C7D580E39CB1401FD9209CD413BC 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2013-02-13 14:07:24 435E9C764E1EF70058580996452BE6A2 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-02-13 14:07:23 F431C3C86FCCC1C53814F043A6CAD825 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-02-13 14:07:23 C2E1CA7848D834ADD708BB79FA05B6D2 816640 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-02-13 14:07:23 BD69A0116B11A91761AB30A25DCB4C9D 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll

2013-02-13 14:07:19 35126DDDE8241C4C4A5F15F6CDDF4434 10925568 ----a-w- C:\Windows\Sysnative\ieframe.dll

2013-02-13 14:07:19 14DEB733ACB08A71CC0783ED02FF1F8D 17812992 ----a-w- C:\Windows\Sysnative\mshtml.dll

2013-02-13 11:32:23 6B0D9CF92C08D42533C12FC1A0B5403F 5553512 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe

2013-02-13 11:32:18 59E21156113E438D1D91AF4FC0C3B19F 3153408 ----a-w- C:\Windows\Sysnative\win32k.sys

2013-02-13 11:32:18 0C27239FEA4DB8A2AAC9E502186B7264 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll

====== C:\Windows\Sysnative\drivers =====

2013-02-13 11:32:15 B62A953F2BF3922C8764A29C34A22899 1913192 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys

2013-02-13 11:32:15 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS

====== C:\Windows\Tasks ======

2013-02-07 12:34:03 1332FBE9C433BEF405947109B5E01F2C 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\Program Files (x86) =====

2013-02-14 14:56:00 -------- d-----w- C:\Program Files (x86)\SlySoft

2013-02-06 19:40:10 -------- d-----w- C:\Program Files (x86)\VSO

2013-01-30 16:22:02 -------- d-----w- C:\Program Files (x86)\Freemake

2013-01-19 16:57:10 -------- d-----w- C:\Program Files (x86)\MP3Gain

2013-01-18 19:21:50 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-01-18 19:21:43 -------- d-----w- C:\Program Files (x86)\AMD APP

======= C: =====

====== C:\Users\Gebruiker\AppData\Roaming ======

2013-01-28 16:18:55 16E53BFC96CE14021C0E07EB1C198478 99384 ----a-w- C:\users\Gebruiker\AppData\Roaming\inst.exe

2013-01-28 12:14:29 -------- d-----w- C:\users\Gebruiker\AppData\Roaming\ImTOO

2013-01-27 21:12:01 -------- d-----w- C:\users\Gebruiker\AppData\Roaming\dvdcss

2013-01-23 14:41:53 -------- d-----w- C:\users\Gebruiker\AppData\Roaming\TuneUp Software

====== C:\Users\Gebruiker ======

2013-02-14 14:56:00 -------- d-----w- C:\ProgramData\SlySoft

2013-02-06 17:42:11 -------- d-----w- C:\ProgramData\VSO

2013-01-30 16:48:24 -------- d-----w- C:\ProgramData\Freemake

2013-01-30 13:28:41 F9908F8944B67396DC79D6EC0D619051 81 --sh--w- C:\ProgramData\.zreglib

2013-01-25 08:38:00 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Gebruiker\ntuser.ini

2013-01-23 14:41:46 -------- d-----w- C:\ProgramData\TuneUp Software

2013-01-23 14:41:45 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2013-01-23 14:41:45 -------- d--h--w- C:\ProgramData\Common Files

2013-01-18 19:22:01 -------- d-----w- C:\ProgramData\ATI

====== C: exe-files ==

2013-02-16 12:20:41 FC30D9530AD5C8581482908FEEBF1FEF 30753024 ----a-w- C:\Users\Gebruiker\Desktop\SkypeSetupFull.exe

2013-02-13 14:07:26 D43FF47399D0972B3D514378EC914272 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-13 14:07:26 6E14642F79C2510626BA399F9BCC4DE6 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2013-02-13 14:07:26 698EB1E5F8C66344D97C00B5699E871D 757280 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2013-02-13 14:07:26 0100BCF23941C83462E4A70F94C3392E 763424 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-02-13 11:32:23 6B0D9CF92C08D42533C12FC1A0B5403F 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 11:32:22 82FF919E9236B0137B5C7455B0E1418A 3913064 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2013-02-13 11:32:22 660100CB90F344040EF57F52FC0681C3 3967848 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2013-02-13 11:32:17 E7A4DE9232E097829F62755BC0ABE0F2 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe

2013-02-13 11:32:17 990702DB35E3698AFB298D8743DACF53 2048 ----a-w- C:\Windows\SysWOW64\user.exe

2013-02-13 11:32:17 4F0C624E8E2BE4A8DB0820337B15395D 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe

=== C: other files ==

2013-02-17 15:32:40 97A1B4815B437CADA974A6AAD96BF0D0 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3843751949-1623791028-3433357071-1000\$ILVRMMJ.zip

2013-02-17 15:32:10 3E00F52A6231EB8027C527CFCD3F4738 1257481 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3843751949-1623791028-3433357071-1000\$RLVRMMJ.zip

2013-02-14 14:56:04 1AD9FED4C34F74E2E32017312B57D5DD 130680 ----a-w- C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp.dll

2013-02-13 14:09:04 E763D28DB5DC62EB38527B6F68926A68 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 14:09:04 E74C018279BB3FB2596AA4CEEA97EC0C 768000 ----a-w- C:\Program Files (x86)\Common Files\microsoft shared\VGX\VGX.dll

2013-02-13 14:07:28 A9919376933F7E43F93E5DA1FFBEFC9F 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2013-02-13 14:07:28 318551170D0A525969769B224FD07EA7 96768 ----a-w- C:\Windows\System32\mshtmled.dll

2013-02-13 14:07:27 F8D269134EEC097B7E47C818AF4862A7 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll

2013-02-13 14:07:27 F7BC1D90C3A976A5259BD1A5D7D43038 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll

2013-02-13 14:07:27 ED17AE04E19B5C779703EA35B2F607C0 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2013-02-13 14:07:27 CDBFCB9A88E130F1138F80B01C56B680 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2013-02-13 14:07:27 9907747D39B37958180B4BCD756D3C47 248320 ----a-w- C:\Windows\System32\ieui.dll

2013-02-13 14:07:27 76497D5AF6F682371DD1D5E18F37352F 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2013-02-13 14:07:27 0F4871B3BF0E48664A24D2717F2117A0 149528 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2013-02-13 14:07:26 FC94371FCE85F391F976F2BB560367CF 237056 ----a-w- C:\Windows\System32\url.dll

2013-02-13 14:07:26 BE157C3800DA3010EFC48280ECF81C16 1103872 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-02-13 14:07:26 9352AF851D98380738161620C916A042 231936 ----a-w- C:\Windows\SysWOW64\url.dll

2013-02-13 14:07:26 87BEA2616EFDEC6A1CB3BFCFB09D816A 1346048 ----a-w- C:\Windows\System32\urlmon.dll

2013-02-13 14:07:25 F3500B8809AC8642AF9C51B80B1C946C 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-13 14:07:25 CBC39CAD3421AB71966BDD98ABF847E0 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-02-13 14:07:25 B49B56B64F57699A1A663D2CF7D0A56F 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-02-13 14:07:25 91C25CA815433AA0672F7D722C3BF796 729088 ----a-w- C:\Windows\System32\msfeeds.dll

2013-02-13 14:07:25 7F73235D527DCF16C38578CD1CD9F7A8 194560 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll

2013-02-13 14:07:25 66E4246FEF8C364611F9782AA0809F42 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll

2013-02-13 14:07:24 C079169E6A07FC4412475C02969EB9CE 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-02-13 14:07:24 8843B6A1B8E102841B2DFF02805C5CEC 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-02-13 14:07:24 47C1C7D580E39CB1401FD9209CD413BC 85504 ----a-w- C:\Windows\System32\jsproxy.dll

2013-02-13 14:07:24 435E9C764E1EF70058580996452BE6A2 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-13 14:07:23 F431C3C86FCCC1C53814F043A6CAD825 2147840 ----a-w- C:\Windows\System32\iertutil.dll

2013-02-13 14:07:23 D2C4AFF19FFF1E218DC8ACA177244449 86528 ----a-w- C:\Windows\System32\migration\WininetPlugin.dll

2013-02-13 14:07:23 D171EAA745A2C0C583CDDA13D9088EE4 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-02-13 14:07:23 C2E1CA7848D834ADD708BB79FA05B6D2 816640 ----a-w- C:\Windows\System32\jscript.dll

2013-02-13 14:07:23 BD69A0116B11A91761AB30A25DCB4C9D 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-13 14:07:23 39511E05F37F0BEF8FA3B85386800BB9 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2013-02-13 14:07:23 2E22305A88AD0F37434C896F5A4746F8 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll

2013-02-13 14:07:23 23AA73F4024DE78ED5A2F5F0BEB5388F 66048 ----a-w- C:\Windows\SysWOW64\migration\WininetPlugin.dll

2013-02-13 14:07:22 EE53ACBBE021BD598230E0FDA8313CB7 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2013-02-13 14:07:22 C97434C851C4821BD92D2831FDF1ECBE 12321280 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-02-13 14:07:22 C2AD78FF88FEC9663B0227A72E65F0C3 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2013-02-13 14:07:22 9B70C6CF83DBF5C56E82B7C30F1E300F 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll

2013-02-13 14:07:19 35126DDDE8241C4C4A5F15F6CDDF4434 10925568 ----a-w- C:\Windows\System32\ieframe.dll

2013-02-13 14:07:19 14DEB733ACB08A71CC0783ED02FF1F8D 17812992 ----a-w- C:\Windows\System32\mshtml.dll

2013-02-13 14:07:18 0E816EA3C5DCE94C95099E8B38E75E67 9738240 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2013-02-13 11:32:18 59E21156113E438D1D91AF4FC0C3B19F 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 11:32:18 0C27239FEA4DB8A2AAC9E502186B7264 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 11:32:17 BFC68382466436FAE8B7A27966FB98CB 44032 ----a-w- C:\Windows\AppPatch\acwow64.dll

2013-02-13 11:32:17 79FCCC6662CA3DB6E6D2F1FCF3060FB5 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll

2013-02-13 11:32:17 61386FEAEFAD1AF971578602130A22B6 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll

2013-02-13 11:32:15 B62A953F2BF3922C8764A29C34A22899 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-13 11:32:15 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 09:52:55 7114070D9BDA5901B692D896A001EC95 12638576 ----a-w- C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3843751949-1623791028-3433357071-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

[HKEY_USERS\S-1-5-21-3843751949-1623791028-3433357071-1000\Software\Microsoft\Windows\CurrentVersion\runonce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"

"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun"

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

"THX TruStudio NB Settings"="C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe /r"

"UpdReg"="C:\Windows\UpdReg.EXE"

"XFastUsb"="C:\Program Files (x86)\XFastUsb\XFastUsb.exe"

"STCAgent"="C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"

"ZyngaGamesAgent"="C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

"APVXDWIN"="C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\APVXDWIN.EXE /s"

"SCANINICIO"="C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\Inicio.exe"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"THXCfg64"="C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64"

==== Startup Folders ======================

2012-06-08 15:32:38 1031 ----a-w- C:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopTray.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08/02/2013 15:22]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3843751949-1623791028-3433357071-1000Core.job --a------ C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [14/05/2012 15:36]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3843751949-1623791028-3433357071-1000UA.job --a------ C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [14/05/2012 15:36]

C:\Windows\tasks\NeroLiveEpgUpdate-Gebruiker-PC_Gebruiker.job --a------ C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe [18/09/2008 12:51]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

aabcpocfpkbpakeakaehogbolekfkbpb - C:\ProgramData\wxDfast\aabcpocfpkbpakeakaehogbolekfkbpb.crx[]

cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Gebruiker\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]

dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\Gebruiker\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[]

jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[11/09/2012 09:45]

lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\Gebruiker\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Gebruiker\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]

Fast Search new tab page - Gebruiker - Default\Extensions\amkfhbbllcfakljkbecikndmkehmklap

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

"Search Page"="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=50c2848b-1ea7-492c-95df-3bcfb1ffad86&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}"

"Search Bar"="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=50c2848b-1ea7-492c-95df-3bcfb1ffad86&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}"

"Use Search Asst"="yes"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=50c2848b-1ea7-492c-95df-3bcfb1ffad86&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=50c2848b-1ea7-492c-95df-3bcfb1ffad86&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}"

"SearchAssistant"="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=50c2848b-1ea7-492c-95df-3bcfb1ffad86&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.google.be/"

"Use Search Asst"="no"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{C0EBFE2D-5835-46fb-8A28-C6ED6D0A4667} Google Url="http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4107735745&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4107735745&q={searchTerms}"

==== Reset Google Chrome ======================

C:\users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aabcpocfpkbpakeakaehogbolekfkbpb deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files (x86)\panda security\panda internet security 2013\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBY2N26Q will be deleted at reboot

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HOKPXTV8 will be deleted at reboot

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVBDZTUI will be deleted at reboot

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBY2N26Q" not found

"C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HOKPXTV8" not found

"C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVBDZTUI" not found

Grtn

[juisterr]

Er is nog veel meer verwijderd, herstart even en kijk of de google pagina weer terug is, anders is die simpel te herstellen.

[Gast kieken10]

oei, was er zoveel brol op dan

mijn pa heeft het al hersteld

grnt

[juisterr]

Conduit

Babylon

YourFileDownloader

OpenCandy

Media Finder

InstallMate

Tarma Installer

En wat extensions uit Chrome.

Nog problemen nu ?

[Gast kieken10]

neen hoor pc'tje loopt perfect, bedankt voor de hulp

grtn

[juisterr]

Voer sowieso nog even een volledige systeemscan uit en wijzig alle gebuikte wachtwoorden, maar dat staat hieronder verder beschreven.

De volgende programma's en bijbehorende log bestanden mag je verwijderen. MBAM en de Emsisoft Emergency Kit kan je gewoon blijven gebruiken om periodiek de computer te scannen (wel eerst updaten).

• Zoek.exe
  
• HijackThis
  

Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.

1.) Volledige systeemscan

Ik raad u aan om met behulp van de Emsisoft Emergency Kit nog een volledige systeemscan uit te voeren, op de onderstaande link treft u de handleiding van dit programma.

• Handleiding Emsisoft Emergency Kit
  

Mochten er nog speciale detecties zijn waarvan u niet weet wat u het beste kan doen dan kunt u uw vraag stellen in de sectie Antivirus / Antispy(mal)ware / Firewalls en overige security software

2.) Systeemherstelpunten verwijderen

Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.

• Hoe u de herstelpunten verwijderd leest u hier
  

3.) Wachtwoorden wijzigen

De meeste malware maakt een uitgaande verbinding met een Command & Control-server waarbij er vertrouwelijke gegevens zoals bijvoorbeeld inloggegevens worden buitgemaakt, indien uw computer geïnfecteerd is geweest is het dan ook raadzaam om al uw gebruikte wachtwoorden te wijzigen.

Meer informatie hierover leest u hier

4.) Installeren van essentiële updates.

Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.

Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier

5.) Pas op voor 'Phishing' berichten.

Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.

Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.

Meer informatie leest u hier

6.) Preventie informatie & het gebruik van beveiligings software.

Om de kans op een her-infectie te minimaliseren kan je naast de gebruikte beveiligingssoftware een aanvullende malwarescanner installeren zoals Emsisoft Anti-Malware of Malwarebytes' Antimalware om de bescherming te optimaliseren.

Hier staat meer informatie hoe u een infectie in de toekomst kunt voorkomen, lees dit eens op uw gemak door.