Ga naar inhoud

CouponDropDown

EYES-T
 Delen

Aanbevolen berichten

EYES-T Vaste Klant

EYES-T

Geplaatst:
Geplaatst:

Hoi,

Sinds enige tijd heb ik last van CouponDropDown met de vervelende advertenties verborgen onder onderlijnde woorden op bijna elke website.

Wat ik al heb ondernomen :

1/ Eerst en vooral : Norton Anti Virus vindt er niks van terug.

2/ Malwarebytes Ant-Malware geeft ook een volledig positief rapportje.

3/ AdwCleaner vindt ook niks terug.(2e logbestand)

4/ Combofix laten lopen = logje onderaan

4/ HiJackThis geeft volgend logbestand :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:43:09, on 4/03/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16521)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe

C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files (x86)\adawaretb\ffHelper.exe

C:\PROGRA~2\AD-AWA~1\AdAware.exe

C:\Users\Wim Van Loock\Downloads\adwcleaner.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Wim Van Loock\Downloads\HijackThis (2).exe

C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = VRT Radiospeler

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\IPS\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

O4 - HKCU\..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f

O4 - HKCU\..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe

O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10894 bytes

********************************************************************

ADWCleaner geeft volgend logje:

# AdwCleaner v2.113 - Verslag gemaakt op 04/03/2013 om 08:34:04

# Geactualiseerd op 23/02/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : Wim Van Loock - DESKTOP

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\Wim Van Loock\Downloads\adwcleaner.exe

# Optie [Zoeken]

***** [Diensten] *****

***** [Files / Mappen] *****

Map Aanwezig : C:\Program Files (x86)\adawaretb

Map Aanwezig : C:\Program Files (x86)\fbphotozoom

Map Aanwezig : C:\Program Files (x86)\NCH_EN

Map Aanwezig : C:\ProgramData\Babylon

Map Aanwezig : C:\ProgramData\blekko toolbars

Map Aanwezig : C:\ProgramData\boost_interprocess

Map Aanwezig : C:\ProgramData\InstallMate

Map Aanwezig : C:\ProgramData\Tarma Installer

Map Aanwezig : C:\ProgramData\Trymedia

Map Aanwezig : C:\Users\Wim Van Loock\AppData\Local\APN

Map Aanwezig : C:\Users\Wim Van Loock\AppData\LocalLow\adawaretb

Map Aanwezig : C:\Users\Wim Van Loock\AppData\LocalLow\Conduit

Map Aanwezig : C:\Users\Wim Van Loock\AppData\LocalLow\NCH_EN

Map Aanwezig : C:\Users\Wim Van Loock\AppData\LocalLow\PriceGong

Map Aanwezig : C:\Users\Wim Van Loock\AppData\Roaming\Babylon

Map Aanwezig : C:\Users\Wim Van Loock\AppData\Roaming\pdfforge

***** [Register] *****

Sleutel Aanwezig : HKCU\Software\1ClickDownload

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\Conduit

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\NCH_EN

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\PriceGong

Sleutel Aanwezig : HKCU\Software\Conduit

Sleutel Aanwezig : HKCU\Software\DataMngr

Sleutel Aanwezig : HKCU\Software\DataMngr_Toolbar

Sleutel Aanwezig : HKCU\Software\InstallCore

Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Sleutel Aanwezig : HKCU\Software\Softonic

Sleutel Aanwezig : HKCU\Software\5855d8dbb639ed10

Sleutel Aanwezig : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Sleutel Aanwezig : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Sleutel Aanwezig : HKLM\Software\Babylon

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Prod.cap

Sleutel Aanwezig : HKLM\Software\Conduit

Sleutel Aanwezig : HKLM\Software\DataMngr

Sleutel Aanwezig : HKLM\Software\Iminent

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Sleutel Aanwezig : HKLM\Software\NCH_EN

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\5855d8dbb639ed10

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90901388-E660-4EF5-82B0-31632F1CC75D}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1A9BA14-5FB3-4209-9F7E-6DBA0511AD36}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Sleutel Aanwezig : HKU\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Sleutel Aanwezig : HKU\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Waarde Aanwezig : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37483B40-C254-4A72-BDA4-22EE90182C1E}]

Waarde Aanwezig : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Waarde Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]

Waarde Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Wim Van Loock\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[R1].txt - [5933 octets] - [04/03/2013 08:34:04]

########## EOF - C:\AdwCleaner[R1].txt - [5993 octets] ##########

*********************************************************************

Combofix logbestand :

ComboFix 13-03-04.01 - Wim Van Loock 04/03/2013 8:55:08.5.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4040.2114 [GMT 1:00]

Gestart vanuit: C:\Users\Wim Van Loock\Downloads\ComboFix.exe

AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-04 to 2013-03-04 ))))))))))))))))))))))))))))))

2013-03-04 08:04:56 . 2013-03-04 08:04:56 -------- d-----w- C:\Users\Public\AppData\Local\temp

2013-03-04 08:04:56 . 2013-03-04 08:04:56 -------- d-----w- C:\Users\Default\AppData\Local\temp

2013-03-04 07:05:12 . 2013-03-04 07:05:12 -------- d-----w- C:\Users\Wim Van Loock\AppData\Roaming\LavasoftStatistics

2013-03-04 07:05:12 . 2013-03-04 07:05:12 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus

2013-03-04 07:02:58 . 2013-03-04 07:02:58 -------- d-----w- C:\ProgramData\Lavasoft

2013-03-04 07:02:57 . 2013-03-04 07:05:16 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus

2013-03-04 07:02:37 . 2013-03-04 07:02:37 -------- d-----w- C:\ProgramData\Downloaded Installations

2013-03-04 07:02:35 . 2013-03-04 07:02:36 -------- d-----w- C:\Users\Wim Van Loock\AppData\Local\adawarebp

2013-03-04 07:02:33 . 2013-03-04 07:02:34 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2013-03-04 07:02:25 . 2013-03-04 07:02:35 -------- d-----w- C:\Program Files (x86)\adawaretb

2013-03-04 07:02:24 . 2013-03-04 07:02:24 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2013-03-04 07:01:07 . 2013-03-04 07:01:07 47496 ----a-w- C:\Windows\system32\sbbd.exe

2013-03-04 07:01:07 . 2013-03-04 07:01:07 14456 ----a-w- C:\Windows\system32\drivers\gfibto.sys

2013-03-04 07:01:06 . 2013-03-04 07:05:20 -------- d-----w- C:\Users\Wim Van Loock\AppData\Roaming\Ad-Aware Antivirus

2013-03-03 16:15:54 . 2013-03-03 16:15:54 -------- d-----w- C:\Users\Wim Van Loock\AppData\Local\Programs

2013-02-27 05:45:43 . 2013-02-17 00:40:40 28672 ----a-w- C:\Windows\system32\IEUDINIT.EXE

2013-02-27 05:42:46 . 2013-02-27 05:43:02 -------- d-----w- C:\Windows\system32\drivers\NAVx64\1403000.024

2013-02-27 05:38:45 . 2013-02-27 05:38:45 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-26 11:03:54 . 2013-02-26 11:03:54 -------- d-----w- C:\Windows\SysWow64\searchplugins

2013-02-26 11:03:54 . 2013-02-26 11:03:54 -------- d-----w- C:\Windows\SysWow64\Extensions

2013-02-26 07:48:03 . 2013-02-26 16:01:38 -------- d-s---w- C:\Users\Wim Van Loock\Google Drive

2013-02-23 14:18:47 . 2013-02-23 14:18:47 -------- d-----w- C:\Program Files (x86)\Common Files\Java

2013-02-23 14:13:09 . 2013-02-23 14:12:58 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-23 14:12:56 . 2013-02-23 14:12:56 -------- d-----w- C:\Program Files (x86)\Java

2013-02-21 15:41:09 . 2013-02-21 15:41:09 -------- d-----w- C:\Program Files\iPod

2013-02-21 15:41:08 . 2013-02-21 15:41:35 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-21 15:41:08 . 2013-02-21 15:41:34 -------- d-----w- C:\Program Files (x86)\iTunes

2013-02-21 15:41:05 . 2013-02-21 15:41:35 -------- d-----w- C:\Program Files\iTunes

2013-02-19 08:24:12 . 2013-02-19 08:24:16 -------- d-----w- C:\Windows\system32\drivers\NSTx64\7DD03000.01A

2013-02-15 18:58:12 . 2013-02-15 18:58:12 106088 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-13 19:50:01 . 2013-02-13 19:50:01 -------- d-----w- C:\Users\Wim Van Loock\AppData\Roaming\theBluCache

2013-02-13 08:14:54 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe

2013-02-13 08:14:54 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 08:14:53 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 08:14:49 . 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\system32\win32k.sys

2013-02-13 08:14:48 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll

2013-02-13 08:14:48 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 08:14:48 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 08:14:48 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 08:14:48 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 08:14:47 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 08:14:46 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2013-02-13 08:14:45 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-03-02 07:12:38 . 2012-04-01 06:58:07 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-02 07:12:38 . 2011-11-29 07:04:36 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-23 14:12:58 . 2012-06-26 13:47:28 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-02-23 14:12:58 . 2011-12-04 16:41:34 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-13 11:08:03 . 2011-08-02 05:07:14 70004024 ----a-w- C:\Windows\system32\MRT.exe

2013-01-04 04:43:21 . 2013-02-13 08:14:48 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 . 2012-12-21 11:01:29 46080 ----a-w- C:\Windows\system32\atmlib.dll

2012-12-16 14:45:03 . 2012-12-21 11:01:29 367616 ----a-w- C:\Windows\system32\atmfd.dll

2012-12-16 14:13:28 . 2012-12-21 11:01:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 . 2012-12-21 11:01:29 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 15:49:28 . 2012-12-11 07:58:36 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-12-07 13:20:16 . 2013-01-09 11:12:19 441856 ----a-w- C:\Windows\system32\Wpc.dll

2012-12-07 13:15:31 . 2013-01-09 11:12:19 2746368 ----a-w- C:\Windows\system32\gameux.dll

2012-12-07 12:26:17 . 2013-01-09 11:12:18 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 . 2013-01-09 11:12:19 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 . 2013-01-09 11:12:19 30720 ----a-w- C:\Windows\system32\usk.rs

2012-12-07 11:20:03 . 2013-01-09 11:12:19 43520 ----a-w- C:\Windows\system32\csrr.rs

2012-12-07 11:20:03 . 2013-01-09 11:12:18 23552 ----a-w- C:\Windows\system32\oflc.rs

2012-12-07 11:20:01 . 2013-01-09 11:12:19 45568 ----a-w- C:\Windows\system32\oflc-nz.rs

2012-12-07 11:20:01 . 2013-01-09 11:12:19 44544 ----a-w- C:\Windows\system32\pegibbfc.rs

2012-12-07 11:20:01 . 2013-01-09 11:12:18 20480 ----a-w- C:\Windows\system32\pegi-fi.rs

2012-12-07 11:20:00 . 2013-01-09 11:12:19 20480 ----a-w- C:\Windows\system32\pegi-pt.rs

2012-12-07 11:19:59 . 2013-01-09 11:12:19 20480 ----a-w- C:\Windows\system32\pegi.rs

2012-12-07 11:19:58 . 2013-01-09 11:12:19 46592 ----a-w- C:\Windows\system32\fpb.rs

2012-12-07 11:19:57 . 2013-01-09 11:12:19 40960 ----a-w- C:\Windows\system32\cob-au.rs

2012-12-07 11:19:57 . 2013-01-09 11:12:19 21504 ----a-w- C:\Windows\system32\grb.rs

2012-12-07 11:19:57 . 2013-01-09 11:12:19 15360 ----a-w- C:\Windows\system32\djctq.rs

2012-12-07 11:19:56 . 2013-01-09 11:12:18 55296 ----a-w- C:\Windows\system32\cero.rs

2012-12-07 11:19:55 . 2013-01-09 11:12:18 51712 ----a-w- C:\Windows\system32\esrb.rs

2012-12-07 10:46:42 . 2013-01-09 11:12:19 43520 ----a-w- C:\Windows\SysWow64\csrr.rs

2012-12-07 10:46:42 . 2013-01-09 11:12:19 30720 ----a-w- C:\Windows\SysWow64\usk.rs

2012-12-07 10:46:41 . 2013-01-09 11:12:19 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs

2012-12-07 10:46:41 . 2013-01-09 11:12:19 44544 ----a-w- C:\Windows\SysWow64\pegibbfc.rs

2012-12-07 10:46:41 . 2013-01-09 11:12:19 20480 ----a-w- C:\Windows\SysWow64\pegi-pt.rs

2012-12-07 10:46:41 . 2013-01-09 11:12:18 23552 ----a-w- C:\Windows\SysWow64\oflc.rs

2012-12-07 10:46:40 . 2013-01-09 11:12:18 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs

2012-12-07 10:46:39 . 2013-01-09 11:12:19 46592 ----a-w- C:\Windows\SysWow64\fpb.rs

2012-12-07 10:46:39 . 2013-01-09 11:12:19 20480 ----a-w- C:\Windows\SysWow64\pegi.rs

2012-12-07 10:46:38 . 2013-01-09 11:12:19 21504 ----a-w- C:\Windows\SysWow64\grb.rs

2012-12-07 10:46:37 . 2013-01-09 11:12:19 40960 ----a-w- C:\Windows\SysWow64\cob-au.rs

2012-12-07 10:46:37 . 2013-01-09 11:12:19 15360 ----a-w- C:\Windows\SysWow64\djctq.rs

2012-12-07 10:46:36 . 2013-01-09 11:12:18 55296 ----a-w- C:\Windows\SysWow64\cero.rs

2012-12-07 10:46:36 . 2013-01-09 11:12:18 51712 ----a-w- C:\Windows\SysWow64\esrb.rs

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 14:39:05 41208]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 12:08:14 59720]

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040]

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 11:35:28 152392]

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 08:04:54 252848]

"Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 15:11:58 542632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

"Hotkey Utility"=C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"RIMBBLaunchAgent.exe"=C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

R0 gfibto;gfibto;C:\Windows\system32\drivers\gfibto.sys [2013-03-04 07:01:07 14456]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2000-01-01 00:00:00 246376]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-07 15:38:22 147288]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-31 21:20:55 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184]

S0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 16:02:18 17720]

S0 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1402010.016\SYMDS64.SYS [2012-10-04 01:40:20 493216]

S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1402010.016\SYMEFA64.SYS [2012-10-04 01:40:35 1133216]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 02:51:11 1388120]

S1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys [2012-10-04 01:19:14 168096]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1402010.016\ccSetx64.sys [2012-08-20 19:50:10 168096]

S1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\system32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [2012-11-16 02:18:04 168096]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130301.002\IDSvia64.sys [2013-01-05 06:18:02 513184]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1402010.016\Ironx64.SYS [2012-09-07 01:48:08 224416]

S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NAVx64\1402010.016\SYMNETS.SYS [2012-09-07 02:05:14 432800]

S2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-02-21 04:37:06 1236336]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 01:32:32 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe [2011-01-17 14:00:50 164520]

S2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 20:55:14 244624]

S2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe [2012-10-11 02:29:13 143928]

S2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 01:40:03 143928]

S2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe [2012-12-24 03:33:29 144520]

S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 04:39:12 3677000]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 05:24:42 2656280]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 01:00:00 138912]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 16:28:16 317440]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-25 05:45:06 1629648 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe

Inhoud van de 'Gedeelde Taken' map

2013-03-04 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 15:13:47 . 2011-10-26 15:13:43]

2013-03-04 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 15:13:47 . 2011-10-26 15:13:43]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-12-17 18:50:30 755816 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-12-17 18:50:30 755816 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-12-17 18:50:30 755816 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-12-17 18:50:30 755816 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 00:20:42 11580520]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-03-19 21:44:20 398616]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

------- Bijkomende Scan -------

uLocal Page = C:\Windows\system32\blank.htm

uStart Page = hxxp://internetradio.vrt.be/radiospeler/v2_prod/wmp.html?qsbrand=11

mLocal Page = C:\WINDOWS\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.131.132 195.130.130.4

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

*********************************************************************

Hebben jullie enig idee hoe ik dit kan verhelpen?

Alvast bedankt voor alle reacties!

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Blijkbaar heb je twee browsers in gebruik: Internet Explorer en Google Chrome. Doe voor beiden eens het volgende:

Coupon Dropdown uitschakelen Internet Explorer

Start Internet Explorer en ga naar "Invoegtoepassingen beheren" / "Manage add-ons".

Klik op de optie "Werkbalken en uitbreidingen" / "Toolbars and Extensions".

Hier zal twee maal de "Coupon Dropdown" vermeld zijn, klik hier met de rechtermuisknop op en kies de optie "Uitschakelen" / "Disable".

Coupon dropdown uitschakelen Chrome

Start Google Chrome en klik rechts bovenin het scherm op de knop met de drie streepjes en kies de optie "Instellingen".

Klik nu in het scherm wat verschijnt links op de optie "Extensies"

Schakel hier Coupon dropdown uit, of verwijder deze geheel door op het prullenbakje te klikken.

Na uitvoering van deze aanpassingen de PC wel eerst opnieuw opstarten.

... en laat dan eens weten of hiermee de zaak opgelost is ?

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

C:\Windows\SysWow64\searchplugins

C:\Windows\SysWow64\Extensions

C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in de rode snelkoppeling van ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
EYES-T Vaste Klant

EYES-T

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 13-03-04.01 - Wim Van Loock 04/03/2013 12:08:55.6.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4040.2892 [GMT 1:00]

Gestart vanuit: c:\users\Wim Van Loock\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Wim Van Loock\Desktop\CFScript.txt

AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-04 to 2013-03-04 ))))))))))))))))))))))))))))))

.

.

2013-03-04 11:17 . 2013-03-04 11:17 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-03-04 11:17 . 2013-03-04 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-04 07:05 . 2013-03-04 07:05 -------- d-----w- c:\users\Wim Van Loock\AppData\Roaming\LavasoftStatistics

2013-03-04 07:05 . 2013-03-04 07:05 -------- d-----w- c:\programdata\Ad-Aware Antivirus

2013-03-04 07:02 . 2013-03-04 07:02 -------- d-----w- c:\programdata\Lavasoft

2013-03-04 07:02 . 2013-03-04 07:05 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus

2013-03-04 07:02 . 2013-03-04 07:02 -------- d-----w- c:\programdata\Downloaded Installations

2013-03-04 07:02 . 2013-03-04 07:02 -------- d-----w- c:\users\Wim Van Loock\AppData\Local\adawarebp

2013-03-04 07:02 . 2013-03-04 07:02 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2013-03-04 07:02 . 2013-03-04 07:02 -------- d-----w- c:\program files (x86)\adawaretb

2013-03-04 07:02 . 2013-03-04 07:02 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2013-03-04 07:01 . 2013-03-04 07:01 47496 ----a-w- c:\windows\system32\sbbd.exe

2013-03-04 07:01 . 2013-03-04 07:01 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-03-04 07:01 . 2013-03-04 07:05 -------- d-----w- c:\users\Wim Van Loock\AppData\Roaming\Ad-Aware Antivirus

2013-03-03 16:15 . 2013-03-03 16:15 -------- d-----w- c:\users\Wim Van Loock\AppData\Local\Programs

2013-02-27 05:45 . 2013-02-17 00:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-02-27 05:42 . 2013-02-27 05:43 -------- d-----w- c:\windows\system32\drivers\NAVx64\1403000.024

2013-02-27 05:38 . 2013-02-27 05:38 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-26 11:03 . 2013-02-26 11:03 -------- d-----w- c:\windows\SysWow64\searchplugins

2013-02-26 11:03 . 2013-02-26 11:03 -------- d-----w- c:\windows\SysWow64\Extensions

2013-02-26 07:48 . 2013-02-26 16:01 -------- d-s---w- c:\users\Wim Van Loock\Google Drive

2013-02-23 14:18 . 2013-02-23 14:18 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-02-23 14:13 . 2013-02-23 14:12 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-23 14:12 . 2013-02-23 14:12 -------- d-----w- c:\program files (x86)\Java

2013-02-21 15:41 . 2013-02-21 15:41 -------- d-----w- c:\program files\iPod

2013-02-21 15:41 . 2013-02-21 15:41 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-21 15:41 . 2013-02-21 15:41 -------- d-----w- c:\program files (x86)\iTunes

2013-02-21 15:41 . 2013-02-21 15:41 -------- d-----w- c:\program files\iTunes

2013-02-19 08:24 . 2013-02-19 08:24 -------- d-----w- c:\windows\system32\drivers\NSTx64\7DD03000.01A

2013-02-15 18:58 . 2013-02-15 18:58 106088 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-13 19:50 . 2013-02-13 19:50 -------- d-----w- c:\users\Wim Van Loock\AppData\Roaming\theBluCache

2013-02-13 08:14 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 08:14 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 08:14 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 08:14 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 08:14 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 08:14 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 08:14 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 08:14 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 08:14 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 08:14 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 08:14 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 08:14 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-02 07:12 . 2012-04-01 06:58 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-02 07:12 . 2011-11-29 07:04 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-23 14:12 . 2012-06-26 13:47 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-02-23 14:12 . 2011-12-04 16:41 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-13 11:08 . 2011-08-02 05:07 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-01-04 04:43 . 2013-02-13 08:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-16 17:11 . 2012-12-21 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-21 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-21 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-21 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 15:49 . 2012-12-11 07:58 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-07 13:20 . 2013-01-09 11:12 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 11:12 2746368 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 11:12 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 11:12 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 11:12 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 11:12 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 11:12 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 11:12 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 11:12 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 11:12 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 11:12 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 11:12 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 11:12 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 11:12 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 11:12 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 11:12 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 11:12 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 11:12 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 11:12 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 11:12 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 11:12 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 11:12 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 11:12 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 11:12 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 11:12 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 11:12 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 11:12 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 11:12 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 11:12 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 11:12 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 11:12 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 11:12 51712 ----a-w- c:\windows\SysWow64\esrb.rs

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"IAStorIcon"=c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

"Hotkey Utility"=c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"RIMBBLaunchAgent.exe"=c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2000-01-01 246376]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-07 147288]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-03-04 14456]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402010.016\SYMDS64.SYS [2012-10-04 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]

S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys [2012-10-04 168096]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402010.016\ccSetx64.sys [2012-08-20 168096]

S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [2012-11-16 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130301.002\IDSvia64.sys [2013-01-05 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402010.016\Ironx64.SYS [2012-09-07 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402010.016\SYMNETS.SYS [2012-09-07 432800]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-02-21 1236336]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-01-17 164520]

S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 244624]

S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe [2012-10-11 143928]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]

S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe [2012-12-24 144520]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - GFIBTO

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

start [bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-25 05:45 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 15:13]

.

2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 15:13]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://internetradio.vrt.be/radiospeler/v2_prod/wmp.html?qsbrand=11

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.131.132 195.130.130.4

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]

"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]

"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.3.0.26\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.bmp.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.bmp.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.ico.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.jpg.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.jpg.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.jpg.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.jpg.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.png.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.tif.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.tif.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.wdp.15.4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-03-04 12:24:33

ComboFix-quarantined-files.txt 2013-03-04 11:24

ComboFix2.txt 2013-02-08 22:29

.

Pre-Run: 389.253.595.136 bytes beschikbaar

Post-Run: 388.942.745.600 bytes beschikbaar

.

- - End Of File - - DDCC2C00291F75DCC23F77F74C5E3023

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dit is niet helemaal correct verlopen. We zetten een ander tooltje in.

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem. 
     
[b]C:\Windows\SysWow64\searchplugins[/b];fs
[b]C:\Windows\SysWow64\Extensions[/b];fs
[b]C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[/b];fs


  • Klik op de knop "Options" en vink nu de onderstaande opties aan.

    • Empty Temp Folders
    • System Restore Point
    • Auto Clean

    [*] Klik daarna op de knop "Run script".

    [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites
EYES-T Vaste Klant

EYES-T

Geplaatst:
  • Auteur
Geplaatst:

Zoek.exe Version 4.0.0.2 Updated 02-March-2013

Tool run by Wim Van Loock on ma 04/03/2013 at 16:02:55,69.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

4/03/2013 16:04:47 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample_20130403_1608.zip ======================

Process chrome.exe killed

Copied file C:\Users\Wim Van Loock\TatSet.exe to sample

sample\TatSet.exe renamed to A2A1BA6024BCF5E2B3B533E77C146619

C:\Users\Public\Desktop\sample_20130403_1608.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96146D96-9783-4982-878A-745B72327058} deleted successfully

HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Files \ Folders ======================

"C:\Users\Wim Van Loock\TatSet.exe" deleted

"C:\Windows\SysWow64\searchplugins" deleted

"C:\Windows\SysWow64\Extensions" deleted

"C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69" deleted

"C:\Program Files (x86)\NCH_EN" deleted

"C:\Program Files (x86)\fbphotozoom" deleted

"C:\Users\Wim Van Loock\AppData\Roaming\Babylon" deleted

"C:\Windows\SysWow64\searchplugins" deleted

"C:\Windows\SysWow64\Extensions" deleted

"C:\ProgramData\boost_interprocess" deleted

"C:\ProgramData\InstallMate" deleted

"C:\ProgramData\Tarma Installer" deleted

"C:\ProgramData\Trymedia" deleted

"C:\Users\Wim Van Loock\AppData\Local\APN" deleted

"C:\Users\Wim Van Loock\AppData\LocalLow\DataMngr" deleted

"C:\Users\Wim Van Loock\AppData\LocalLow\PriceGong" deleted

"C:\Users\Wim Van Loock\AppData\LocalLow\Conduit" deleted

"C:\Users\Wim Van Loock\AppData\LocalLow\NCH_EN" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

cjofdnhdkbflacojpfpkchgafjahijbb - No path found[]

mpieaakhacmfleokhjcjnpcnmnmpfkid - C:\Program Files (x86)\fbphotozoom\fbphotozoom.crx[]

nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\Exts\Chrome.crx[14/02/2013 04:02]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[]

Tetris - Wim Van Loock - Default\Extensions\angmfbilgjakmniilgadoakegkjdcpja

Windows Media Player Extension for HTML5 - Wim Van Loock - Default\Extensions\hokdglbhghcebcopdbanieangmcamaak

DSL speedtest - Wim Van Loock - Default\Extensions\mibbfkdeofpfmkclkgjfnjppdblhpddj

FBPHOTOZOOM - Wim Van Loock - Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://internetradio.vrt.be/radiospeler/v2_prod/wmp.html?qsbrand=11"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://internetradio.vrt.be/radiospeler/v2_prod/wmp.html?qsbrand=11"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"

{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{852E32AC-4B74-4EA0-A396-8B607175B3AE} Yahoo//search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=642886&p={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Wim Van Loock\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Wim Van Loock\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\users\Wim Van Loock\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\users\Wim Van Loock\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\WIMVAN~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

*********************************************************

't Zit blijkbaar diep verstopt, nie? :-)

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.