Ga naar inhoud

Controle HiJackthis-logje (eig. RSIT)


Aanbevolen berichten

Hallo beste pc- maar eig. mensenredders ;-)

Mijn zus haar laptop (Toshiba Satellite L500-1R3) had een tijd terug last van een worm, gevonden door haar verouderde AVG (9.0.932). Ze kon deze jammergenoeg niet verwijderen met deze AVG.

Ook had ze problemen met filmpjes bekijken op YouTube, door de Adobe FlashPlayer. (Browser: Mozilla FF 24.0)

Wat klein graafwerk leverde o.a. een Toolbar van Babylon op, mee-geïnstalleerd met het een of ander programmaatje, als add-on. Waarschijnlijk zelfs met de installatie van een 'update' van FlashPlayer op 19 sept., zoals ik kan zien in de downloadgeschiedenis van FF: install_flashplayer11x32_mssa_aaa_aih.exe en daarna install_flashplayer11x32_ltr5x64d_awc_aih.exe.

Beide bestanden lijken na wat geGoogle toch niet helemaal pluis te zijn, ook al staat er in de downloadgeschiedenis van FF dat ze afkomstig zijn/waren van Adobe.

Eerst ben ik zelf aan de slag gegaan met MBAM, AdwCleaner, maar eerst een logje gemaakt met HiJackthis nog.

Ik heb ook alles van FlashPlayer zoveel mogelijk verwijderd.

Nu lijkt het min of meer opgelost (AVG geeft geen meldingen van wormen meer),

maar ik vroeg me af of alle adware en briel verwijderd is, zodat ik een verse FlashPlayer kan installeren en een nieuwe AV installeren.

Hieronder een RSIT-logje om te controleren, alstublieft :-) Alvast hartelijk bedankt op voorhand!

PS: ik hoop dat ik geen forumregels over het plaatsen van RSIT/hijackthis-logjes gebroken heb; ik heb ernaar gezocht, maar niet gevonden.

Logfile of random's system information tool 1.09 (written by random/random)

Run by Margreet at 2013-11-08 21:32:21

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 74 GB (48%) free of 153 GB

Total RAM: 3933 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:32:25, on 8/11/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\trend micro\Margreet.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe

O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10023 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

"C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"taskhost.exe"

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe"

"C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

C:\Windows\system32\igfxsrvc.exe -Embedding

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"

C:\Windows\System32\svchost.exe -k HPZ12

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

C:\Windows\System32\svchost.exe -k HPZ12

"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe"

"C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe"

"C:\Program Files (x86)\AVG\AVG9\avgnsa.exe"

"C:\Program Files (x86)\AVG\AVG9\avgchsva.exe"

"C:\Program Files (x86)\AVG\AVG9\avgrsa.exe"

/pipeName=98f49834-ba4b-4e44-a7ed-f9a71a7aa00e /coreSdkOptions=30 /logConfFile="C:\ProgramData\avg9\temp\f6eb85fa-bf37-4549-8b6a-8dd2e7275e86-ad4-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG9\" /tempPath="C:\ProgramData\avg9\temp\"

C:\Windows\system32\TODDSrv.exe

"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"

"C:\Program Files\TOSHIBA\TECO\TecoService.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"

"C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

"C:\Program Files (x86)\AVG\AVG9\avgtray.exe"

"C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

"C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe" -Embedding

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"

"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"

"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"

"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe"

"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"

"C:\Windows\system32\wuauclt.exe"

C:\Windows\system32\svchost.exe -k SDRSVC

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"

/SCANCFG:11 /SCANTYPE:5 /SCHEDID:1

\??\C:\Windows\system32\conhost.exe

/pipeName=213d5674-cdd5-44a3-a2f1-50bec5f01c3f /coreSdkOptions=0 /binaryPath="C:\Program Files (x86)\AVG\AVG9\"

taskeng.exe {C031FE84-A276-4AF2-BA14-74881C80F17F}

C:\Windows\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

"C:\Windows\system32\taskmgr.exe" /4

"C:\Users\Margreet\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3986013921-6903290-1994597622-1000Core.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3986013921-6903290-1994597622-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]

"Description"=McAfee Mss Plugin

"Path"=C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\components\

IICAClient.xpt

nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\

CCMSDK.dll

cgpcfg.dll

CgpCore.dll

confmgr.dll

ctxlogging.dll

ctxmui.dll

ICAClObj.class

icafile.dll

icalogon.dll

npicaN.dll

NPOFF12.DLL

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

QuickTimePlugin.class

sslsdk_b.dll

TcpPServ.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

yahoo.xml

C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default\extensions\

2020Player_IKEA@2020Technologies.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]

MSS+ Identifier - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-09-10 41368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-08-03 709976]

"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2009-08-06 1050000]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-02 165912]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-02 387608]

"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-02 365592]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-28 7982112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"=C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [2009-08-12 6203296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]

C:\Users\Margreet\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-10 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files (x86)\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]

C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [2009-07-30 134032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

C:\PROGRA~2\MCAFEE~1\307523~1.318\SSSCHE~1.EXE [2013-02-05 272248]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2009-08-12 352256]

"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 423936]

"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088]

"TWebCamera"=C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun []

"AVG9_TRAY"=C:\PROGRA~2\AVG\AVG9\avgtray.exe [2012-01-27 2077536]

"ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2009-09-12 103768]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\Windows\System32\avgrssta.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2009-08-27 259584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2013-11-08 21:32:21 ----D---- C:\rsit

2013-11-08 21:32:21 ----D---- C:\Program Files\trend micro

2013-10-04 16:51:46 ----D---- C:\Program Files (x86)\Mozilla Firefox

2013-10-03 21:11:12 ----D---- C:\Users\Margreet\AppData\Roaming\SUPERAntiSpyware.com

2013-10-03 21:11:12 ----D---- C:\ProgramData\SUPERAntiSpyware.com

2013-10-03 20:44:20 ----D---- C:\Windows\pss

2013-10-03 20:42:22 ----SHD---- C:\$RECYCLE.BIN

2013-10-03 20:42:18 ----D---- C:\Windows\temp

2013-10-03 20:42:16 ----A---- C:\ComboFix.txt

2013-10-03 20:30:52 ----A---- C:\Windows\zip.exe

2013-10-03 20:30:52 ----A---- C:\Windows\SWSC.exe

2013-10-03 20:30:52 ----A---- C:\Windows\SWREG.exe

2013-10-03 20:30:52 ----A---- C:\Windows\sed.exe

2013-10-03 20:30:52 ----A---- C:\Windows\PEV.exe

2013-10-03 20:30:52 ----A---- C:\Windows\NIRCMD.exe

2013-10-03 20:30:52 ----A---- C:\Windows\MBR.exe

2013-10-03 20:30:52 ----A---- C:\Windows\grep.exe

2013-10-03 20:29:16 ----D---- C:\Qoobox

2013-10-03 20:28:54 ----D---- C:\Windows\erdnt

2013-10-03 20:16:17 ----D---- C:\AdwCleaner

2013-10-03 19:56:53 ----D---- C:\Users\Margreet\AppData\Roaming\Malwarebytes

2013-10-03 19:56:44 ----D---- C:\ProgramData\Malwarebytes

2013-10-03 19:56:43 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-03 19:56:43 ----A---- C:\Windows\system32\drivers\mbam.sys

2013-09-19 19:42:34 ----D---- C:\ProgramData\McAfee Security Scan

2013-09-19 19:42:31 ----D---- C:\Program Files (x86)\McAfee Security Scan

======List of files/folders modified in the last 3 months======

2013-11-08 21:32:25 ----D---- C:\Windows\Prefetch

2013-11-08 21:32:21 ----RD---- C:\Program Files

2013-11-08 21:27:44 ----SHD---- C:\System Volume Information

2013-11-08 21:21:45 ----D---- C:\Windows\System32

2013-11-08 21:21:45 ----D---- C:\Windows\inf

2013-11-08 21:21:45 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-11-08 21:20:22 ----D---- C:\Windows\system32\drivers\Avg

2013-11-08 21:20:18 ----D---- C:\Windows\system32\config

2013-10-05 13:41:03 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2013-10-05 10:28:01 ----RD---- C:\Program Files (x86)

2013-10-03 21:31:30 ----D---- C:\Windows\system32\NDF

2013-10-03 21:12:30 ----D---- C:\ProgramData

2013-10-03 20:44:20 ----D---- C:\Windows

2013-10-03 20:39:58 ----A---- C:\Windows\system.ini

2013-10-03 20:36:32 ----D---- C:\Windows\SYSWOW64\drivers

2013-10-03 20:36:32 ----D---- C:\Windows\SysWOW64

2013-10-03 20:36:32 ----D---- C:\Windows\AppPatch

2013-10-03 20:36:31 ----D---- C:\Program Files (x86)\Common Files

2013-10-03 20:29:18 ----D---- C:\Windows\system32\drivers

2013-10-03 19:51:07 ----D---- C:\Windows\system32\Tasks

2013-10-03 19:49:20 ----SHD---- C:\Windows\Installer

2013-10-03 19:49:19 ----D---- C:\Config.Msi

2013-09-19 20:06:55 ----D---- C:\Windows\system32\catroot2

2013-08-22 19:47:25 ----D---- C:\ProgramData\avg9

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\Windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]

R1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys [2013-01-15 282976]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys [2011-09-13 35664]

R1 AvgTdiA;AVG Free Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys [2011-05-05 317520]

R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]

R1 SASDIFSV;SASDIFSV; \??\C:\Users\Margreet\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [2010-02-17 14920]

R1 SAS***IL;SAS***IL; \??\C:\Users\Margreet\AppData\Local\Temp\SAS_SelfExtract\SAS***IL64.SYS [2010-02-17 12360]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-08-27 7369600]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-28 1966624]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]

R3 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2009-07-30 44912]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]

R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-20 274480]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 athr;Stuurprogramma Atheros Extensible draadloze LAN-apparaat; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]

S3 atikmdag;atikmdag; C:\Windows\system32\drivers\atikmdag.sys [2009-07-13 5020672]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 19968]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-07-30 222208]

S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]

S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64.sys [2009-02-03 19456]

S3 WinUsb;WinUSB Driver for STLink; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]

R2 avg9wd;AVG Free WatchDog; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-25 308136]

R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]

R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]

R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-10-26 335872]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]

R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]

R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]

R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]

R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-08-05 488800]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]

R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]

S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe []

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-04 118680]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]

S3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-13 1255736]

-----------------EOF-----------------

Link naar reactie
Delen op andere sites

Download 51a612a8b27e2-Zoek.pngZoek.zip naar het bureaublad.

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

chromelook; 
firefoxlook; 
 {5C255C8A-E604-49b4-9D64-90988571CECB};c
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}];r64
 C:\Qoobox:fs
 C:\ComboFix:u
 emptyfolderscheck;delete 
startupall; 
filesrcm;

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
  • Firefox Defaults
  • Reset Chrome
  • IE Defaults
  • Auto Clean
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Er zit verder nog wel één en ander van Adobe op de PC. Indien je wil dat dit ook verwijderd wordt, laat je dat maar weten. Dan nemen we dat mee in een volgende fix.

aangepast door kape
Link naar reactie
Delen op andere sites

Beste kape

Hartelijk bedankt voor je snelle antwoord! :-)

Nee, dat is niet nodig, de rest van Adobe lijkt me allemaal nog in orde te zijn.

Toch bedankt! :cool:

Hieronder vind je het zoek-logje:

Zoek.exe Version 4.0.0.5 Updated 24-November-2013

Tool run by Margreet on zo 24/11/2013 at 12:53:51,17.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Margreet\Desktop\zoek.exe [script inserted] [Checkboxes used]

==== System Restore Info ======================

24/11/2013 12:55:41 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AVS4YOU deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\Program Files\Google deleted successfully

C:\ProgramData\YTD YouTube Downloader & Converter deleted successfully

C:\Users\Margreet\AppData\Roaming\Publish Providers deleted successfully

C:\Users\Margreet\AppData\Local\CutePDF Writer deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3986013921-6903290-1994597622-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D95B0187-2A95-4AAF-993E-B66958DDE1F5} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\85oknj5l.default\prefs.js:

Added to C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\85oknj5l.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default\prefs.js:

Added to C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\85oknj5l.default

user.js not found

---- FireFox user.js and prefs.js backups ----

ProfilePath: C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_20132411_1305_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

==== Deleting Files \ Folders ======================

C:\ProgramData\YTD YouTube Downloader & Converter not found

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted

C:\user.js deleted

C:\Windows\SysWow64\searchplugins deleted

C:\Windows\SysWow64\Extensions deleted

"C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\85oknj5l.default\extensions\ytd@mybrowserbar.com" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-11-23 12:05:12 ED3AA31FC4441AEFF19F5D2FD4091C1B 404015507 ----a-w- C:\Windows\MEMORY.DMP

====== C:\Users\Margreet\AppData\Local\Temp ====

2013-11-24 11:56:43 0F66E8E2340569FB17E774DAC2010E31 520234 ----a-w- C:\Users\Margreet\AppData\Local\Temp\sqlite3.dll

2013-11-24 11:56:42 7978755B3AE6B5BECD725EA7A2FE28FD 1105920 ----a-w- C:\Users\Margreet\AppData\Local\Temp\siw_sdk.dll

2013-11-23 10:29:29 0E9AD2D3784A0996A5131512939C09C0 1490656 ----a-w- C:\Users\Margreet\AppData\Local\Temp\TC40065400B.temp\WinWDF\x64\WdfCoInstaller01007.dll

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2013-11-23 10:53:28 B2DB6ABA2E292235749B80A9C3DFA867 159232 ----a-w- C:\Windows\SysWOW64\imagehlp.dll

2013-11-23 10:53:26 907281ED4AD35D41B29FFDC211EBAD80 5120 ----a-w- C:\Windows\SysWOW64\wmi.dll

2013-11-23 10:32:06 0805487A6036A9F9C4E7AF7FEF835529 1620992 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL

2013-11-23 10:32:01 674EB817CF6E43B7DF3EC26E06E98D98 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll

2013-11-23 10:31:49 1A9E4EE88B31750E5CA207424143F99C 3968960 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2013-11-23 10:31:48 5D0325AEF9DE48330908EC2E2DB0359F 3913664 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2013-11-23 10:31:45 57EC6102661E0E1D156C1EC251E7CAF8 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll

2013-11-23 10:31:45 3808FD7522646BEB1CCEA94C45D4228C 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe

2013-11-23 10:31:45 365A5034093AD9E04F433046C4CDF6AB 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll

2013-11-23 10:31:45 1B7343C3765638D4D17CB925F84F8ABE 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll

2013-11-23 10:31:45 0184CC60AB10C8124D69AFB332C6AF1C 1292192 ----a-w- C:\Windows\SysWOW64\ntdll.dll

2013-11-23 10:31:44 B83592F532FB320F0001F8099ECC192B 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe

2013-11-23 10:31:44 73EF27E157855E3CB18B021BC9622E4C 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll

2013-11-23 10:31:43 812A161FC470FA832C3F0CC3D7ACA2F9 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll

2013-11-23 10:31:42 8489D083E46BFD2096A6CECFF6C7C227 2048 ----a-w- C:\Windows\SysWOW64\user.exe

2013-11-23 10:29:45 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll

2013-11-23 10:29:45 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll

2013-11-23 10:29:45 42B924C5F3924C1EB2539F22C10D7DF1 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll

2013-11-23 10:29:45 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll

2013-11-23 10:29:06 FB19FC5951A88F3C523E35C2C98D23C0 314880 ----a-w- C:\Windows\SysWOW64\webio.dll

2013-11-23 10:28:50 29E9794708DF51DB5DC89FB2E903A0F6 12873728 ----a-w- C:\Windows\SysWOW64\shell32.dll

2013-11-23 10:28:31 68EAAEDF0365168B804E8728368FA946 175104 ----a-w- C:\Windows\SysWOW64\wintrust.dll

2013-11-23 10:27:38 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\SysWOW64\crypt32.dll

2013-11-23 10:27:37 7CA1BECEA5DE2643ADDAD32670E7A4C9 140288 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll

2013-11-23 10:27:37 7B851A8018B1EA00A69707A390004884 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll

2013-11-23 10:26:58 52D33A22DE04BD9F40E1B1A28B46A95C 3217408 ----a-w- C:\Windows\SysWOW64\mstscax.dll

2013-11-23 10:26:55 F5562EFA9E4867D30EC2330B80FCB25C 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll

2013-11-23 10:26:55 2A6BFDEDF2C57923E78F970BB15D7E7D 36864 ----a-w- C:\Windows\SysWOW64\tsgqec.dll

2013-11-23 10:26:32 68783E77D401E6392EA6579EBCEF16C8 514560 ----a-w- C:\Windows\SysWOW64\qdvd.dll

2013-11-23 10:26:32 0AE0C4955E1DE29CCDC9DA1B816FE5EE 1328128 ----a-w- C:\Windows\SysWOW64\quartz.dll

2013-11-23 10:26:25 56E3313690866F99CD17AA1342F64AE1 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll

2013-11-23 10:26:22 4DC999CED9429939D75682EBD7D48901 663552 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll

2013-11-23 10:26:15 EF37EDC20412A01DDD9A42E8D939A5A3 163840 ----a-w- C:\Windows\SysWOW64\odbctrac.dll

2013-11-23 10:26:15 E2D83DAA6A229CFDAF129189A9245889 86016 ----a-w- C:\Windows\SysWOW64\odbccu32.dll

2013-11-23 10:26:15 66ABBF38123D3113BB55EBAFCF37AB92 122880 ----a-w- C:\Windows\SysWOW64\odbccp32.dll

2013-11-23 10:26:15 534BF06B2DEE965A1389A9312545AE03 81920 ----a-w- C:\Windows\SysWOW64\odbccr32.dll

2013-11-23 10:26:15 3FDB77D0BBEEB36AE35077ABC0BF80EC 319488 ----a-w- C:\Windows\SysWOW64\odbcjt32.dll

2013-11-23 10:26:01 CC23295DA8F7B5C53F93804D2F5D30EB 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll

2013-11-23 10:26:01 8CC4638FA7B5B921B9080CF962582C0B 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll

2013-11-23 10:26:01 7D27E63B54DB093BB0D9E95F81094D75 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll

2013-11-23 10:26:01 5C6B44F9CAAC475B7B9EBBC29CB7F065 295424 ----a-w- C:\Windows\SysWOW64\atmfd.dll

2013-11-23 10:26:01 2342EC9254F4C60CA98441BD65C89E12 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll

2013-11-23 10:25:55 68DCA1777D7224A79A9DC3D47BED6D32 75776 ----a-w- C:\Windows\SysWOW64\psisrndr.ax

2013-11-23 10:25:55 00ADF21DE55AA97297FAC65E4F3A0256 465408 ----a-w- C:\Windows\SysWOW64\psisdecd.dll

2013-11-23 10:25:37 75F5E1FE8D55CF8E577E0EC5F2290D3F 530432 ----a-w- C:\Windows\SysWOW64\comctl32.dll

2013-11-23 10:25:26 EAADD6E47ED2A7003ACE1793B98CF63F 1389568 ----a-w- C:\Windows\SysWOW64\msxml6.dll

2013-11-23 10:25:26 21D3A18769EC2C4E56756D04E989A221 1236992 ----a-w- C:\Windows\SysWOW64\msxml3.dll

2013-11-23 10:25:25 A45CB10FC8C4DCA23F96FE4D334F64FE 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll

2013-11-23 10:25:09 310F6F492A3B4B1020ED9BF9CCBBE6B6 376832 ----a-w- C:\Windows\SysWOW64\dpnet.dll

2013-11-23 10:25:07 D23E615E0969AECC1134E372B0B295D1 78336 ----a-w- C:\Windows\SysWOW64\synceng.dll

2013-11-23 10:25:06 BDA0B954A30498B5A7EDC6204CBA07ED 542208 ----a-w- C:\Windows\SysWOW64\kerberos.dll

2013-11-23 10:25:01 86F34E7288DA428E38E2D8C7E806A871 826880 ----a-w- C:\Windows\SysWOW64\rdpcore.dll

2013-11-23 10:25:00 FC415B303B1ECF80B5F130A1F7203D02 492544 ----a-w- C:\Windows\SysWOW64\win32spl.dll

2013-11-23 10:24:14 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\SysWOW64\certutil.exe

2013-11-23 10:24:13 CC917AC4D3F8756FF13174980B474791 43008 ----a-w- C:\Windows\SysWOW64\certenc.dll

2013-11-23 10:23:40 F436E847FA799ECD75AD8C313673F450 145920 ----a-w- C:\Windows\SysWOW64\cfgmgr32.dll

2013-11-23 10:23:40 B28BD86791468F427321458985F6A0E3 252928 ----a-w- C:\Windows\SysWOW64\drvinst.exe

2013-11-23 10:23:40 2EEFF4502F5E13B1BED4A04CCAD64C08 64512 ----a-w- C:\Windows\SysWOW64\devobj.dll

2013-11-23 10:23:40 162D247E995EAEBF3EF4289069E1111C 44544 ----a-w- C:\Windows\SysWOW64\devrtl.dll

2013-11-23 10:15:09 3B7C1A53047FF6ACEFD9BA6E281DEBB7 805376 ----a-w- C:\Windows\SysWOW64\cdosys.dll

2013-11-23 10:14:47 8E01332CC4B68BC6B5B7EFFE374442AA 233472 ----a-w- C:\Windows\SysWOW64\oleacc.dll

2013-11-23 10:14:47 6C765E82B57F2E66CE9C54AC238471D9 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll

2013-11-23 10:14:32 813845D5C5D8325CA5E8B1F547016378 534528 ----a-w- C:\Windows\SysWOW64\EncDec.dll

2013-11-23 10:14:29 F50EC0B39521D098373137E5E3CB4405 1077760 ----a-w- C:\Windows\SysWOW64\DWrite.dll

2013-11-23 10:14:28 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-23 10:14:28 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll

2013-11-23 10:14:18 72910F1DEB838E6E08A9017BFB7D4F0B 41984 ----a-w- C:\Windows\SysWOW64\browcli.dll

2013-11-23 10:14:18 2FCA0D2C59A855C54BAFA22AA329DF0F 57344 ----a-w- C:\Windows\SysWOW64\netapi32.dll

2013-11-23 10:14:15 9DC80A8AAAAAC397BDAB3C67165A824E 690688 ----a-w- C:\Windows\SysWOW64\msvcrt.dll

2013-11-23 10:14:14 7B90C5F0A510852036822EE860CABF26 67072 ----a-w- C:\Windows\SysWOW64\packager.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-11-23 12:14:23 F8FDF7CF9829C2103D56C69A8C9ACED6 31576 ----a-w- C:\Windows\Sysnative\SmartDefragBootTime.exe

2013-11-23 10:53:28 A1BE6A720D02E37F72E9CD89AE9CB3CF 81408 ----a-w- C:\Windows\Sysnative\imagehlp.dll

2013-11-23 10:53:26 C00DB14550E4BD49737F311C644E45FF 5120 ----a-w- C:\Windows\Sysnative\wmi.dll

2013-11-23 10:32:06 D29200AB0B37B7293C6942EAF755295E 1888768 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL

2013-11-23 10:32:01 A3EC566925BEC505E2418C1AC14E541E 624128 ----a-w- C:\Windows\Sysnative\qedit.dll

2013-11-23 10:31:51 63B563F1FC047AB3E21530DBBE773260 5550528 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe

2013-11-23 10:31:46 D8973E71F1B35CD3F3DEA7C12D49D0F0 1161216 ----a-w- C:\Windows\Sysnative\kernel32.dll

2013-11-23 10:31:46 B22C00ED0491FD7B8803D7DDE2849F4C 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll

2013-11-23 10:31:46 5B79D52A0388D8DEC5BF68411EA05A02 1732032 ----a-w- C:\Windows\Sysnative\ntdll.dll

2013-11-23 10:31:45 F0970A4BC8395659C22BF53D0FADF16F 112640 ----a-w- C:\Windows\Sysnative\smss.exe

2013-11-23 10:31:45 BF95EA5809E3BBF55370F7CB309FEBD0 338432 ----a-w- C:\Windows\Sysnative\conhost.exe

2013-11-23 10:31:45 AA913C4E63B6F3F52E20BC9932205BCC 243712 ----a-w- C:\Windows\Sysnative\wow64.dll

2013-11-23 10:31:45 9209EA3F29DFC339A87EFD604E035FE4 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll

2013-11-23 10:31:45 88EDD0B34EED542745931E581AD21A32 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll

2013-11-23 10:31:45 49CEA3942A2B99A906EAFC94B853EDBD 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll

2013-11-23 10:31:45 216BABD555BC550952320EEA89C25DDF 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll

2013-11-23 10:31:44 659D71E315FB40FFE9AD46CB0588BEB1 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll

2013-11-23 10:31:43 70A1D465390C393AA118D9764E065B06 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll

2013-11-23 10:29:46 31FFED18C7B836CEC1B559347E32E151 340992 ----a-w- C:\Windows\Sysnative\schannel.dll

2013-11-23 10:29:45 B08EA91C774AA734E0B9881F85CD9F42 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll

2013-11-23 10:29:45 7C46EC9CCDE6E793713FA01DB2EB918E 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll

2013-11-23 10:29:45 747B9BA5412422F27934CB21131F0A3E 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll

2013-11-23 10:29:45 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\Sysnative\lsass.exe

2013-11-23 10:29:45 208EAAFF40DA400190AA0605C797BEA2 28160 ----a-w- C:\Windows\Sysnative\secur32.dll

2013-11-23 10:29:45 086F906B1D30C0A5D35FE0F6362DAB21 1447936 ----a-w- C:\Windows\Sysnative\lsasrv.dll

2013-11-23 10:29:06 603EBD34E216C5654A2D774EAC98D278 395776 ----a-w- C:\Windows\Sysnative\webio.dll

2013-11-23 10:28:53 C6689007B3A749C49A5438DCF36E0CE4 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll

2013-11-23 10:28:31 959041D7014C97133D859B45BCA0FC58 224256 ----a-w- C:\Windows\Sysnative\wintrust.dll

2013-11-23 10:27:38 780F6ECC4F55D76C9730E6B6C9B31913 1474048 ----a-w- C:\Windows\Sysnative\crypt32.dll

2013-11-23 10:27:38 6B400F211BEE880A37A1ED0368776BF4 184320 ----a-w- C:\Windows\Sysnative\cryptsvc.dll

2013-11-23 10:27:37 A6B726DCA228F7878E38368A1BDC68BE 139776 ----a-w- C:\Windows\Sysnative\cryptnet.dll

2013-11-23 10:26:58 F4C640E85DB6450CB221E5224AA2AB51 3717632 ----a-w- C:\Windows\Sysnative\mstscax.dll

2013-11-23 10:26:55 CE4157E4B1E5041D252EF38EB61E9F0C 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll

2013-11-23 10:26:55 9F5C2F0CFEF95B4653E21443CDC0D587 158720 ----a-w- C:\Windows\Sysnative\aaclient.dll

2013-11-23 10:26:33 44A8B9185030EA57F7999383643ADFFB 1572864 ----a-w- C:\Windows\Sysnative\quartz.dll

2013-11-23 10:26:32 E44AFEA3C13A96FC79ABA67E5F0DC3AD 366592 ----a-w- C:\Windows\Sysnative\qdvd.dll

2013-11-23 10:26:25 56325BB1FF19F2A5AC8713756AC41140 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll

2013-11-23 10:26:23 26036E228D2467DE6975AD819C22C043 1217024 ----a-w- C:\Windows\Sysnative\rpcrt4.dll

2013-11-23 10:26:15 F4F36FEABB4F86ACA6FFD8819D7642C5 106496 ----a-w- C:\Windows\Sysnative\odbccr32.dll

2013-11-23 10:26:15 D10E13E494C5B4437549BE6A4987125E 163840 ----a-w- C:\Windows\Sysnative\odbccp32.dll

2013-11-23 10:26:15 97DC40842B54AD4E961DECC9345F16FC 106496 ----a-w- C:\Windows\Sysnative\odbccu32.dll

2013-11-23 10:26:15 935AE3DFF21465D600185305479A03F7 212992 ----a-w- C:\Windows\Sysnative\odbctrac.dll

2013-11-23 10:26:01 E1BB958681BE311E7CFF06CFEC5F1F2B 368128 ----a-w- C:\Windows\Sysnative\atmfd.dll

2013-11-23 10:26:01 D6BAE9B4B210D71CDDADC224CEFCDB5F 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll

2013-11-23 10:26:01 A5ED9421B8D09ED4F57CDA386307713E 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll

2013-11-23 10:26:01 796B47A4B82EF1C39F13435B88834C48 41472 ----a-w- C:\Windows\Sysnative\lpk.dll

2013-11-23 10:26:01 142671F462619CB64BA74F5B70136CB4 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll

2013-11-23 10:25:55 78394F2B354BDC28C5C61837872DD132 108032 ----a-w- C:\Windows\Sysnative\psisrndr.ax

2013-11-23 10:25:55 050AF06F8B0463417E4AED9DA5816A65 613888 ----a-w- C:\Windows\Sysnative\psisdecd.dll

2013-11-23 10:25:44 9E5D9177660A76FC8DECDC37A91A5B0D 9216 ----a-w- C:\Windows\Sysnative\rdrmemptylst.exe

2013-11-23 10:25:44 6D5DCC1579B3961D791ABDE286A1CB5E 77312 ----a-w- C:\Windows\Sysnative\rdpwsx.dll

2013-11-23 10:25:44 5B236296E233CAA6BF86BE0C6501A224 149504 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll

2013-11-23 10:25:39 51DFBD18A435BAEC1F71A692373ECE4F 9728 ----a-w- C:\Windows\Sysnative\Wdfres.dll

2013-11-23 10:25:37 9028D1621C43DF8DFBD1C76860412A11 633856 ----a-w- C:\Windows\Sysnative\comctl32.dll

2013-11-23 10:25:28 99B91C5D2FCEF218CAD3600ECB62A799 2002432 ----a-w- C:\Windows\Sysnative\msxml6.dll

2013-11-23 10:25:27 371948BC5911ABA06168FAC91ED25F06 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll

2013-11-23 10:25:25 D0EC440FA8D306E4CEFC8CC4DEFD2AC4 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll

2013-11-23 10:25:21 19320B121BFE7462EADD50A42C81AFD0 3155968 ----a-w- C:\Windows\Sysnative\win32k.sys

2013-11-23 10:25:09 374CE9DAB2F0CB173B8FCF3AB8DB5D1B 478208 ----a-w- C:\Windows\Sysnative\dpnet.dll

2013-11-23 10:25:07 8699D17DFCFCD327784034DB6BD3A422 95744 ----a-w- C:\Windows\Sysnative\synceng.dll

2013-11-23 10:25:06 44E1A196DFCB53B01FE4B855C3B56A15 715776 ----a-w- C:\Windows\Sysnative\kerberos.dll

2013-11-23 10:25:01 4474A8AEABD056DF636FD4FBEF49353B 1031680 ----a-w- C:\Windows\Sysnative\rdpcore.dll

2013-11-23 10:25:00 67CF11E00D026A5C0C88EA5F84D501E5 751104 ----a-w- C:\Windows\Sysnative\win32spl.dll

2013-11-23 10:24:14 4586B77B18FA9A8518AF76CA8FD247D9 1192448 ----a-w- C:\Windows\Sysnative\certutil.exe

2013-11-23 10:24:13 189B0BAE1B0EDD51CEF1CD3F4CDEE02E 52224 ----a-w- C:\Windows\Sysnative\certenc.dll

2013-11-23 10:23:40 25FBDEF06C4D92815B353F6E792C8129 404480 ----a-w- C:\Windows\Sysnative\umpnpmgr.dll

2013-11-23 10:15:08 1FEB1694B13247A451B274E114AFAC45 1133568 ----a-w- C:\Windows\Sysnative\cdosys.dll

2013-11-23 10:14:47 CF636C92B762B26F0B39B38E92380A09 331776 ----a-w- C:\Windows\Sysnative\oleacc.dll

2013-11-23 10:14:47 C06B32165E23A72A898B7A89679AD754 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll

2013-11-23 10:14:32 1392A9F9E56A876C616D8A33FE272C78 723456 ----a-w- C:\Windows\Sysnative\EncDec.dll

2013-11-23 10:14:30 79BEC88D21DB3611C2A0B453D4846A8E 1545728 ----a-w- C:\Windows\Sysnative\DWrite.dll

2013-11-23 10:14:29 76C196B109E4BFA50132EF50AF6A1C1B 1143296 ----a-w- C:\Windows\Sysnative\FntCache.dll

2013-11-23 10:14:28 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL

2013-11-23 10:14:28 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll

2013-11-23 10:14:28 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL

2013-11-23 10:14:21 45CFBFA8EDC3DF4E2B7FB0D0260FE051 956928 ----a-w- C:\Windows\Sysnative\localspl.dll

2013-11-23 10:14:19 943F527DF79E6B400104341AA7023C75 144384 ----a-w- C:\Windows\Sysnative\cdd.dll

2013-11-23 10:14:18 EEEA40F0EDB0A6E5359E539E15D0BC77 73216 ----a-w- C:\Windows\Sysnative\netapi32.dll

2013-11-23 10:14:18 05F5A0D14A2EE1D8255C2AA0E9E8E694 136704 ----a-w- C:\Windows\Sysnative\browser.dll

2013-11-23 10:14:18 012787CEB35505EB78DF82E0A0072888 59392 ----a-w- C:\Windows\Sysnative\browcli.dll

2013-11-23 10:14:16 C391FC68282A000CDF953F8B6B55D2EF 634880 ----a-w- C:\Windows\Sysnative\msvcrt.dll

2013-11-23 10:14:14 BACE7F36D65968FD07757B239B01F4E2 77312 ----a-w- C:\Windows\Sysnative\packager.dll

====== C:\Windows\Sysnative\drivers =====

2013-11-23 12:14:23 DD0443BC6CC78A19FD399817F8C51401 17720 ----a-w- C:\Windows\Sysnative\drivers\SmartDefragDriver.sys

2013-11-23 10:53:28 6BD9295CC032DD3077C671FCCF579A7B 23408 ----a-w- C:\Windows\Sysnative\drivers\fs_rec.sys

2013-11-23 10:31:57 9661DA76B4531B2DA272ECCE25A8AF24 42496 ----a-w- C:\Windows\Sysnative\drivers\usbscan.sys

2013-11-23 10:31:57 856E76B3641746ABBC2946BED1372098 32896 ----a-w- C:\Windows\Sysnative\drivers\hidparse.sys

2013-11-23 10:31:57 597C3699384E53CC59587ED50CCE5CA2 76800 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys

2013-11-23 10:29:45 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys

2013-11-23 10:29:45 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys

2013-11-23 10:29:45 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys

2013-11-23 10:26:26 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys

2013-11-23 10:26:19 E61608AA35E98999AF9AAEEEA6114B0A 210944 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys

2013-11-23 10:25:58 4CE278FC9671BA81A138D70823FCAA09 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys

2013-11-23 10:25:51 D711B3C1D5F42C0C2415687BE09FC163 288768 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys

2013-11-23 10:25:49 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys

2013-11-23 10:25:39 E2C933EDBC389386EBE6D2BA953F43D8 785624 ----a-w- C:\Windows\Sysnative\drivers\Wdf01000.sys

2013-11-23 10:25:39 AEA0A67275CFBA0E463E00C6E9A1DDAE 54376 ----a-w- C:\Windows\Sysnative\drivers\WdfLdr.sys

2013-11-23 10:25:39 933222B19FF3E7EA5F65517EA1F7D57E 3 ----a-w- C:\Windows\Sysnative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2013-11-23 10:25:31 E9766131EEADE40A27DC27D2D68FBA9C 75120 ----a-w- C:\Windows\Sysnative\drivers\partmgr.sys

2013-11-23 10:25:15 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys

2013-11-23 10:25:05 80B0F7D5CCF86CEB5D402EAAF61FEC31 100864 ----a-w- C:\Windows\Sysnative\drivers\usbcir.sys

2013-11-23 10:25:05 1F775DA4CF1A3A1834207E975A72E9D7 185344 ----a-w- C:\Windows\Sysnative\drivers\usbvideo.sys

2013-11-23 10:25:04 B0435098C81D04CAFFF80DDB746CD3A2 109824 ----a-w- C:\Windows\Sysnative\drivers\USBAUDIO.sys

2013-11-23 10:25:01 51C5ECEB1CDEE2468A1748BE550CFBC8 23552 ----a-w- C:\Windows\Sysnative\drivers\tdtcp.sys

2013-11-23 10:14:30 DB74544B75566C974815E79A62433F29 1910208 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys

2013-11-23 10:14:30 7942B7AC3FF598F8A1736D51ADAF04E8 376688 ----a-w- C:\Windows\Sysnative\drivers\netio.sys

2013-11-23 10:14:30 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS

2013-11-23 10:14:20 88612F1CE3BF42256913BF6E61C70D52 983488 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys

2013-11-23 10:14:19 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys

2013-11-23 10:14:16 E73A7A04FDAC9DD46EE2A4257F09E91C 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys

2013-11-23 10:14:16 ACCEA6BC68D0C9A78EB97EE159028B4E 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys

2013-11-23 10:14:16 A83D0EC9AE4C31704442099D40BA2471 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys

2013-11-23 10:14:16 861C197502A5057E68F0AC75D9EFCDD7 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys

2013-11-23 10:14:16 311C1DD1088E55BEAE15954D17F50646 52736 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys

2013-11-23 10:14:16 280E90CBF4B2DDD169F0728CB44D726F 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-11-08 20:32:21 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Margreet\AppData\Roaming ======

2013-11-23 10:30:51 -------- d-----w- C:\Users\Margreet\AppData\Roaming\WinBatch

====== C:\Users\Margreet ======

2013-11-23 12:09:39 13DBC7B84232604DDACA90BB9296C9A8 2277376 ----a-w- C:\Users\Margreet\Desktop\siw STICK-versie.exe

====== C: exe-files ==

2013-11-24 11:59:40 D8008675ADFF725D2D9C45E1BCDF8B41 274032 ----a-w- C:\Users\Margreet\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates\0\updater.exe

2013-11-23 12:14:23 F8FDF7CF9829C2103D56C69A8C9ACED6 31576 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe

2013-11-23 12:09:39 13DBC7B84232604DDACA90BB9296C9A8 2277376 ----a-w- C:\Users\Margreet\Desktop\siw STICK-versie.exe

2013-11-23 10:31:51 63B563F1FC047AB3E21530DBBE773260 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-11-23 10:31:49 1A9E4EE88B31750E5CA207424143F99C 3968960 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2013-11-23 10:31:48 5D0325AEF9DE48330908EC2E2DB0359F 3913664 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2013-11-23 10:31:45 F0970A4BC8395659C22BF53D0FADF16F 112640 ----a-w- C:\Windows\System32\smss.exe

2013-11-23 10:31:45 BF95EA5809E3BBF55370F7CB309FEBD0 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-11-23 10:31:45 3808FD7522646BEB1CCEA94C45D4228C 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe

2013-11-23 10:31:44 B83592F532FB320F0001F8099ECC192B 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe

2013-11-23 10:31:42 8489D083E46BFD2096A6CECFF6C7C227 2048 ----a-w- C:\Windows\SysWOW64\user.exe

2013-11-23 10:29:45 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\System32\lsass.exe

2013-11-23 10:25:44 9E5D9177660A76FC8DECDC37A91A5B0D 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2013-11-23 10:24:14 4586B77B18FA9A8518AF76CA8FD247D9 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-11-23 10:24:14 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\SysWOW64\certutil.exe

2013-11-23 10:23:40 B28BD86791468F427321458985F6A0E3 252928 ----a-w- C:\Windows\SysWOW64\drvinst.exe

2013-11-23 09:44:30 76B1717148C114D3A47147B1A5CCFFEA 4379048 ----a-w- C:\Users\Margreet\Desktop\belangrijke setups\ccsetup407.exe

2013-11-23 09:40:25 3AE7B9815BB34037632A87B8AC372202 98144 ----a-w- C:\ProgramData\avg9\update\backup\tareg.exe

=== C: other files ==

2013-11-23 12:14:23 DD0443BC6CC78A19FD399817F8C51401 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys

2013-11-23 10:53:28 6BD9295CC032DD3077C671FCCF579A7B 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-11-23 10:31:57 9661DA76B4531B2DA272ECCE25A8AF24 42496 ----a-w- C:\Windows\System32\drivers\usbscan.sys

2013-11-23 10:31:57 856E76B3641746ABBC2946BED1372098 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys

2013-11-23 10:31:57 597C3699384E53CC59587ED50CCE5CA2 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys

2013-11-23 10:29:45 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2013-11-23 10:29:45 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-11-23 10:29:45 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-11-23 10:26:26 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-11-23 10:26:19 E61608AA35E98999AF9AAEEEA6114B0A 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2013-11-23 10:25:58 4CE278FC9671BA81A138D70823FCAA09 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-11-23 10:25:51 D711B3C1D5F42C0C2415687BE09FC163 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2013-11-23 10:25:49 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-11-23 10:25:39 E2C933EDBC389386EBE6D2BA953F43D8 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-11-23 10:25:39 AEA0A67275CFBA0E463E00C6E9A1DDAE 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-11-23 10:25:31 E9766131EEADE40A27DC27D2D68FBA9C 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2013-11-23 10:25:21 19320B121BFE7462EADD50A42C81AFD0 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-11-23 10:25:15 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-11-23 10:25:05 80B0F7D5CCF86CEB5D402EAAF61FEC31 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys

2013-11-23 10:25:05 1F775DA4CF1A3A1834207E975A72E9D7 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2013-11-23 10:25:04 B0435098C81D04CAFFF80DDB746CD3A2 109824 ----a-w- C:\Windows\System32\drivers\USBAUDIO.sys

2013-11-23 10:25:01 51C5ECEB1CDEE2468A1748BE550CFBC8 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-11-23 10:14:51 C1B914A204C838EA42BC39E95B99A4D1 30108038 ----a-w- C:\Users\Margreet\Desktop\belangrijke setups\tpdrv-20091202155841.zip

2013-11-23 10:14:30 DB74544B75566C974815E79A62433F29 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-11-23 10:14:30 7942B7AC3FF598F8A1736D51ADAF04E8 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2013-11-23 10:14:30 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-11-23 10:14:20 88612F1CE3BF42256913BF6E61C70D52 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-11-23 10:14:19 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-11-23 10:14:16 E73A7A04FDAC9DD46EE2A4257F09E91C 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-11-23 10:14:16 ACCEA6BC68D0C9A78EB97EE159028B4E 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-11-23 10:14:16 A83D0EC9AE4C31704442099D40BA2471 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-11-23 10:14:16 861C197502A5057E68F0AC75D9EFCDD7 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2013-11-23 10:14:16 311C1DD1088E55BEAE15954D17F50646 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-11-23 10:14:16 280E90CBF4B2DDD169F0728CB44D726F 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe"

[HKEY_USERS\S-1-5-21-3986013921-6903290-1994597622-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL"

"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP"

"KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"

"AVG9_TRAY"="C:\PROGRA~2\AVG\AVG9\avgtray.exe"

"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup"

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

"TWebCamera"=""%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"

"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Windows\\System32\\avgrssta.dll"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Facebook Update"

"hkey"="HKCU"

"command"="\"C:\\Users\\Margreet\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QuickTime Task"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba Registration]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Toshiba Registration"

"hkey"="HKLM"

"command"="C:\\Program Files\\Toshiba\\Registration\\ToshibaReminder.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"

"backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\MCAFEE~1\\307523~1.318\\SSSCHE~1.EXE "

"item"="McAfee Security Scan Plus"

==== Startup Folders ======================

2009-09-10 08:36:41 1258 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

2009-09-10 08:36:41 1258 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3986013921-6903290-1994597622-1000Core.job --a------ [undetermined Task]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3986013921-6903290-1994597622-1000UA.job --a------ [undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate 2" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3986013921-6903290-1994597622-1000Core" [C:\Users\Margreet\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3986013921-6903290-1994597622-1000UA" [C:\Users\Margreet\AppData\Local\Facebook\Update\FacebookUpdate.exe]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default

- Visualisateur 3D de 20-20 - %ProfilePath%\extensions\2020Player_IKEA@2020Technologies.com

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default

37BC12D7E076F77D432C74DAAE08A138 - C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll - 20-20 3D Viewer for IKEA

0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Margreet\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

D94C362E750F8C283BF52537D3DF28B5 - C:\Users\Margreet\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll - Facebook Plugin

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

mhkaekfpcppmmioggniknbnbdbcigpkk - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{0993B101-E33A-43E9-8E5B-8AD9D9F6B154} Amazon Url="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{78CA4FBD-A3E8-433A-843E-518E9B21E9EB} eBay Url="http://rover.ebay.com/rover/1/1346-71494-26233-7/4?satitle={searchTerms}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Margreet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Margreet\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Margreet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Margreet\AppData\Local\Mozilla\Firefox\Profiles\862hi0w1.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Margreet\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Margreet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Users\Margreet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CLEWMX36\d150hyw1dtprld.cloudfront.net" not found

==== EOF on zo 24/11/2013 at 13:13:53,79 ======================

Link naar reactie
Delen op andere sites

Download 52147fb3b2536-AdwCleaner_99_3_16x16x32.pngAdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik vervolgens op de knop Scan.
  • Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  • Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  • Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  • Plaats dit logbestand in het volgende bericht.

Link naar reactie
Delen op andere sites

Hallo Kape

Opnieuw bedankt voor het snelle antwoord! :top:

De scan leverde geen zichtbare elementen op (ik had meteen na het uitbreken van de crisis;) al gescand met Adwcleaner, zoals ik ook postte in mijn veel te lang openingsbericht xD).

Hieronder het korte logje:

# AdwCleaner v3.013 - Report created 24/11/2013 at 14:28:25

# Updated 24/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Margreet - PC_MARGREET

# Running from : C:\Users\Margreet\Desktop\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

-\\ Mozilla Firefox v25.0.1 (nl)

[ File : C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\85oknj5l.default\prefs.js ]

[ File : C:\Users\Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\862hi0w1.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [6759 octets] - [03/10/2013 20:16:21]

AdwCleaner[R1].txt - [938 octets] - [03/10/2013 21:10:59]

AdwCleaner[R2].txt - [1465 octets] - [24/11/2013 14:23:38]

AdwCleaner[s0].txt - [6646 octets] - [03/10/2013 20:24:23]

AdwCleaner[s1].txt - [1002 octets] - [03/10/2013 21:12:30]

AdwCleaner[s2].txt - [1396 octets] - [24/11/2013 14:28:25]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1456 octets] ##########

Link naar reactie
Delen op andere sites

De scan leverde geen zichtbare elementen op (ik had meteen na het uitbreken van de crisis;) al gescand met Adwcleaner, zoals ik ook postte in mijn veel te lang openingsbericht)
Toch zijn er nog wat registersleutels verwijderd door AdwCleaner, maar de algemene toestand van de PC is nu OK. Je mag nu de gebruikte tools nog verwijderen met volgend programma:

Download 51a5ce45263de-delfix.pngDelfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.

Link naar reactie
Delen op andere sites

Hallo Pake

Ja, dat vermoedde ik ook wel, toen ik dat logje las. (Dit werd gewoon niet getoond in Adwcleaner zelf; dat bedoelde ik.)

Na het runnen (dat op zich normaal verliep) van Delfix by Xplode, zag ik alle zogezegd verwijderde bestanden van 't bureaublad nog staan op het bureaublad.

Daarna zette ik explorer.exe eens uit en dan weer aan via taakbeheer en toen was alles op 't bureaublad wel weg.

De mappen op C:/ (C:\AdwCleaner en C:\Qoobox) waren daarna ook nog niet weg, maar wel leeg (enkel mappen, geen bestanden meer).

Deze heb ik manueel verwijderd. Is dat ok?

Ik wacht nog even op bevestiging en dan markeer ik als opgelost.

Iig al heel erg bedankt voor uw tijd en moeite die u erin hebt willen steken :)

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.