FB virus

[Louis]

Dag leden, gisteren van FB vriend bericht gehad met melding "private video ...OMG!upn259g4x6r" , zou FB virus zijn. Heb rsit.exe gemaakt op jullie aanraden met onderstaand resultaat. Graag info, alvast dank en groet Louis

Logfile of random's system information tool 1.10 (written by random/random)

Run by Gebruiker at 2014-07-05 11:22:27

Microsoft Windows 7 Professional

System drive C: has 176 GB (79%) free of 223 GB

Total RAM: 1780 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:23:12, on 5/07/2014

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16476)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Launch Manager\LMworker.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe

C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\Desktop\RSIT.exe

C:\Program Files\trend micro\Gebruiker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9Xvy44ngxV4JdCED9Lq1K-kQNh3uo5Zk0RIyW5ut30FSXO_rmqfmzO8RqE1B-VGRxxyFh5n9JzRPiA45V0yv--h8ZIDtJd-wSk9VaKRgAQDok_HUaWBJSTkBpwA03-OYqUixbniktJcg1AR&q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9Xvy44ngxV4JdCED9Lq1K-kQNh3uo5Zk0RIyW5ut30FSXO_rmqfmzO8RqE1B-VGRxxyFh5n9JzRPiA45V0yv--h8ZIDtJd-wSk9VaKRgAQDok_HUaWBJSTkBpwA03-OYqUixbniktJcg1AR&q={searchTerms}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9Xvy44ngxV4JdCED9Lq1K-kQNh3uo5Zk0RIyW5ut30FSXO_rmqfmzO8RqE1B-VGRxxyFh5n9JzRPiA45V0yv--h8ZIDtJd-wSk9VaKRgAQDok_HUaWBJSTkBpwA03-OYqUixbniktJcg1AR&q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9Xvy44ngxV4JdCED9Lq1K-kQNh3uo5Zk0RIyW5ut30FSXO_rmqfmzO8RqE1B-VGRxxyFh5n9JzRPiA45V0yv--h8ZIDtJd-wSk9VaKRgAQDok_HUaWBJSTkBpwA03-OYqUixbniktJcg1AR&q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~2\IE\searchresultsDx.dll (file missing)

O3 - Toolbar: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~2\IE\searchresultsDx.dll (file missing)

O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe

O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2AD351K705XP:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1

O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [NextLive] C:\Windows\system32\rundll32.exe "C:\Users\Gebruiker\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [GetNowUpdater] "C:\Users\Gebruiker\AppData\Roaming\GetNowUpdater\update.0\bin\GetNowUpdater.exe" /silent_startup

O4 - HKCU\..\Run: [M6] C:\Users\Gebruiker\AppData\Roaming\M6 Processing\M6.exe

O4 - HKCU\..\Run: [vm6] C:\Users\Gebruiker\AppData\Roaming\M6 Processing\vm6.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: Acer VCM.lnk = ?

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Bandoo Media Inc - C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Acer\Registration\GREGsvc.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe

O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Torch Crash Handler (TorchCrashHandler) - TorchMedia Inc. - C:\Users\Gebruiker\AppData\Local\Torch\Update\TorchCrashHandler.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

--

End of file - 13849 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-326445503-1950938359-1181011224-1001Core.job - C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe /c

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-326445503-1950938359-1181011224-1001UA.job - C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec2bae47-25af-4ce9-9e78-10627a49c9ea}]

Movies Toolbar (Dist. by Bandoo Media, Inc.) - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~2\IE\searchresultsDx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{ec2bae47-25af-4ce9-9e78-10627a49c9ea} - Movies Toolbar (Dist. by Bandoo Media, Inc.) - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~2\IE\searchresultsDx.dll []

{eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]

{ae07101b-46d4-4a98-af68-0333ea26e113}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"=C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-03-04 284696]

"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [2010-03-04 496184]

"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2010-06-10 233472]

"LManager"=C:\Program Files\Launch Manager\LManager.exe [2010-08-10 975952]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-11 1733928]

"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2010-06-29 265984]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-07-08 136216]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-07-08 171032]

"Persistence"=C:\Windows\system32\igfxpers.exe [2010-07-08 169496]

"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2010-06-11 715296]

"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN []

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-02-12 43848]

"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208]

""= []

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

"mobilegeni daemon"=C:\Program Files\Mobogenie\DaemonProcess.exe []

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2014-01-17 421888]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2014-05-26 152392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"=C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 136176]

"HP Photosmart 6520 series (NET)"=C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2012-05-08 1818472]

"iCloudServices"=C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [2013-11-20 59720]

"ApplePhotoStreams"=C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2013-11-20 59720]

"NextLive"=C:\Users\Gebruiker\AppData\Roaming\newnext.me\nengine.dll [2014-01-06 1283584]

"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-05-08 21444224]

"GetNowUpdater"=C:\Users\Gebruiker\AppData\Roaming\GetNowUpdater\update.0\bin\GetNowUpdater.exe /silent_startup []

"M6"=C:\Users\Gebruiker\AppData\Roaming\M6 Processing\M6.exe []

"vm6"=C:\Users\Gebruiker\AppData\Roaming\M6 Processing\vm6.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2010-04-21 227328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2014-07-05 11:22:27 ----D---- C:\rsit

2014-07-05 11:22:27 ----D---- C:\Program Files\trend micro

2014-07-05 01:49:58 ----D---- C:\Program Files\Enigma Software Group

2014-07-05 01:49:04 ----D---- C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP

2014-07-05 01:48:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2014-07-04 19:30:03 ----HD---- C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp

2014-06-23 10:43:39 ----D---- C:\Program Files\Common Files\Skype

2014-06-01 10:53:19 ----D---- C:\Program Files\iPod

2014-06-01 10:53:08 ----D---- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-06-01 10:53:08 ----D---- C:\Program Files\iTunes

2014-05-15 01:09:14 ----D---- C:\Program Files\Common Files\DESIGNER

2014-04-17 10:55:16 ----D---- C:\Program Files\CCleaner

2014-04-17 10:18:18 ----A---- C:\AVScanner.ini

2014-04-16 22:18:47 ----D---- C:\ProgramData\Iminent

2014-04-16 22:18:38 ----D---- C:\Users\Gebruiker\AppData\Roaming\Iminent

2014-04-14 13:22:26 ----D---- C:\Windows\Sun

2014-04-14 13:21:54 ----D---- C:\ProgramData\Oracle

2014-04-14 13:21:23 ----D---- C:\ProgramData\Sun

======List of files/folders modified in the last 3 months======

2014-07-05 11:22:30 ----D---- C:\Windows\Temp

2014-07-05 11:22:27 ----RD---- C:\Program Files

2014-07-05 11:16:14 ----D---- C:\Windows

2014-07-05 11:01:54 ----D---- C:\Windows\SoftwareDistribution

2014-07-05 11:01:05 ----A---- C:\Windows\system32\log.txt

2014-07-05 11:00:14 ----D---- C:\Users\Gebruiker\AppData\Roaming\Skype

2014-07-05 10:59:43 ----D---- C:\Windows\Prefetch

2014-07-05 10:59:24 ----D---- C:\Users\Gebruiker\AppData\Roaming\newnext.me

2014-07-05 10:59:12 ----D---- C:\Windows\system32\config

2014-07-05 10:59:10 ----HD---- C:\ProgramData

2014-07-05 10:59:01 ----D---- C:\ProgramData\TorchCrashHandler

2014-07-05 10:59:00 ----A---- C:\Windows\system32\rpcnetp.dll

2014-07-05 10:59:00 ----A---- C:\Windows\system32\rpcnet.dll

2014-07-05 10:58:42 ----A---- C:\Windows\system32\rpcnetp.exe

2014-07-05 02:30:07 ----SHD---- C:\Windows\Installer

2014-07-05 02:30:03 ----D---- C:\Windows\system32\Tasks

2014-07-05 02:30:00 ----D---- C:\Windows\System32

2014-07-05 02:29:30 ----D---- C:\Windows\system32\drivers

2014-07-05 02:29:15 ----SHD---- C:\System Volume Information

2014-07-05 01:48:57 ----D---- C:\Program Files\Common Files

2014-07-04 19:37:50 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2014-07-04 16:33:27 ----D---- C:\Windows\inf

2014-06-24 13:21:12 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-06-23 10:43:42 ----D---- C:\ProgramData\Skype

2014-06-23 10:43:39 ----RD---- C:\Program Files\Skype

2014-06-14 15:38:52 ----D---- C:\Windows\debug

2014-06-12 08:53:06 ----D---- C:\ProgramData\Microsoft Help

2014-06-12 08:52:17 ----D---- C:\Windows\system32\MRT

2014-06-12 08:48:59 ----A---- C:\Windows\system32\MRT.exe

2014-06-10 10:02:28 ----D---- C:\Windows\system32\catroot2

2014-06-01 10:53:19 ----D---- C:\Program Files\Common Files\Apple

2014-04-20 10:34:50 ----SD---- C:\Users\Gebruiker\AppData\Roaming\Microsoft

2014-04-17 16:18:59 ----D---- C:\Windows\system32\DriverStore

2014-04-17 16:18:19 ----D---- C:\ProgramData\Norton

2014-04-17 15:03:58 ----RSD---- C:\Windows\assembly

2014-04-17 11:00:33 ----D---- C:\Windows\Panther

2014-04-17 11:00:32 ----D---- C:\Windows\Logs

2014-04-17 10:41:07 ----D---- C:\Windows\Tasks

2014-04-17 09:38:22 ----D---- C:\Program Files\Brother

2014-04-17 09:38:18 ----HD---- C:\Program Files\InstallShield Installation Information

2014-04-17 09:37:28 ----D---- C:\Windows\system32\catroot

2014-04-17 00:33:05 ----D---- C:\ProgramData\Datamngr

2014-04-16 22:17:27 ----HD---- C:\Windows\system32\GroupPolicy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-04 435736]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-06-19 173440]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]

R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files\Movies Toolbar\Datamngr\setmgrc1.cfg [2014-04-09 31096]

R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 55040]

R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-12-31 295936]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]

R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-18 11032]

R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2010-06-03 3764800]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2010-04-15 520760]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 HECI;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-09-17 41088]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-04-21 8746496]

R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2010-06-25 68208]

R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-28 15360]

R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-11 243248]

R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-04-28 15360]

R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 165376]

R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 78336]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]

S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]

S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]

S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2010-06-10 25600]

S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-07-15 1906024]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]

S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]

S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393216]

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]

S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-25 294952]

S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-06-25 88616]

S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-06-25 111144]

S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-06-25 33320]

S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-06-25 18728]

S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]

S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 10752]

S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]

S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []

S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]

S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]

S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]

S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]

S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-12-13 45056]

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]

S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-02-12 43336]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-25 656672]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2010-08-10 321104]

R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]

R2 GREGService;GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-07-01 325656]

R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-29 255744]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]

R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]

R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\system32\rpcnet.exe [2013-03-12 69792]

R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]

R2 TorchCrashHandler;Torch Crash Handler; C:\Users\Gebruiker\AppData\Local\Torch\Update\TorchCrashHandler.exe [2013-07-30 1207648]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]

R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]

R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-11 247968]

R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2014-05-26 553288]

S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-11 193696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 DatamngrCoordinator;Datamngr Coordinator; C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [2014-04-09 3545088]

S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-19 136176]

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-04 262320]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-19 136176]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-10 1343400]

-----------------EOF-----------------

[kape]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {ec2bae47-25af-4ce9-9e78-10627a49c9ea};c
 {ae07101b-46d4-4a98-af68-0333ea26e113};c
 {eec0f710-38b5-4aba-99bf-ec87564a4e13};c
 C:\Program Files\Microsoft\BingBar;fs
 mobilegeni daemon;s
 C:\Program Files\Mobogenie;fs
 NextLive;s
 C:\Users\Gebruiker\AppData\Roaming\newnext.me;fs
 C:\Program Files\Movies Toolbar;fs
 DatamngrCoordinator;s
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec2bae47-25af-4ce9-9e78-10627a49c9ea}],r
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
 ""=-;r
"mobilegeni daemon"=-;r
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
 "NextLive"=-;r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera];r
C:\Program Files\Enigma Software Group;fs
2014-07-05 01:49:04 ----D---- C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP;fs
 C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1;fs
 C:\ProgramData\Iminent;fs
C:\Users\Gebruiker\AppData\Roaming\Iminent;fs
 C:\ProgramData\Datamngr;fs
  emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "More options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht als bijlage.
  

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  

[Louis]

zie zoek result in bijlage

zoek-results.txt

[kape]

Dubbelklik op Zoek.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

 
 C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP;fs
 [HKEY_USERS\S-1-5-21-326445503-1950938359-1181011224-1001\Software\Microsoft\Windows\CurrentVersion\Run];r
 "GetNowUpdater"=-;r
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
 "mobilegeni daemon"=-;r
 C:\Program Files\Mobogenie;fs
 C:\Users\Gebruiker\AppData\Roaming\GetNowUpdater;fs
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
 "GetNowUpdater"=-;r
 CHRdefaults;

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht als bijlage.
  

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  

[Louis]

Beste, heb via fb scan gedaan met resultaat, zie kopie;

F-Secure Online Scanner heeft 1 van 1 schadelijke bestanden opgespoord en verwijderd:

• Trojan:JS/Kilim
  
  

Deze scans zorgen dat Facebook veilig blijft, dus bedankt voor je geduld. Onthoud: download en gebruik alleen programma's van bronnen die je vertrouwt om je computer te beschermen tegen malware. Lees meer.

Met dank voor de snelle reacties/support.

Groet

Louis

[kape]

Dat is mooi van F-secure ... maar in de opdracht uit bericht 4 waren meer ongewenste bestanden verwerkt, die nog moesten aangepakt worden. Wil je dat nog even uitvoeren ? Dan kunnen we meteen in het logje zin of F-secure deze ook opgeruimd heeft ?

[Louis]

[ATTACH]33565[/ATTACH]

zoek.exe gedaan, run script gaf boodschap "te weinig content" en dan quick scan laten lopen. Dank u voor de opvolging. Log ingesloten. mvg louis

zoek-results 6 juli.txt

[kape]

Dit deel van de opdracht heb je niet uitgevoerd ... wat noodzakelijk is om nog een aantal ongewenste items te verwijderen (waar ook F-Secure niets mee gedaan heeft:

• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP;fs

[HKEY_USERS\S-1-5-21-326445503-1950938359-1181011224-1001\Software\Microsoft\Windows\CurrentVersion\Run];r

"GetNowUpdater"=-;r

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r

"mobilegeni daemon"=-;r C:\Program Files\Mobogenie;fs

C:\Users\Gebruiker\AppData\Roaming\GetNowUpdater;fs

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r

"GetNowUpdater"=-;r

CHRdefaults;

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  

Voer dit nog eens uit met zoek.exe en hang daarvan het nieuwe log in je volgende bericht.

[Louis]

[ATTACH]33571[/ATTACH]

zoek-results 6juli (2).txt

[kape]

Download AdwCleaner by Xplode naar het bureaublad.

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik op Scan.
  
• Klik vervolgens op Clean.
  
• Klik bij Herstarten Noodzakelijk op OK
  

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[s0].txt.

Logbestand plaatsen

• Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[s0].txt als bijlage toe aan het volgende bericht.
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.