logje nakijken graag!!

jasper

05-08-2013 22:47

Graag logjes nakijken.
Ik gebruik ccCleaner en heb laatste updates van alles. toch liep mn explorer vaak vast na wat gedownloade bestanden.
Verder vind ik het fijn om na al die tijd weer eens te kijken of alles schoon is, vandaar mijn logje;)
Eset online scanner vond btw niks.
Alvast reuze bedankt!!
Mbam en hijack this log staan hieronder.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Supervisor at 2013-08-05 22:38:24
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 28 GB (27%) free of 102 GB
Total RAM: 4095 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:38:29, on 5-8-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Supervisor.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe” -s
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-21-3116784316-362696581-2426180777-1004\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-3116784316-362696581-2426180777-1004\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra ‘Tools’ menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/canvasx.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://navigram.com/engine/v1140/Navigram.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://fotosnelservice.hema.nl/xupload/XUpload.ocx
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 16511 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
“C:\Windows\system32\nvvsvc.exe”
“C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe”
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2d8
“C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe”
C:\Windows\system32\svchost.exe -k NetworkService
“C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\WLANExt.exe 31037008
\??\C:\Windows\system32\conhost.exe "-623488649-51578114-1560428449-14536584513234873555334653-696304701133050120
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {0DC6C096-5BE2-4D42-9B73-F4E72099C562}
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
C:\Windows\system32\svchost.exe -k apphost
“C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”
“C:\Program Files\Bonjour\mDNSResponder.exe”
“C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe”
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
“taskhost.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe”
“C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe”
“C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe”
“C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe”
C:\Windows\system32\svchost.exe -k iissvcs
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
WLIDSvcM.exe 2776
“C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe” /TUStart /pid:2712
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-7436e8da-c307-4caf-829b-b567572cd1ef -SystemEventPortName:HostProcess-1c482428-eb8b-4f30-9dde-4d31ec2e08f0 -IoCancelEventPortName:HostProcess-f2f03492-7df1-4ef8-908b-473e3e803cbc -NonStateChangingEventPortName:HostProcess-69788715-5262-470d-a085-05ca9074346d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b2f2aaac-cec1-4ba6-bc22-e2d6e22e33e9 -DeviceGroupId:WpdFsGroup
“C:\Windows\WindowsMobile\wmdc.exe”
“C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice
C:\Windows\system32\svchost.exe -k WindowsMobile
“C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe”
“C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”
“C:\Program Files (x86)\Samsung\Kies\Kies.exe” /preload
“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe” -s
“C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe” -s
“C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe” -r
“C:\Windows\System32\rundll32.exe” P17RunE.dll,RunDLLEntry
“C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe”
“C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
“C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE”
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
taskeng.exe {1A2B0CBF-97C9-4187-A9E1-15C00C2899A0}
“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe”
“C:\Program Files\Internet Explorer\iexplore.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4508 CREDAT:78849 /prefetch:2
C:\Windows\System32\svchost.exe -k WerSvcGroup
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4508 CREDAT:209935 /prefetch:2
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4508 CREDAT:537640 /prefetch:2
“C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe” disp
\??\C:\Windows\system32\conhost.exe "-33089929588465352-297330910863429629-38627281714335034810309148151653426637
“C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe” “/base-dir=C:\Program Files (x86)\ESET\ESET Online Scanner” /lang=1033 /as
C:\Windows\System32\svchost.exe -k secsvcs
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4508 CREDAT:144460 /prefetch:2
“C:\Users\Supervisor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOUCFHCZ\RSITx64.exe”
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
“Windows Mobile Device Center”=C:\Windows\WindowsMobile\wmdc.exe
“AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
“egui”=C:\Program Files\ESET\ESET Smart Security\egui.exe
“Nvtmru”=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
“KiesPDLR”=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
“KiesPreload”=C:\Program Files (x86)\Samsung\Kies\Kies.exe
“”=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
“TomTomHOME.exe”=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
“HDAudDeck”=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
“”=
“SwitchBoard”=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
“AdobeCS6ServiceManager”=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
“P17RunE”=RunDll32 P17RunE.dll,RunDLLEntry
“APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
“KiesTrayAgent”=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Sitecom Wireless Utility.lnk - C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe
C:\Windows\system32\igfxdev.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave5”=wdmaud.drv
“midi5”=wdmaud.drv
“mixer5”=wdmaud.drv
“wave3”=wdmaud.drv
“midi3”=wdmaud.drv
“mixer3”=wdmaud.drv
“wave4”=wdmaud.drv
“midi4”=wdmaud.drv
“mixer4”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2013-08-05 22:38:25 —-D—- C:\Program Files\trend micro
2013-08-05 22:38:24 —-D—- C:\rsit
2013-08-05 22:32:52 —-D—- C:\Program Files (x86)\ESET
2013-07-22 12:24:31 —-D—- C:\Program Files\CCleaner
2013-07-16 12:02:23 —-D—- C:\Program Files (x86)\TomTom HOME 2
2013-07-16 11:20:13 —-D—- C:\Program Files (x86)\AGEIA Technologies
2013-07-16 11:17:21 —-A—- C:\Windows\SYSWOW64\nvopencl.dll
2013-07-16 11:17:21 —-A—- C:\Windows\SYSWOW64\nvoglv32.dll
2013-07-16 11:17:21 —-A—- C:\Windows\SYSWOW64\NvIFR.dll
2013-07-16 11:17:21 —-A—- C:\Windows\SYSWOW64\NvFBC.dll
2013-07-16 11:17:21 —-A—- C:\Windows\SYSWOW64\nvcuvid.dll
2013-07-16 11:17:21 —-A—- C:\Windows\SYSWOW64\nvcuvenc.dll
2013-07-16 11:17:21 —-A—- C:\Windows\SYSWOW64\nvcuda.dll
2013-07-16 11:17:21 —-A—- C:\Windows\system32\nvopencl.dll
2013-07-16 11:17:21 —-A—- C:\Windows\system32\nvoglv64.dll
2013-07-16 11:17:21 —-A—- C:\Windows\system32\NvIFR64.dll
2013-07-16 11:17:21 —-A—- C:\Windows\system32\NvFBC64.dll
2013-07-16 11:17:21 —-A—- C:\Windows\system32\nvdispgenco6432049.dll
2013-07-16 11:17:21 —-A—- C:\Windows\system32\nvdispco6432049.dll
2013-07-16 11:17:21 —-A—- C:\Windows\system32\nvd3dumx.dll
2013-07-16 11:17:21 —-A—- C:\Windows\system32\nvcuvid.dll
2013-07-16 11:17:21 —-A—- C:\Windows\system32\nvcuvenc.dll
2013-07-16 11:17:21 —-A—- C:\Windows\system32\nvcuda.dll
2013-07-16 11:17:21 —-A—- C:\Windows\system32\drivers\nvlddmkm.sys
2013-07-16 11:17:20 —-A—- C:\Windows\SYSWOW64\nvcompiler.dll
2013-07-16 11:17:20 —-A—- C:\Windows\system32\nvcompiler.dll
2013-07-13 03:01:09 —-D—- C:\Windows\system32\MRT
2013-07-11 19:15:04 —-D—- C:\Program Files (x86)\HEMA Fotoservice
2013-07-10 23:37:41 —-A—- C:\Windows\SYSWOW64\ieui.dll
2013-07-10 23:37:40 —-A—- C:\Windows\system32\ieui.dll
2013-07-10 23:37:39 —-A—- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-07-10 23:37:39 —-A—- C:\Windows\SYSWOW64\iesysprep.dll
2013-07-10 23:37:39 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2013-07-10 23:37:39 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2013-07-10 23:37:39 —-A—- C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 23:37:39 —-A—- C:\Windows\system32\iesysprep.dll
2013-07-10 23:37:39 —-A—- C:\Windows\system32\iesetup.dll
2013-07-10 23:37:39 —-A—- C:\Windows\system32\iernonce.dll
2013-07-10 23:37:39 —-A—- C:\Windows\system32\ie4uinit.exe
2013-07-10 23:37:38 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2013-07-10 23:37:38 —-A—- C:\Windows\system32\iertutil.dll
2013-07-10 23:37:37 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2013-07-10 23:37:36 —-A—- C:\Windows\SYSWOW64\jscript.dll
2013-07-10 23:37:36 —-A—- C:\Windows\system32\msfeeds.dll
2013-07-10 23:37:36 —-A—- C:\Windows\system32\jscript.dll
2013-07-10 23:37:35 —-A—- C:\Windows\system32\jscript9.dll
2013-07-10 23:37:34 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2013-07-10 23:37:33 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2013-07-10 23:37:33 —-A—- C:\Windows\system32\urlmon.dll
2013-07-10 23:37:31 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2013-07-10 23:37:31 —-A—- C:\Windows\system32\jsproxy.dll
2013-07-10 23:37:30 —-A—- C:\Windows\SYSWOW64\wininet.dll
2013-07-10 23:37:30 —-A—- C:\Windows\system32\wininet.dll
2013-07-10 23:37:27 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2013-07-10 23:37:24 —-A—- C:\Windows\system32\ieframe.dll
2013-07-10 23:37:23 —-A—- C:\Windows\system32\mshtml.dll
2013-07-10 23:37:18 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2013-07-10 13:00:43 —-D—- C:\ProgramData\fotofabriekSoftware
2013-07-10 13:00:43 —-D—- C:\Program Files (x86)\fotofabriekSoftware
2013-07-10 12:56:18 —-A—- C:\Windows\SYSWOW64\qedit.dll
2013-07-10 12:56:18 —-A—- C:\Windows\system32\qedit.dll
2013-07-10 12:56:17 —-A—- C:\Windows\SYSWOW64\WMVDECOD.DLL
2013-07-10 12:56:17 —-A—- C:\Windows\system32\WMVDECOD.DLL
2013-07-10 12:56:13 —-A—- C:\Windows\system32\win32k.sys
2013-07-10 12:55:44 —-A—- C:\Windows\SYSWOW64\DWrite.dll
2013-07-10 12:55:44 —-A—- C:\Windows\system32\DWrite.dll
2013-07-09 11:13:21 —-D—- C:\Users\Supervisor\AppData\Roaming\ihelper
======List of files/folders modified in the last 1 month======
2013-08-05 22:38:25 —-D—- C:\Program Files
2013-08-05 22:38:07 —-D—- C:\Windows
2013-08-05 22:38:00 —-D—- C:\Windows\Temp
2013-08-05 22:36:29 —-D—- C:\Users\Supervisor\AppData\Roaming\Media Player Classic
2013-08-05 22:36:27 —-D—- C:\Windows\inf
2013-08-05 22:36:24 —-D—- C:\Windows\SoftwareDistribution
2013-08-05 22:36:16 —-D—- C:\Windows\system32\Tasks
2013-08-05 22:35:27 —-D—- C:\ProgramData\NVIDIA
2013-08-05 22:32:53 —-D—- C:\Windows\Downloaded Program Files
2013-08-05 22:32:52 —-RD—- C:\Program Files (x86)
2013-08-05 22:28:18 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 22:28:15 —-D—- C:\Windows\system32\drivers
2013-08-05 22:17:54 —-D—- C:\Users\Supervisor\AppData\Roaming\Winamp
2013-08-05 21:51:43 —-D—- C:\Windows\system32\config
2013-08-05 18:50:05 —-D—- C:\Windows\Prefetch
2013-08-05 18:48:56 —-D—- C:\Windows\system32\drivers\UMDF
2013-08-02 23:10:08 —-SHD—- C:\System Volume Information
2013-08-02 10:01:07 —-SHD—- C:\Windows\Installer
2013-08-02 10:01:01 —-D—- C:\Program Files (x86)\Google
2013-07-31 22:03:09 —-D—- C:\Windows\system32\catroot2
2013-07-25 10:02:43 —-D—- C:\Windows\System32
2013-07-25 10:02:43 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-07-24 11:25:53 —-D—- C:\Windows\system32\catroot
2013-07-24 11:25:52 —-D—- C:\Windows\system32\DriverStore
2013-07-24 11:04:54 —-D—- C:\ProgramData\Sony Ericsson
2013-07-24 11:04:45 —-D—- C:\Program Files (x86)\Sony Ericsson
2013-07-24 10:59:57 —-HD—- C:\Program Files (x86)\InstallShield Installation Information
2013-07-22 12:21:47 —-D—- C:\Program Files (x86)\CCleaner Professional
2013-07-18 22:24:08 —-D—- C:\Users\Supervisor\AppData\Roaming\fotofabriekSoftware
2013-07-16 22:23:10 —-D—- C:\Windows\SysWOW64
2013-07-16 11:20:39 —-D—- C:\Program Files (x86)\NVIDIA Corporation
2013-07-16 11:19:54 —-D—- C:\Temp
2013-07-14 11:12:53 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-07-13 08:58:40 —-D—- C:\Windows\debug
2013-07-11 19:18:10 —-HD—- C:\ProgramData
2013-07-11 19:16:10 —-D—- C:\Windows\winsxs
2013-07-11 09:51:05 —-RSD—- C:\Windows\assembly
2013-07-11 09:51:05 —-D—- C:\Windows\Microsoft.NET
2013-07-11 09:27:00 —-D—- C:\Windows\Panther
2013-07-11 09:14:02 —-D—- C:\Program Files\Windows Defender
2013-07-11 09:14:02 —-D—- C:\Program Files (x86)\Windows Defender
2013-07-11 09:14:02 —-D—- C:\Program Files (x86)\Internet Explorer
2013-07-11 09:14:01 —-D—- C:\Program Files\Internet Explorer
2013-07-11 09:13:58 —-D—- C:\Program Files\Windows Journal
2013-07-11 09:13:50 —-D—- C:\Program Files\Microsoft Silverlight
2013-07-11 09:13:49 —-D—- C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 23:46:55 —-D—- C:\ProgramData\Microsoft Help
2013-07-10 23:30:40 —-D—- C:\Program Files (x86)\Mozilla Firefox
2013-07-10 23:30:00 —-A—- C:\Windows\win.ini
2013-07-10 13:02:04 —-D—- C:\ProgramData\CodedColor Common
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys
R3 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28ux.sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys
R3 P17;SB 5.1 VX; C:\Windows\system32\drivers\P17.sys
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 Pcouffin64;Low level access layer for CD devices; C:\Windows\System32\Drivers\pcouffin64a.sys
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys
S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
R2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
R2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
R2 RalinkRegistryWriter64;Ralink Registry Writer 64; C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe
S2 PCLEPCI;PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe
S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.08.05.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Supervisor :: SUPERVISOR-PC
5-8-2013 22:36:45
mbam-log-2013-08-05 (22-36-45).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 269897
Verstreken tijd: 4 minuut/minuten, 57 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
fazantje

05-08-2013 23:05

Hoi Jasper,
Zou je ook het logje van ADWcleaner willen plaatsen. (zie punt 2 van het stappenplan)
Deze zal zeker de nodige verwijderingen doen en die wil ik graag zien.
Na het plaatsen van ADW kunnen we verder kijken.
Succes,
Huib;)
jasper

05-08-2013 23:17

# AdwCleaner v2.306 - Verslag gemaakt op 05/08/2013 om 23:12:39
# Geactualiseerd op 19/07/2013 door Xplode
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Gebruiker : Supervisor - SUPERVISOR-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Supervisor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFN1QZ7Z\adwcleaner.exe
# Optie
***** *****
***** *****
File Verwijderd : C:\user.js
Map Verwijderd : C:\Program Files (x86)\Conduit
Map Verwijderd : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Map Verwijderd : C:\ProgramData\Babylon
Map Verwijderd : C:\ProgramData\Trymedia
Map Verwijderd : C:\Users\Supervisor\AppData\Local\Babylon
Map Verwijderd : C:\Users\Supervisor\AppData\Local\Conduit
Map Verwijderd : C:\Users\Supervisor\AppData\Local\Ilivid Player
Map Verwijderd : C:\Users\Supervisor\AppData\Local\PackageAware
Map Verwijderd : C:\Users\Supervisor\AppData\LocalLow\AskToolbar
Map Verwijderd : C:\Users\Supervisor\AppData\LocalLow\Conduit
Map Verwijderd : C:\Users\Supervisor\AppData\LocalLow\PriceGong
***** *****
Sleutel Verwijderd : HKCU\Software\1ClickDownload
Sleutel Verwijderd : HKCU\Software\APN PIP
Sleutel Verwijderd : HKCU\Software\AppDataLow\AskToolbarInfo
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\AskToolbar
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Crossrider
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\PriceGong
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartBar
Sleutel Verwijderd : HKCU\Software\Ask.com
Sleutel Verwijderd : HKCU\Software\Cr_Installer
Sleutel Verwijderd : HKCU\Software\IM
Sleutel Verwijderd : HKCU\Software\InstallCore
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Sleutel Verwijderd : HKCU\Software\PIP
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar
Sleutel Verwijderd : HKLM\Software\Babylon
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT3242338
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Sleutel Verwijderd : HKLM\Software\Conduit
Sleutel Verwijderd : HKLM\Software\Funmoods
Sleutel Verwijderd : HKLM\Software\Iminent
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Sleutel Verwijderd : HKLM\Software\PIP
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
***** *****
-\\ Internet Explorer v10.0.9200.16635
Het register bevat geen enkele ongeoorloofde invoer.
-\\ Google Chrome v28.0.1500.95
File : C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Preferences
Verwijderd : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&
Verwijderd : homepage = "hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0C
Verwijderd : urls_to_restore_on_startup =
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
fazantje

05-08-2013 23:28

Hoi Jasper,
Dat bedoel ik;)
Mooie opruiming van de nodige advertentie rotzooi.
Download zoek.exe naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze in conflict komen met zoek.exe
Dubbelklik op Zoek.exe om de tool te starten.
Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster.
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
firefoxlook;
standardsearch;
filesrcm;
autoclean;
startupall;
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.
Vertel gelijk hoe het nu is met jou probleem.
Succes,
Huib;
jasper

05-08-2013 23:47

Zoek.exe Version 4.0.0.4 Updated 31-07-2013
Tool run by Supervisor on ma 05-08-2013 at 23:33:35,73.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Supervisor\Desktop\zoek.exe
==== System Restore Info ======================
5-8-2013 23:34:43 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample_05-08-2013_2338.zip ======================
Process rundll32.exe killed
Copied file C:\Users\Supervisor\AppData\Local\patchYDG.exe to sample\patchYDG.exe
sample\patchYDG.exe renamed to 943F1E446C1AD33D6310979C861B7780
C:\Users\Public\Desktop\sample_05-08-2013_2338.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3116784316-362696581-2426180777-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6037046D-6F64-4F75-A12E-0BE550D75ED6} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\Supervisor\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Supervisor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
prefs.js not found
—- Lines funmoods removed from prefs.js —-
—- Lines funmoods modified from prefs.js —-
—- Lines funmoods removed from user.js —-
user_pref(“extensions.funmoods.hmpg”, true);
user_pref(“extensions.funmoods.hmpgUrl”, “http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0CtDtB0CzzzyyCtB0F0AtN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1454746493”);
user_pref(“extensions.funmoods.dfltSrch”, true);
user_pref(“extensions.funmoods.srchPrvdr”, “Search”);
user_pref(“extensions.funmoods.dnsErr”, true);
user_pref(“extensions.funmoods_i.newTab”, true);
user_pref(“extensions.funmoods.newTabUrl”, “http://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0CtDtB0CzzzyyCtB0F0AtN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1454746493”);
user_pref(“extensions.funmoods.tlbrSrchUrl”, “http://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0CtDtB0CzzzyyCtB0F0AtN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1454746493&q=”);
user_pref(“extensions.funmoods.id”, “E0CB4EC02C8962FA”);
user_pref(“extensions.funmoods.instlDay”, “15633”);
user_pref(“extensions.funmoods.vrsn”, “1.5.23.22”);
user_pref(“extensions.funmoods.vrsni”, “1.5.23.22”);
user_pref(“extensions.funmoods_i.vrsnTs”, “1.5.23.2221:47:44”);
user_pref(“extensions.funmoods.prtnrId”, “funmoods”);
user_pref(“extensions.funmoods.prdct”, “funmoods”);
user_pref(“extensions.funmoods.aflt”, “iron2”);
user_pref(“extensions.funmoods_i.smplGrp”, “none”);
user_pref(“extensions.funmoods.tlbrId”, “base”);
user_pref(“extensions.funmoods.instlRef”, “iron2”);
user_pref(“extensions.funmoods.dfltLng”, “”);
user_pref(“extensions.funmoods.excTlbr”, false);
user_pref(“extensions.funmoods.autoRvrt”, false);
user_pref(“extensions.funmoods.envrmnt”, “production”);
user_pref(“extensions.funmoods.isdcmntcmplt”, true);
user_pref(“extensions.funmoods.mntrvrsn”, “1.3.0”);
—- FireFox user.js and prefs.js backups —-
user_05-08-2013_2339_.backup
==== Deleting Files \ Folders ======================
“C:\Users\Supervisor\AppData\Local\patchYDG.exe” deleted
“C:\Users\Supervisor\AppData\Roaming\Temp” deleted
“C:\Program Files (x86)\FoxTabPDFConverter” deleted
“C:\Users\Supervisor\AppData\Roaming\ihelper” deleted
“C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader” deleted
“C:\Users\Supervisor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com” deleted
==== System Specs ======================
Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4096 MB
CPU Info: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
CPU Speed: 2982,8 MHz
Sound Card: Luidsprekers (SB 5.1 VX) |
Luidsprekers (VIA High Definiti |
SPDIF Interface (TX0) (VIA High |
Display Adapters: NVIDIA GeForce GT 240 | NVIDIA GeForce GT 240 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Sitecom Wireless Micro USB Adapter 300N X3 WL-364 | Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SH-S223C
Ports: COM1 LPT1
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C: 100,0GB | D: 496,1GB | F: 232,9GB
Hard Disks - Free: C: 28,1GB | D: 78,9GB | F: 77,8GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 10/16/09 | A_M_I_ - 10000916
Time Zone: West-Europa (standaardtijd)
Motherboard *: ASUSTeK Computer INC. P5KPL-AM EPU
Internet Explorer Version: 10.0.9200.16635
Sun Java version: 1.7.0_25
Country: Nederland
Language: NLD
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\SUPERV~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-08-05 16:49:00 D41D8CD98F00B204E9800998ECF8427E 0 —ha-w- C:\Windows\Sysnative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-07-16 09:17:21 EE6B7B6A54BCAFF516E30B1C15467495 11235104 —-a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-08-05 20:38:25 ——– d—–w- C:\Program Files\trend micro
======= C:\Program Files (x86) =====
2013-08-05 20:32:52 ——– d—–w- C:\Program Files (x86)\ESET
2013-07-16 10:02:23 ——– d—–w- C:\Program Files (x86)\TomTom HOME 2
2013-07-11 17:15:04 ——– d—–w- C:\Program Files (x86)\HEMA Fotoservice
2013-07-10 11:00:43 ——– d—–w- C:\Program Files (x86)\fotofabriekSoftware
======= C: =====
2013-08-05 21:12:39 79FD456BC2036110957F943D3C6D98C1 6588 —-a-w- C:\AdwCleaner.txt
2013-08-05 21:12:25 3295F1F7DC3194E0C8A8245FE8772F5A 6646 —-a-w- C:\AdwCleaner.txt
2013-08-05 21:11:07 23B715027EE2720C18C165A23A8422DB 441 —-a-w- C:\AdwCleaner.txt
2013-08-05 21:10:44 CB7ED5463212A7BA35C3177135B9301A 6527 —-a-w- C:\AdwCleaner.txt
====== C:\Users\Supervisor\AppData\Roaming ======
2013-07-11 17:18:08 ——– d—–w- C:\users\Supervisor\AppData\Local\HEMA Fotoservice
====== C:\Users\Supervisor ======
2013-08-02 08:01:06 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2013-07-16 10:02:29 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2013-07-10 11:00:50 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotofabriekSoftware
2013-07-10 11:00:43 ——– d—–w- C:\ProgramData\fotofabriekSoftware
====== C: exe-files ==
2013-08-05 21:12:15 4C47469F47FD9F8437B62A86F6E0874F 666633 —-a-w- C:\Users\Supervisor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFN1QZ7Z\adwcleaner.exe
2013-08-05 20:38:25 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Supervisor.exe
2013-08-05 20:32:52 CE0D0B11986FD2C0247AE88A59B36A6E 579904 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2013-08-05 20:32:52 BDB7D97012F9B3102DB72AA76A24942A 546944 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2013-08-05 20:32:52 7C9EEC809FB9CDA26EFC245C001EA980 2347384 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2013-08-05 20:32:52 7ABF8849E76732C357F419B1AF5668F2 546944 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2013-08-05 20:32:52 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2013-08-04 09:12:12 687946D047308D252783182F972229A1 2040016 —-a-w- C:\ProgramData\NVIDIA\Updatus\Packages\000044ea\dao.16585357.exe
2013-08-02 08:00:11 B21EBE35B22BE09004D4E5C3EA4BC9F2 25415728 —-a-w- C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\7.1.1.1888\GoogleEarth-Win-Bundle-7.1.1.1888.exe
2013-08-01 21:59:29 EB43F540338470C8FE4AAE8378780CAA 784224 —-a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\28.0.1500.95\28.0.1500.95_28.0.1500.72_chrome_updater.exe
2013-07-31 09:42:51 78013EAD3ADF4FB1EB6C33D3D0B2182D 2004104 —-a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00004447\dao.16557018.exe
=== C: other files ==
2013-08-05 21:38:35 A4DE7A95B4E576EA96A5598AA32C7B78 91327 —-a-w- C:\Users\Public\Desktop\sample_05-08-2013_2338.zip
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“KiesPDLR”=“C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”
“KiesPreload”=“C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload”
@=“C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”
“TomTomHOME.exe”=“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe -s”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“HDAudDeck”=“C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r”
“SwitchBoard”=“C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe”
“AdobeCS6ServiceManager”=“C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“KiesTrayAgent”=“C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe”
“KiesPDLR”=“C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”
“KiesPreload”=“C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload”
@=“C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”
“TomTomHOME.exe”=“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe -s”
==== Startup Registry Enabled x64 ======================
“AdobeAAMUpdater-1.0”=“C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”
“egui”=“C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice”
“Nvtmru”=“C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe”
“Windows Mobile Device Center”=“%windir%\WindowsMobile\wmdc.exe ”
==== Startup Registry Disabled ======================
“Adobe ARM”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“HP Software Update”=“C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe”
“SunJavaUpdateSched”=“\”C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\“”
“iTunesHelper”=“\”C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\“”
==== Startup Folders ======================
2011-02-09 19:40:23 2035 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— :C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\SUPERV~1\AppData\Local\Temp\ccex.crx
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://google.nl/”
New Values:
“Start Page”=“http://google.nl/”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{379DBD7E-977B-39DF-F6CF-2E7F16248A13}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR”
{379DBD7E-977B-39DF-F6CF-2E7F16248A13} Google Url=“http://www.google.nl/search?hl=nl&q={searchTerms}”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
==== HijackThis Entries ======================
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe” -s
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-21-3116784316-362696581-2426180777-1004\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-3116784316-362696581-2426180777-1004\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘DefaultAppPool’)
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘DefaultAppPool’)
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra ‘Tools’ menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/canvasx.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://navigram.com/engine/v1140/Navigram.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://fotosnelservice.hema.nl/xupload/XUpload.ocx
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Supervisor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Supervisor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Supervisor\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
gedaan!
en nu alles klaar??? is alles “clean”?
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\SUPERV~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ma 05-08-2013 at 23:46:04,33 ======================
fazantje

06-08-2013 00:02

Hoi Jasper,
Je schreef:
>>>gedaan!
en nu alles klaar??? is alles “clean”? <<<
Dat is aan jou(
Hoe is het nu met het probleem:S
Ook zoek exe heeft nog het nodige verwijderd, wat van invloed zou kunnen zijn op het vast lopen van IE.
Groetjes Huib;)
jasper

06-08-2013 00:05

in verkenner blijft een mapje met music heeeeeel traag starten en loopt vast
rest van andere mapjes opent gelijk en speelt af….
misschien geen virus maar iets anders?
bedankt alvast voor alle hulp!!
fazantje

06-08-2013 00:09

Hoi Jasper,
Morgen ga ik verder kijken.
Nu eerst ff proberen te slapen met al dat onweer.
Moet misschien door de bliksem/onweer er vannacht nog uit.
Groetjes Huib;)
Groetjes Huib
jasper

06-08-2013 00:12

BAT/CoinMiner.AL geeft eset nog aan?
fazantje

06-08-2013 00:16

Hoi Jasper,
Download Combofix hier en plaats het op jou bureaublad.
Schakel nu eerst jou virusscanner uit. Deze gaat weer aan nadat computer opnieuw is opgestart.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt
van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
De scan kan, afhankelijk van de besmetting 40 tot wel 100 minuten duren, dus denk niet van hij zit vast.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats in jou volgende bericht het logje van Combofix en vertel hoe het nu gaat.
Succes,
Huib;)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

logje nakijken graag!!

jasper

fazantje

jasper

fazantje

jasper

fazantje

jasper

fazantje

jasper

fazantje