hoi
Als ik google crome opstart komt er zins van de week een extra tab bij.
Onderaan staat foxtab. dit heb ik verwijderd via programma en onderdelen verwijderen cofriguratie.
Ik heb windows 7.
alvast bedankt
en hier de gevraagde logjes
gr Mar
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gebruiker at 2014-02-01 22:29:18
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 248 GB (75%) free of 333 GB
Total RAM: 4055 MB (12% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:29:26, on 1-2-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Program Files (x86)\Spotnet\Spotnet.exe
C:\Program Files (x86)\Spotnet\SABnzbd.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Gebruiker.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0734d757-fea6-4637-a7e4-2bd40a7fd8da} - (no file)
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
O4 - HKCU\..\Run: “C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe”
O4 - HKCU\..\Run: C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - e:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - e:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 12548 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
“C:\Windows\system32\nvvsvc.exe”
“C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe”
C:\Windows\system32\svchost.exe -k RPCSS
“c:\Program Files\Microsoft Security Client\MsMpEng.exe”
“C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe”
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
“C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”
“taskhost.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files\Bonjour\mDNSResponder.exe”
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
“e:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe”
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
“C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe”
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
“C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe” /TUStart /pid:2584
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
WLIDSvcM.exe 2668
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-512b507a-498b-48b4-b219-ef36ce4059d9 -SystemEventPortName:HostProcess-6fbdd585-d74c-4b28-8587-521d1d1d2ddb -IoCancelEventPortName:HostProcess-e9321725-13a9-4d3e-b65d-5b3cd1ca88bd -NonStateChangingEventPortName:HostProcess-af4095e4-b3b3-4298-a163-1f9e8aa8aac9 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3e934d45-06bb-43a1-8a91-301d2be98f5b -DeviceGroupId:WpdFsGroup
“C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1
“C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
“C:\Program Files\Windows Sidebar\sidebar.exe” /autoRun
“C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE”
“C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
“C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe”
“C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE”
“C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
“C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe”
“C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe” -CtxID “#Hewlett-Packard#HP Photosmart B109a-m#1292015772” -Startup
“C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe” -Embedding
“C:\Program Files\Microsoft Office\Office14\GROOVE.EXE” /TrayOnly
“c:\Program Files\Microsoft Security Client\NisSrv.exe”
“C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe” -Embedding
“C:\Program Files (x86)\Nero\Update\NASvc.exe”
“C:\Windows\system32\wuauclt.exe”
“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
“C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe” –channel=5992.7935200.47564920 “C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll” -greomni “C:\Program Files (x86)\Mozilla Firefox\omni.ja” -appomni “C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja” -appdir “C:\Program Files (x86)\Mozilla Firefox\browser” E7CF176E110C211B 5992 “\\.\pipe\gecko-crash-server-pipe.5992” plugin
“C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe” –proxy-stub-channel=Flash1200.5DFFB990.20713 –host-broker-channel=Flash1200.5DFFB990.29921 –host-pid=1200 –host-npapi-version=27 –plugin-path=“C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll”
“C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe” –channel=1632.0037F57C.108464692 –proxy-stub-channel=Flash1200.5DFFB990.20713 –plugin-path=“C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll” –host-npapi-version=27 –type=renderer
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe16_ Global\UsGthrCtrlFltPipeMssGthrPipe16 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”
“C:\Program Files (x86)\Spotnet\Spotnet.exe”
“C:\Program Files (x86)\Spotnet\SABnzbd.exe” -d -f “C:\Users\Gebruiker\AppData\Local\Temp\tmpC967.tmp.ini”
“E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe”
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=gpu-process –channel=“2548.0.2070552936\620462533” –disable-image-transport-surface –supports-dual-gpus=false –gpu-driver-bug-workarounds=0,13,23,28 –gpu-vendor-id=0x10de –gpu-device-id=0x0a23 –gpu-driver-vendor=NVIDIA –gpu-driver-version=9.18.13.1106 –ignored=“ –type=renderer ” /prefetch:822062411
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group1 pct:10a stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_93/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/” –enable-threaded-compositing –enable-delegated-renderer –enable-deadline-scheduling –extension-process –renderer-print-preview –disable-html-notifications –enable-software-compositing –channel=“2548.2.769477142\1722006365” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group1 pct:10a stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_93/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/” –enable-threaded-compositing –enable-delegated-renderer –enable-deadline-scheduling –extension-process –renderer-print-preview –disable-html-notifications –enable-software-compositing –channel=“2548.3.1046517871\1250008978” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group1 pct:10a stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_93/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/” –enable-threaded-compositing –enable-delegated-renderer –enable-deadline-scheduling –extension-process –renderer-print-preview –disable-html-notifications –enable-software-compositing –channel=“2548.4.195051700\1024514748” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group1 pct:10a stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_93/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/” –enable-threaded-compositing –enable-delegated-renderer –enable-deadline-scheduling –extension-process –renderer-print-preview –disable-html-notifications –enable-software-compositing –channel=“2548.5.301164984\1170498633” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=plugin –plugin-path=“C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\30.9_0\background/ChromeUtilPlugin.dll” –lang=nl –channel=“2548.6.538418224\2042404165” /prefetch:-390060480
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group1 pct:10a stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_93/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/” –enable-threaded-compositing –enable-delegated-renderer –enable-deadline-scheduling –renderer-print-preview –disable-html-notifications –enable-software-compositing –channel=“2548.7.1180936459\331295097” /prefetch:673131151
taskeng.exe {524CCF16-7BC0-459D-B6F1-23CF1214BC9A}
C:\Windows\splwow64.exe 12288
“C:\Users\Gebruiker\Desktop\RSITx64.exe”
“C:\Windows\system32\SearchFilterHost.exe” 0 520 524 532 65536 528
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\Digital Sites.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\gisax6ha.default
“Description”=Adobe® Flash® Player 12.0.0.43 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
“Description”=Adobe Shockwave Player
“Path”=C:\Windows\system32\Adobe\Director\np32dsw.dll
“Description”=Google Earth in your browser
“Path”=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
“Description”=Logitech Harmony Remote Plugin
“Path”=C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
“Description”=Office Authorization plug-in for NPAPI browsers
“Path”=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
“Description”=Microsoft SharePoint Plug-in for Firefox
“Path”=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=NVIDIA stereo images plugin for Mozilla browsers
“Path”=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
“Description”=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
“Path”=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
“Description”=Zylom Games Player 1.00
“Path”=C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
“Description”=Adobe® Flash® Player 12.0.0.43 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
“Description”=Office Authorization plug-in for NPAPI browsers
“Path”=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\gisax6ha.default\extensions\
flashbug@coursevector.com
flashfirebug@o-minds.com
flashlight@stephennolan.com.au
plugin@getwebcake.com
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
======Registry dump======
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
“BCSSync”=C:\Program Files\Microsoft Office\Office14\BCSSync.exe
“AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
“MSC”=c:\Program Files\Microsoft Security Client\msseces.exe
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe
“OfficeSyncProcess”=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
“MyTomTomSA.exe”=C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
“GrooveMonitor”=C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
“Skype”=C:\Program Files (x86)\Skype\Phone\Skype.exe
“SwitchBoard”=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
“AdobeCS6ServiceManager”=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
“APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft SharePoint Workspace.lnk - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=0
“ConsentPromptBehaviorUser”=0
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“PromptOnSecureDesktop”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableLinkedConnections”=1
“NoDriveTypeAutoRun”=145
“NoDrives”=0
“NoDrives”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“MSVideo8”=VfWWDM32.dll
“wave5”=wdmaud.drv
“midi5”=wdmaud.drv
“mixer5”=wdmaud.drv
“aux1”=wdmaud.drv
“wave6”=wdmaud.drv
“midi6”=wdmaud.drv
“mixer6”=wdmaud.drv
“aux2”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“wave3”=wdmaud.drv
“midi3”=wdmaud.drv
“mixer3”=wdmaud.drv
“wave4”=wdmaud.drv
“midi4”=wdmaud.drv
“mixer4”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-02-01 20:41:45 —-D—- C:\Program Files\trend micro
2014-02-01 20:41:44 —-D—- C:\rsit
2014-02-01 20:20:29 —-SD—- C:\ComboFix
2014-02-01 20:18:17 —-A—- C:\Windows\MBR.exe
2014-02-01 20:18:16 —-A—- C:\Windows\zip.exe
2014-02-01 20:18:16 —-A—- C:\Windows\SWSC.exe
2014-02-01 20:18:16 —-A—- C:\Windows\SWREG.exe
2014-02-01 20:18:16 —-A—- C:\Windows\sed.exe
2014-02-01 20:18:16 —-A—- C:\Windows\PEV.exe
2014-02-01 20:18:16 —-A—- C:\Windows\NIRCMD.exe
2014-02-01 20:18:16 —-A—- C:\Windows\grep.exe
2014-01-28 20:45:54 —-D—- C:\Users\Gebruiker\AppData\Roaming\FoxTab
2014-01-28 20:45:52 —-D—- C:\Users\Gebruiker\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-01-28 20:45:48 —-D—- C:\Users\Gebruiker\AppData\Roaming\DigitalSites
2014-01-28 20:45:45 —-D—- C:\Program Files (x86)\OpenIt
2014-01-28 20:45:45 —-D—- C:\Program Files (x86)\Foxtab
2014-01-26 14:14:25 —-D—- C:\Users\Gebruiker\AppData\Roaming\aliasworlds
2014-01-25 18:57:08 —-D—- C:\Users\Gebruiker\AppData\Roaming\Logitech
2014-01-25 18:57:06 —-D—- C:\Program Files (x86)\Logitech
2014-01-25 16:41:29 —-D—- C:\Program Files (x86)\Nero
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbuhci.sys
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbport.sys
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbohci.sys
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbhub.sys
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbehci.sys
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbd.sys
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbccgp.sys
2014-01-15 06:12:31 —-A—- C:\Windows\system32\win32k.sys
2014-01-15 06:12:29 —-A—- C:\Windows\system32\drivers\netio.sys
2014-01-13 11:54:58 —-A—- C:\Windows\SYSWOW64\javaws.exe
2014-01-13 11:54:51 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-01-13 11:54:51 —-A—- C:\Windows\SYSWOW64\javaw.exe
2014-01-13 11:54:51 —-A—- C:\Windows\SYSWOW64\java.exe
======List of files/folders modified in the last 1 month======
2014-02-01 22:28:09 —-D—- C:\Windows\temp
2014-02-01 22:16:01 —-D—- C:\Users\Gebruiker\AppData\Roaming\Skype
2014-02-01 20:53:39 —-D—- C:\Windows\system32\config
2014-02-01 20:41:45 —-RD—- C:\Program Files
2014-02-01 20:41:36 —-D—- C:\Windows\system32\Tasks
2014-02-01 20:40:51 —-D—- C:\Windows\Tasks
2014-02-01 20:39:42 —-D—- C:\ProgramData\NVIDIA
2014-02-01 20:38:14 —-D—- C:\Program Files (x86)\SweetIM
2014-02-01 20:18:17 —-D—- C:\Windows
2014-02-01 20:18:06 —-D—- C:\Qoobox
2014-02-01 20:16:18 —-D—- C:\Windows\system32\drivers
2014-02-01 20:15:46 —-D—- C:\Windows\Prefetch
2014-02-01 17:26:02 —-D—- C:\Windows\System32
2014-02-01 17:26:02 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-02-01 17:26:01 —-D—- C:\Windows\inf
2014-02-01 13:27:31 —-SHD—- C:\System Volume Information
2014-02-01 08:45:31 —-D—- C:\Windows\SysWOW64
2014-01-29 12:39:38 —-D—- C:\Windows\Microsoft.NET
2014-01-29 12:39:37 —-RSD—- C:\Windows\assembly
2014-01-28 23:30:48 —-SHD—- C:\Windows\Installer
2014-01-28 23:30:47 —-HD—- C:\Config.Msi
2014-01-28 23:30:42 —-D—- C:\ProgramData\Microsoft Help
2014-01-28 23:30:32 —-A—- C:\Windows\win.ini
2014-01-28 20:46:09 —-RD—- C:\Program Files (x86)
2014-01-28 15:03:25 —-D—- C:\ProgramData
2014-01-28 15:02:47 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-01-28 07:52:13 —-D—- C:\Users\Gebruiker\AppData\Roaming\HpUpdate
2014-01-25 18:57:06 —-HD—- C:\Program Files (x86)\InstallShield Installation Information
2014-01-25 16:44:00 —-D—- C:\Users\Gebruiker\AppData\Roaming\Nero
2014-01-25 16:42:37 —-D—- C:\ProgramData\Nero
2014-01-25 16:41:36 —-D—- C:\Program Files (x86)\Common Files
2014-01-22 06:44:30 —-D—- C:\Windows\system32\catroot2
2014-01-19 19:22:50 —-D—- C:\Program Files (x86)\Spotnet
2014-01-19 08:33:29 —-N—- C:\Windows\system32\MpSigStub.exe
2014-01-15 12:44:10 —-D—- C:\Windows\winsxs
2014-01-15 12:38:40 —-D—- C:\Windows\system32\DriverStore
2014-01-15 06:12:19 —-D—- C:\Windows\system32\catroot
2014-01-13 12:07:32 —-D—- C:\ProgramData\Oracle
2014-01-13 11:54:51 —-D—- C:\Program Files (x86)\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys
R1 RapportCerberus_59849;RapportCerberus_59849; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys
R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys
R3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista; C:\Windows\system32\DRIVERS\netr7364.sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys
R3 RTL8167;Realtek 8167 NT-stuurprogramma; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver; \??\C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS_64.sys
S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys
S3 USB28xxBGA;USB 2861 Device; C:\Windows\system32\DRIVERS\emBDA64.sys
S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe
R2 MBAMScheduler;MBAMScheduler; e:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe
R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe
S2 MBAMService;MBAMService; e:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 APNMCP;Ask-updateservice; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Databaseversie: 7139
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
14-7-2011 19:34:12
mbam-log-2011-07-14 (19-34-12).txt
Scantype: Snelle scan
Objecten gescand: 200612
Verstreken tijd: 7 minuut/minuten, 42 seconde(n)
Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 4
Registerwaarden geïnfecteerd: 6
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 22
Geheugenprocessen geïnfecteerd:
c:\Users\gebruiker\AppData\Roaming\bojrzdv9gm68.exe (Trojan.MSIL) -> 10104 -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{EHU45VX5-G151-CASO-21SQ-KN0X7802056A} (Backdoor.SpyNet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EHU45VX5-G151-CASO-21SQ-KN0X7802056A} (Backdoor.SpyNet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A71VVJ58-803I-108K-15TR-TT78BTKM8854} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A71VVJ58-803I-108K-15TR-TT78BTKM8854} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Graphic Driver (Trojan.MSIL) -> Value: Graphic Driver -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Audio Device (Trojan.MSIL) -> Value: Audio Device -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.SpyNet) -> Value: HKLM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.SpyNet) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.SpyNet) -> Value: HKCU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.SpyNet) -> Value: Policies -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\Users\gebruiker\AppData\Roaming\bojrzdv9gm68.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Roaming\JavaSync.exe (Worm.Rebhip) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\3cdjcbwxewue.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\4heatmkpt4mq.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\4hzlh0l1zrhp.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\cb5redjtie0z.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\cja3vs71jh20.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\glyk7p22vjg5.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\hqsxwr4uvf3i.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\lkaroqjhoppf.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\mk8olpqafji6.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\rfun21bw2d3h.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\w820lblyb5xe.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\wp3dlx4keify.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\zjlpvcbwz9tj.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\zuxe2f4g1jbt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\WinDir\svchost.exe (Backdoor.SpyNet) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\WinDir\svchost.exe (Backdoor.SpyNet) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files (x86)\install\server.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\gebruiker\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.