foxtab

Ben

03-02-2014 13:08

Hallo,
Je mag wel op internet om de stappen uit te voeren, maar je infectie is van dien aard dat het gegevens van je pc kan halen.
Dus een gewaarschuwd mens telt voor twee.
mar

03-02-2014 13:13

goedemiddag
Hoe kan dat .
Ik heb een virusscan en voor de rest niets bijzonders gedaan.
Foxtab is trouwens weg dus hebben jullie een ander probleem gevonden.
gr Mar
Ben

03-02-2014 13:22

mar Schreef:
——————————————————-
> goedemiddag
> Hoe kan dat .
> Ik heb een virusscan en voor de rest niets
> bijzonders gedaan.
> Foxtab is trouwens weg dus hebben jullie een ander
> probleem gevonden.
>
> gr Mar
Je heb heel veel problemen trojans en een backdoors.
Dit komt mede door je illegale office…
mar

03-02-2014 13:39

hoi
Oke
Maar office heb al zolang ik deze pc heb
en dat is al 4 jaar
sorry maar ik ben een leek
gr Mar
Ben

03-02-2014 13:43

Hallo,
Dan heeft iemand hem er illegaal geplaatst voor je..
C:\AutoKMS\AutoKMS.exe (Trojan.AutoKMS) -> Geen actie ondernomen.
E:\Nieuwe map\Vinny27 - Microsoft Office 2010 Activator v223 (Nieuw + Unattended)\Office.activator.2010.v2.2.3byVinny27.rar (Worm.PushBot) -> Geen actie ondernomen.
E:\Nieuwe map\Vinny27 - Microsoft Office 2010 Activator v223 (Nieuw + Unattended)\Office.activator.2010.v2.2.3byVinny27\Vinny27 - Microsoft Office 2010 Activator v2.2.3.exe (Worm.PushBot) -> Geen actie ondernomen.
E:\_UNPACK_Vinny27 - Microsoft Office 2010 Activator v223 (Nieuw + Unattended)\Office.activator.2010.v2.2.3byVinny27\Vinny27 - Microsoft Office 2010 Activator v2.2.3.exe (Worm.PushBot) -> Geen actie ondernomen.
rudi

03-02-2014 22:53

Me dunkt ::o
http://antivirus.startpagina.nl/prikbord/17010688/17012212/re-foxtab#msg-17012212
mar

04-02-2014 13:07

goedemiddag
hier de logs waarom gevraagd is
alvast bedankt voor het meedenken
gr mar
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2014.02.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Gebruiker :: GEBRUIKER-PC
Bescherming: Uitgeschakeld
4-2-2014 8:07:21
mbam-log-2014-02-04 (08-07-21).txt
Scan type: Volledige scan (C:\|D:\|E:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 487625
Verstreken tijd: 1 uur/uren, 53 minuut/minuten,
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 8
D:\downloads\MP4ToMP3Converter.zip (PUP.Riskware.GameCheat) -> Succesvol in quarantaine geplaatst en verwijderd.
D:\nieuwsgroepen\nieuwe_te_downloaden\toolkit\Office 2010 Toolkit & EZ-Activator 2.1.5.rar (Trojan.MSIL) -> Succesvol in quarantaine geplaatst en verwijderd.
E:\downloads cd henk\AshampooMusicStudio-v3.51NL(d00by).exe (Trojan.Dropped) -> Succesvol in quarantaine geplaatst en verwijderd.
E:\downloads cd henk\QuickPar-v0.9.1.0-NLD.exe (Trojan.Dropped) -> Succesvol in quarantaine geplaatst en verwijderd.
E:\downloads cd henk\VlcMediaPlayer-v1.1.4_win32(d00by).exe (Trojan.Dropped) -> Succesvol in quarantaine geplaatst en verwijderd.
E:\downloads cd henk\WinRAR_3.93_Final_NLD(X86X64).exe (Trojan.Dropped) -> Succesvol in quarantaine geplaatst en verwijderd.
E:\Nieuwe map\Vinny27 - Microsoft Office 2010 Activator v223 (Nieuw + Unattended)\Office.activator.2010.v2.2.3byVinny27.rar (Worm.PushBot) -> Succesvol in quarantaine geplaatst en verwijderd.
E:\Nieuwe map\Vinny27 - Microsoft Office 2010 Activator v223 (Nieuw + Unattended)\Office.activator.2010.v2.2.3byVinny27\Vinny27 - Microsoft Office 2010 Activator v2.2.3.exe (Worm.PushBot) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gebruiker at 2014-02-04 13:06:18
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 243 GB (73%) free of 333 GB
Total RAM: 4055 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:06:20, on 4-2-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Spotnet\Spotnet.exe
C:\Program Files (x86)\Spotnet\SABnzbd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Gebruiker.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
O4 - HKCU\..\Run: “C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe”
O4 - HKCU\..\Run: C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 12112 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
“C:\Windows\system32\nvvsvc.exe”
“C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe”
C:\Windows\system32\svchost.exe -k RPCSS
“c:\Program Files\Microsoft Security Client\MsMpEng.exe”
“C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe”
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
“C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”
“C:\Program Files\Bonjour\mDNSResponder.exe”
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“taskhost.exe”
“d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe”
C:\Windows\System32\svchost.exe -k HPZ12
“C:\Windows\system32\Dwm.exe”
C:\Windows\System32\svchost.exe -k HPZ12
“C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe”
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
WLIDSvcM.exe 2732
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
“C:\Program Files\Windows Sidebar\sidebar.exe” /autoRun
“C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
“C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe”
“C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE”
“C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
“C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe”
“C:\Program Files\Microsoft Office\Office14\GROOVE.EXE” /TrayOnly
“C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe” /TUStart /pid:2612
“C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1
“C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f540ce10-d406-4bca-acd5-e35e349ea46e -SystemEventPortName:HostProcess-bd0f1ee0-e787-4087-9ac6-15552571c907 -IoCancelEventPortName:HostProcess-f0c1bdeb-78f2-4c61-8231-203a8349e18f -NonStateChangingEventPortName:HostProcess-95958316-d735-45f6-a341-f7197d53e7aa -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a751e345-7c2a-4031-9661-695a2ebd9a4c -DeviceGroupId:WpdFsGroup
“C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe” -CtxID “#Hewlett-Packard#HP Photosmart B109a-m#1292015772” -Startup
“C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe” -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
“C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe” -Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
“C:\Program Files (x86)\Nero\Update\NASvc.exe”
“C:\Program Files (x86)\Spotnet\Spotnet.exe”
“C:\Windows\system32\wuauclt.exe”
“C:\Program Files (x86)\Spotnet\SABnzbd.exe” -d -f “C:\Users\Gebruiker\AppData\Local\Temp\tmpA1AB.tmp.ini”
“C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE”
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
“taskhost.exe”
C:\Windows\explorer.exe
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”
“C:\Windows\system32\SearchFilterHost.exe” 0 528 532 540 65536 536
C:\Windows\splwow64.exe 12288
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=gpu-process –channel=“5412.0.1246702618\176232653” –disable-image-transport-surface –supports-dual-gpus=false –gpu-driver-bug-workarounds=0,13,23,28 –gpu-vendor-id=0x10de –gpu-device-id=0x0a23 –gpu-driver-vendor=NVIDIA –gpu-driver-version=9.18.13.1106 –ignored=“ –type=renderer ” /prefetch:822062411
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group1 pct:10a stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_93/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/” –enable-threaded-compositing –enable-delegated-renderer –enable-deadline-scheduling –extension-process –renderer-print-preview –disable-html-notifications –enable-software-compositing –channel=“5412.2.420887757\834009288” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group1 pct:10a stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_93/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/” –enable-threaded-compositing –enable-delegated-renderer –enable-deadline-scheduling –extension-process –renderer-print-preview –disable-html-notifications –enable-software-compositing –channel=“5412.3.1502225648\2665847” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group1 pct:10a stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_93/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/” –enable-threaded-compositing –enable-delegated-renderer –enable-deadline-scheduling –extension-process –renderer-print-preview –disable-html-notifications –enable-software-compositing –channel=“5412.4.382774440\562818636” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=plugin –plugin-path=“C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\30.9_0\background/ChromeUtilPlugin.dll” –lang=nl –channel=“5412.5.137083908\1288398007” /prefetch:-390060480
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group1 pct:10a stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_93/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/” –enable-threaded-compositing –enable-delegated-renderer –enable-deadline-scheduling –renderer-print-preview –disable-html-notifications –enable-software-compositing –channel=“5412.6.624026406\1430309685” /prefetch:673131151
“C:\Users\Gebruiker\Desktop\scanprogamma's\RSITx64.exe”
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\gisax6ha.default
“Description”=Adobe® Flash® Player 12.0.0.43 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
“Description”=Adobe Shockwave Player
“Path”=C:\Windows\system32\Adobe\Director\np32dsw.dll
“Description”=Google Earth in your browser
“Path”=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
“Description”=Logitech Harmony Remote Plugin
“Path”=C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
“Description”=Office Authorization plug-in for NPAPI browsers
“Path”=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
“Description”=Microsoft SharePoint Plug-in for Firefox
“Path”=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=NVIDIA stereo images plugin for Mozilla browsers
“Path”=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
“Description”=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
“Path”=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
“Description”=Zylom Games Player 1.00
“Path”=C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
“Description”=Adobe® Flash® Player 12.0.0.43 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
“Description”=Office Authorization plug-in for NPAPI browsers
“Path”=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\gisax6ha.default\extensions\
flashbug@coursevector.com
flashfirebug@o-minds.com
flashlight@stephennolan.com.au
plugin@getwebcake.com
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
======Registry dump======
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
“BCSSync”=C:\Program Files\Microsoft Office\Office14\BCSSync.exe
“AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
“MSC”=c:\Program Files\Microsoft Security Client\msseces.exe
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe
“OfficeSyncProcess”=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
“MyTomTomSA.exe”=C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
“GrooveMonitor”=C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
“Skype”=C:\Program Files (x86)\Skype\Phone\Skype.exe
“SwitchBoard”=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
“AdobeCS6ServiceManager”=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
“APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft SharePoint Workspace.lnk - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=0
“ConsentPromptBehaviorUser”=0
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“PromptOnSecureDesktop”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableLinkedConnections”=1
“NoDriveTypeAutoRun”=145
“NoDrives”=0
“NoDrives”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“MSVideo8”=VfWWDM32.dll
“wave5”=wdmaud.drv
“midi5”=wdmaud.drv
“mixer5”=wdmaud.drv
“aux1”=wdmaud.drv
“wave6”=wdmaud.drv
“midi6”=wdmaud.drv
“mixer6”=wdmaud.drv
“aux2”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“wave3”=wdmaud.drv
“midi3”=wdmaud.drv
“mixer3”=wdmaud.drv
“wave4”=wdmaud.drv
“midi4”=wdmaud.drv
“mixer4”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-02-04 12:24:52 —-SHD—- C:\$RECYCLE.BIN
2014-02-04 12:24:48 —-D—- C:\Windows\temp
2014-02-04 12:24:46 —-A—- C:\ComboFix.txt
2014-02-03 13:28:30 —-D—- C:\ProgramData\Spotnet
2014-02-03 13:28:30 —-D—- C:\Program Files (x86)\Spotnet
2014-02-02 08:07:11 —-A—- C:\Windows\system32\drivers\mbam.sys
2014-02-01 20:41:45 —-D—- C:\Program Files\trend micro
2014-02-01 20:41:44 —-D—- C:\rsit
2014-02-01 20:18:17 —-A—- C:\Windows\MBR.exe
2014-02-01 20:18:16 —-A—- C:\Windows\zip.exe
2014-02-01 20:18:16 —-A—- C:\Windows\SWSC.exe
2014-02-01 20:18:16 —-A—- C:\Windows\SWREG.exe
2014-02-01 20:18:16 —-A—- C:\Windows\sed.exe
2014-02-01 20:18:16 —-A—- C:\Windows\PEV.exe
2014-02-01 20:18:16 —-A—- C:\Windows\NIRCMD.exe
2014-02-01 20:18:16 —-A—- C:\Windows\grep.exe
2014-01-28 20:45:54 —-D—- C:\Users\Gebruiker\AppData\Roaming\FoxTab
2014-01-28 20:45:52 —-D—- C:\Users\Gebruiker\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-01-28 20:45:48 —-D—- C:\Users\Gebruiker\AppData\Roaming\DigitalSites
2014-01-28 20:45:45 —-D—- C:\Program Files (x86)\OpenIt
2014-01-28 20:45:45 —-D—- C:\Program Files (x86)\Foxtab
2014-01-26 14:14:25 —-D—- C:\Users\Gebruiker\AppData\Roaming\aliasworlds
2014-01-25 18:57:08 —-D—- C:\Users\Gebruiker\AppData\Roaming\Logitech
2014-01-25 18:57:06 —-D—- C:\Program Files (x86)\Logitech
2014-01-25 16:41:29 —-D—- C:\Program Files (x86)\Nero
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbuhci.sys
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbport.sys
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbohci.sys
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbhub.sys
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbehci.sys
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbd.sys
2014-01-15 06:12:33 —-A—- C:\Windows\system32\drivers\usbccgp.sys
2014-01-15 06:12:31 —-A—- C:\Windows\system32\win32k.sys
2014-01-15 06:12:29 —-A—- C:\Windows\system32\drivers\netio.sys
2014-01-13 11:54:58 —-A—- C:\Windows\SYSWOW64\javaws.exe
2014-01-13 11:54:51 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-01-13 11:54:51 —-A—- C:\Windows\SYSWOW64\javaw.exe
2014-01-13 11:54:51 —-A—- C:\Windows\SYSWOW64\java.exe
======List of files/folders modified in the last 1 month======
2014-02-04 12:58:12 —-D—- C:\Users\Gebruiker\AppData\Roaming\Skype
2014-02-04 12:24:49 —-D—- C:\Qoobox
2014-02-04 12:24:48 —-D—- C:\Windows
2014-02-04 12:20:42 —-A—- C:\Windows\system.ini
2014-02-04 12:12:11 —-D—- C:\Windows\SYSWOW64\drivers
2014-02-04 12:12:11 —-D—- C:\Windows\SysWOW64
2014-02-04 12:12:11 —-D—- C:\Windows\AppPatch
2014-02-04 12:12:06 —-D—- C:\Program Files (x86)\Common Files
2014-02-04 12:11:37 —-D—- C:\Windows\system32\config
2014-02-04 12:02:40 —-D—- C:\Windows\system32\drivers
2014-02-04 11:57:40 —-D—- C:\ProgramData\NVIDIA
2014-02-04 11:49:15 —-D—- C:\Windows\Prefetch
2014-02-03 22:05:53 —-D—- C:\Windows\System32
2014-02-03 22:05:53 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-02-03 22:05:50 —-D—- C:\Windows\inf
2014-02-03 14:20:29 —-SHD—- C:\System Volume Information
2014-02-03 13:28:30 —-RD—- C:\Program Files (x86)
2014-02-03 13:28:30 —-D—- C:\ProgramData
2014-02-03 10:07:08 —-D—- C:\Windows\system32\Tasks
2014-02-03 10:07:07 —-D—- C:\Windows\Tasks
2014-02-03 09:40:55 —-D—- C:\AutoKMS
2014-02-01 20:41:45 —-RD—- C:\Program Files
2014-02-01 20:38:14 —-D—- C:\Program Files (x86)\SweetIM
2014-01-29 12:39:38 —-D—- C:\Windows\Microsoft.NET
2014-01-29 12:39:37 —-RSD—- C:\Windows\assembly
2014-01-28 23:30:48 —-SHD—- C:\Windows\Installer
2014-01-28 23:30:47 —-D—- C:\Config.Msi
2014-01-28 23:30:42 —-D—- C:\ProgramData\Microsoft Help
2014-01-28 23:30:32 —-A—- C:\Windows\win.ini
2014-01-28 15:02:47 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-01-28 07:52:13 —-D—- C:\Users\Gebruiker\AppData\Roaming\HpUpdate
2014-01-25 18:57:06 —-HD—- C:\Program Files (x86)\InstallShield Installation Information
2014-01-25 16:44:00 —-D—- C:\Users\Gebruiker\AppData\Roaming\Nero
2014-01-25 16:42:37 —-D—- C:\ProgramData\Nero
2014-01-22 06:44:30 —-D—- C:\Windows\system32\catroot2
2014-01-19 08:33:29 —-N—- C:\Windows\system32\MpSigStub.exe
2014-01-15 12:44:10 —-D—- C:\Windows\winsxs
2014-01-15 12:38:40 —-D—- C:\Windows\system32\DriverStore
2014-01-15 06:12:19 —-D—- C:\Windows\system32\catroot
2014-01-13 12:07:32 —-D—- C:\ProgramData\Oracle
2014-01-13 11:54:51 —-D—- C:\Program Files (x86)\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys
R1 RapportCerberus_59849;RapportCerberus_59849; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys
R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys
R3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista; C:\Windows\system32\DRIVERS\netr7364.sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys
R3 RTL8167;Realtek 8167 NT-stuurprogramma; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver; \??\C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys
S3 catchme;catchme; \??\C:\Users\GEBRUI~1\AppData\Local\Temp\catchme.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS_64.sys
S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys
S3 USB28xxBGA;USB 2861 Device; C:\Windows\system32\DRIVERS\emBDA64.sys
S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 MBAMScheduler;MBAMScheduler; d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe
R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe
S2 MBAMService;MBAMService; d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 APNMCP;Ask-updateservice; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
mar

04-02-2014 13:09

deze ook laten draaien
ComboFix 14-02-03.01 - Gebruiker 04-02-2014 12:04:45.8.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4055.1991
Gestart vanuit: c:\users\Gebruiker\Desktop\scanprogamma's\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-01-04 to 2014-02-04 ))))))))))))))))))))))))))))))
.
.
2014-02-04 11:20 . 2014-02-04 11:20 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-04 11:20 . 2014-02-04 11:20 ——– d—–w- c:\users\Public\AppData\Local\temp
2014-02-04 11:20 . 2014-02-04 11:20 ——– d—–w- c:\users\Default\AppData\Local\temp
2014-02-04 11:20 . 2014-02-04 11:20 ——– d—–w- c:\users\AppData\AppData\Local\temp
2014-02-04 10:57 . 2014-02-04 10:57 75888 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2562B3F2-9554-48B9-B2FE-4451DBF3D123}\offreg.dll
2014-02-04 09:27 . 2013-12-04 03:28 10315576 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2562B3F2-9554-48B9-B2FE-4451DBF3D123}\mpengine.dll
2014-02-03 13:28 . 2013-12-04 03:28 10315576 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-03 12:28 . 2014-02-03 13:00 ——– d—–w- c:\programdata\Spotnet
2014-02-03 12:28 . 2014-02-03 12:28 ——– d—–w- c:\program files (x86)\Spotnet
2014-02-02 07:07 . 2013-04-04 13:50 25928 —-a-w- c:\windows\system32\drivers\mbam.sys
2014-02-01 19:41 . 2014-02-04 10:51 ——– d—–w- c:\program files\trend micro
2014-02-01 19:41 . 2014-02-01 19:41 ——– d—–w- C:\rsit
2014-01-28 19:45 . 2014-01-28 19:45 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\FoxTab
2014-01-28 19:45 . 2014-01-28 19:45 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-01-28 19:45 . 2014-02-01 19:38 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\DigitalSites
2014-01-28 19:45 . 2014-01-28 19:45 ——– d—–w- c:\program files (x86)\Foxtab
2014-01-28 19:45 . 2014-01-28 19:45 ——– d—–w- c:\program files (x86)\OpenIt
2014-01-26 13:14 . 2014-01-26 13:14 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\aliasworlds
2014-01-25 17:57 . 2014-01-25 17:57 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Logitech
2014-01-25 17:57 . 2014-01-25 17:57 ——– d—–w- c:\program files (x86)\Logitech
2014-01-25 15:41 . 2014-01-25 15:42 ——– d—–w- c:\program files (x86)\Common Files\Nero
2014-01-25 15:41 . 2014-01-25 15:42 ——– d—–w- c:\program files (x86)\Nero
2014-01-24 05:20 . 2013-10-18 04:19 965000 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A321BDD-4B3F-4645-8E0B-07DAA62C9B48}\gapaengine.dll
2014-01-15 05:12 . 2013-11-27 01:41 343040 —-a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 05:12 . 2013-11-27 01:41 99840 —-a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 05:12 . 2013-11-27 01:41 53248 —-a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 05:12 . 2013-11-27 01:41 325120 —-a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 05:12 . 2013-11-27 01:41 25600 —-a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 05:12 . 2013-11-27 01:41 30720 —-a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 05:12 . 2013-11-27 01:41 7808 —-a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 05:12 . 2013-11-26 10:32 3156480 —-a-w- c:\windows\system32\win32k.sys
2014-01-15 05:12 . 2013-11-26 11:40 376768 —-a-w- c:\windows\system32\drivers\netio.sys
2014-01-13 10:54 . 2013-10-08 06:50 96168 —-a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-28 14:02 . 2013-09-28 12:04 71048 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-28 14:02 . 2013-09-28 12:04 692616 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33 . 2010-12-10 10:46 270496 ——w- c:\windows\system32\MpSigStub.exe
2013-12-10 22:33 . 2013-12-10 22:33 194048 —-a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 22:33 . 2013-12-10 22:33 940032 —-a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 22:32 . 2013-12-10 22:32 71680 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 22:32 . 2013-12-10 22:32 645120 —-a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 22:32 . 2013-12-10 22:32 235008 —-a-w- c:\windows\system32\elshyph.dll
2013-12-10 22:32 . 2013-12-10 22:32 182272 —-a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 22:32 . 2013-12-10 22:32 62464 —-a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 22:32 . 2013-12-10 22:32 61952 —-a-w- c:\windows\SysWow64\iesetup.dll
2013-12-10 22:32 . 2013-12-10 22:32 34816 —-a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 22:32 . 2013-12-10 22:32 337408 —-a-w- c:\windows\SysWow64\html.iec
2013-12-10 22:32 . 2013-12-10 22:32 24576 —-a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 22:32 . 2013-12-10 22:32 139264 —-a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 22:32 . 2013-12-10 22:32 1051136 —-a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 22:32 . 2013-12-10 22:32 151552 —-a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 22:32 . 2013-12-10 22:32 61952 —-a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 22:32 . 2013-12-10 22:32 51200 —-a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-10 22:32 . 2013-12-10 22:32 454656 —-a-w- c:\windows\SysWow64\vbscript.dll
2013-12-10 22:32 . 2013-12-10 22:32 36352 —-a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 22:32 . 2013-12-10 22:32 13312 —-a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 22:32 . 2013-12-10 22:32 112128 —-a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-10 22:32 . 2013-12-10 22:32 942592 —-a-w- c:\windows\system32\jsIntl.dll
2013-12-10 22:32 . 2013-12-10 22:32 86016 —-a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 22:32 . 2013-12-10 22:32 74240 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 22:32 . 2013-12-10 22:32 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 22:32 . 2013-12-10 22:32 111616 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 22:32 . 2013-12-10 22:32 90112 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 22:32 . 2013-12-10 22:32 86016 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 22:32 . 2013-12-10 22:32 52224 —-a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 22:32 . 2013-12-10 22:32 48640 —-a-w- c:\windows\system32\mshtmler.dll
2013-12-10 22:32 . 2013-12-10 22:32 247808 —-a-w- c:\windows\system32\msls31.dll
2013-12-10 22:32 . 2013-12-10 22:32 195584 —-a-w- c:\windows\system32\msrating.dll
2013-12-10 22:32 . 2013-12-10 22:32 13312 —-a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 22:32 . 2013-12-10 22:32 131072 —-a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 22:32 . 2013-12-10 22:32 105984 —-a-w- c:\windows\system32\iesysprep.dll
2013-12-10 22:32 . 2013-12-10 22:32 81408 —-a-w- c:\windows\system32\icardie.dll
2013-12-10 22:32 . 2013-12-10 22:32 77312 —-a-w- c:\windows\system32\tdc.ocx
2013-12-10 22:32 . 2013-12-10 22:32 616104 —-a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 22:32 . 2013-12-10 22:32 453120 —-a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 22:32 . 2013-12-10 22:32 413696 —-a-w- c:\windows\system32\html.iec
2013-12-10 22:32 . 2013-12-10 22:32 40448 —-a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 22:32 . 2013-12-10 22:32 30208 —-a-w- c:\windows\system32\licmgr10.dll
2013-12-10 22:32 . 2013-12-10 22:32 296960 —-a-w- c:\windows\system32\dxtrans.dll
2013-12-10 22:32 . 2013-12-10 22:32 263376 —-a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 22:32 . 2013-12-10 22:32 243200 —-a-w- c:\windows\system32\webcheck.dll
2013-12-10 22:32 . 2013-12-10 22:32 235520 —-a-w- c:\windows\system32\url.dll
2013-12-10 22:32 . 2013-12-10 22:32 1228800 —-a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 22:32 . 2013-12-10 22:32 84992 —-a-w- c:\windows\system32\mshtmled.dll
2013-12-10 22:32 . 2013-12-10 22:32 83968 —-a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 22:32 . 2013-12-10 22:32 774144 —-a-w- c:\windows\system32\jscript.dll
2013-12-10 22:32 . 2013-12-10 22:32 626176 —-a-w- c:\windows\system32\msfeeds.dll
2013-12-10 22:32 . 2013-12-10 22:32 62464 —-a-w- c:\windows\system32\pngfilt.dll
2013-12-10 22:32 . 2013-12-10 22:32 548352 —-a-w- c:\windows\system32\vbscript.dll
2013-12-10 22:32 . 2013-12-10 22:32 167424 —-a-w- c:\windows\system32\iexpress.exe
2013-12-10 22:32 . 2013-12-10 22:32 147968 —-a-w- c:\windows\system32\occache.dll
2013-12-10 22:32 . 2013-12-10 22:32 143872 —-a-w- c:\windows\system32\wextract.exe
2013-12-10 22:32 . 2013-12-10 22:32 13824 —-a-w- c:\windows\system32\mshta.exe
2013-12-10 22:32 . 2013-12-10 22:32 101376 —-a-w- c:\windows\system32\inseng.dll
2013-12-10 22:32 . 2013-12-10 22:32 48128 —-a-w- c:\windows\system32\imgutil.dll
2013-12-10 22:32 . 2013-12-10 22:32 135680 —-a-w- c:\windows\system32\iepeers.dll
2013-11-26 11:54 . 2013-12-12 18:00 23183360 —-a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 18:00 2724864 —-a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 18:00 4096 —-a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 18:00 66048 —-a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 18:00 48640 —-a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 18:00 2764288 —-a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 18:00 53760 —-a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 18:00 33792 —-a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 18:00 2724864 —-a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 18:00 574976 —-a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 18:00 139264 —-a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 18:00 111616 —-a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 18:00 708608 —-a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 18:00 218624 —-a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 18:00 5769216 —-a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 18:00 553472 —-a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 18:00 4243968 —-a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 18:00 1995264 —-a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 18:00 12996608 —-a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 18:00 1928192 —-a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 18:00 2334208 —-a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 18:00 1395200 —-a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 18:00 817664 —-a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 18:00 1820160 —-a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 06:03 417792 —-a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 06:03 465920 —-a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-12 06:02 2048 —-a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 06:02 2048 —-a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{F241C880-6982-4CE5-8CF7-7085BA96DA5A}”
2012-10-26 21:04 220632 —-a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
@=“{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}”
2012-10-26 21:04 220632 —-a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
@=“{BBACC218-34EA-4666-9D7A-C78F2274A524}”
2012-10-26 21:04 220632 —-a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“OfficeSyncProcess”=“c:\program files\Microsoft Office\Office14\MSOSYNC.EXE”
“MyTomTomSA.exe”=“c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe”
“GrooveMonitor”=“c:\program files\Microsoft Office\Office14\GROOVEMN.EXE”
“Skype”=“c:\program files (x86)\Skype\Phone\Skype.exe”
.
“SwitchBoard”=“c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe”
“AdobeCS6ServiceManager”=“c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe”
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
.
c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE /TrayOnly
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
.
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“ConsentPromptBehaviorUser”= 0 (0x0)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“PromptOnSecureDesktop”= 0 (0x0)
“EnableLinkedConnections”= 1 (0x1)
.
“mixer1”=wdmaud.drv
.
@=“Service”
.
“HP Software Update”=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe
R2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
R3 SetupNTGLM7X;SetupNTGLM7X;f:\ntglm7x.sys;f:\NTGLM7X.sys
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
R4 APNMCP;Ask-updateservice;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
S2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys
S3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys
S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
.
.
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
2014-02-04 03:23 1211720 —-a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2014-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2014-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2014-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
.
——— X64 Entries ———–
.
.
@=“{F241C880-6982-4CE5-8CF7-7085BA96DA5A}”
2012-10-26 21:04 244696 —-a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
@=“{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}”
2012-10-26 21:04 244696 —-a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
@=“{BBACC218-34EA-4666-9D7A-C78F2274A524}”
2012-10-26 21:04 244696 —-a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
“BCSSync”=“c:\program files\Microsoft Office\Office14\BCSSync.exe”
“AdobeAAMUpdater-1.0”=“c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe”
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.nl/
uInternet Settings,ProxyOverride = *.local
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\gisax6ha.default\
FF - ExtSQL: !HIDDEN! 2010-12-10 22:14; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extentions.webcake.installId - f7b97a6e-7050-4ae9-8212-9d7a7da5b822
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 2a3eeb2300000000000000145c86ec39
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15939
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.615:41
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - nl
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120006&tsp=4982
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{0734d757-fea6-4637-a7e4-2bd40a7fd8da} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (2) (S-1-5-21-1848488349-641486460-2212997090-1000)
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.Email.1”
.
@Denied: (2) (S-1-5-21-1848488349-641486460-2212997090-1000)
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.VCard.1”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.10”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker3”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2014-02-04 12:24:46
ComboFix-quarantined-files.txt 2014-02-04 11:24
.
Pre-Run: 254.515.093.504 bytes beschikbaar
Post-Run: 254.611.136.512 bytes beschikbaar
.
- - End Of File - - 4E16C2991898A9D25295703329C2063E
228F2E1C67E9730B7598BC269B9B76BF
Ben

04-02-2014 16:00

Hallo,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
emptyclsid;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
mar

04-02-2014 16:48

hier het gevraagde log
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Gebruiker on di 04-02-2014 at 16:14:00,04.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gebruiker\Desktop\zoek.exe
==== Older Logs ======================
C:\zoek-results2012-10-25-185945.log 11665 bytes
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\PROGRA~2\Alawar deleted successfully
C:\PROGRA~2\AVS4YOU deleted successfully
C:\PROGRA~2\Denda Games deleted successfully
C:\PROGRA~2\install deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\SweetIM deleted successfully
C:\ProgramData\Babylon deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} deleted successfully
C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully
C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully
C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} deleted successfully
C:\Users\Gebruiker\AppData\Roaming\DigitalSites deleted successfully
C:\Users\Gebruiker\AppData\Roaming\HpUpdate deleted successfully
C:\Users\Gebruiker\AppData\Roaming\Logitech deleted successfully
C:\Users\Gebruiker\AppData\Roaming\SmashFrenzy4 deleted successfully
C:\Users\Gebruiker\AppData\Roaming\Systweak deleted successfully
C:\Users\Gebruiker\AppData\Roaming\YourFileDownloader deleted successfully
C:\Users\Gebruiker\AppData\Local\Conduit deleted successfully
C:\Users\Gebruiker\AppData\Local\Downloaded Installations deleted successfully
C:\Users\Gebruiker\AppData\Local\STARGAZE_IMAGE_CACHE deleted successfully
C:\Users\Gebruiker\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1848488349-641486460-2212997090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1848488349-641486460-2212997090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FF405D4B-1CBF-4A12-AA87-6DC60937699D} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\SysWOW64\svchost.exe
C:\Users\Gebruiker\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\APNMCP deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\gisax6ha.default
—- Lines delta removed from prefs.js —-
user_pref(“extensions.delta.admin”, false);
user_pref(“extensions.delta.aflt”, “babsst”);
user_pref(“extensions.delta.appId”, “{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}”);
user_pref(“extensions.delta.autoRvrt”, “false”);
user_pref(“extensions.delta.dfltLng”, “nl”);
user_pref(“extensions.delta.excTlbr”, false);
user_pref(“extensions.delta.ffxUnstlRst”, true);
user_pref(“extensions.delta.id”, “2a3eeb2300000000000000145c86ec39”);
user_pref(“extensions.delta.instlDay”, “15939”);
user_pref(“extensions.delta.instlRef”, “sst”);
user_pref(“extensions.delta.newTab”, false);
user_pref(“extensions.delta.prdct”, “delta”);
user_pref(“extensions.delta.prtnrId”, “delta”);
user_pref(“extensions.delta.rvrt”, “false”);
user_pref(“extensions.delta.smplGrp”, “none”);
user_pref(“extensions.delta.tlbrId”, “base”);
user_pref(“extensions.delta.tlbrSrchUrl”, “”);
user_pref(“extensions.delta.vrsn”, “1.8.24.6”);
user_pref(“extensions.delta.vrsnTs”, “1.8.24.615:41:10”);
user_pref(“extensions.delta.vrsni”, “1.8.24.6”);
user_pref(“extensions.delta_i.babExt”, “”);
user_pref(“extensions.delta_i.babTrack”, “affID=120006&tsp=4982”);
user_pref(“extensions.delta_i.srcExt”, “ss”);
—- Lines delta removed from user.js —-
user_pref(“extensions.delta.tlbrSrchUrl”, “”);
user_pref(“extensions.delta.id”, “2a3eeb2300000000000000145c86ec39”);
user_pref(“extensions.delta.appId”, “{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}”);
user_pref(“extensions.delta.instlDay”, “15939”);
user_pref(“extensions.delta.vrsn”, “1.8.24.6”);
user_pref(“extensions.delta.vrsni”, “1.8.24.6”);
user_pref(“extensions.delta.vrsnTs”, “1.8.24.615:41:10”);
user_pref(“extensions.delta.prtnrId”, “delta”);
user_pref(“extensions.delta.prdct”, “delta”);
user_pref(“extensions.delta.aflt”, “babsst”);
user_pref(“extensions.delta.smplGrp”, “none”);
user_pref(“extensions.delta.tlbrId”, “base”);
user_pref(“extensions.delta.instlRef”, “sst”);
user_pref(“extensions.delta.dfltLng”, “nl”);
user_pref(“extensions.delta.excTlbr”, false);
user_pref(“extensions.delta.ffxUnstlRst”, true);
user_pref(“extensions.delta.admin”, false);
user_pref(“extensions.delta_i.babTrack”, “affID=120006&tsp=4982”);
user_pref(“extensions.delta_i.babExt”, “”);
user_pref(“extensions.delta_i.srcExt”, “ss”);
user_pref(“extensions.delta.autoRvrt”, “false”);
user_pref(“extensions.delta.rvrt”, “false”);
user_pref(“extensions.delta.newTab”, false);
—- FireFox user.js and prefs.js backups —-
user_04-02-2014_1630_.backup
prefs_04-02-2014_1630_.backup
==== Deleting Files \ Folders ======================
C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} not found
C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found
C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found
C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} not found
C:\PROGRA~2\Foxtab deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\TB deleted
C:\PROGRA~2\OpenIt deleted
C:\PROGRA~2\AskPartnerNetwork deleted
C:\PROGRA~2\Conduit deleted
C:\Users\Gebruiker\AppData\Roaming\burnaware.ini deleted
C:\Users\Gebruiker\AppData\Roaming\FoxTab deleted
C:\Users\Gebruiker\AppData\Roaming\Thinstall deleted
C:\Users\Gebruiker\AppData\Roaming\Alawar deleted
C:\Users\Gebruiker\AppData\Roaming\Alawar Entertainment deleted
C:\Users\Gebruiker\AppData\Roaming\Alawar Stargaze deleted
C:\Users\Gebruiker\AppData\Roaming\AlawarEntertainment deleted
C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers deleted
C:\Users\Gebruiker\AppData\Roaming\YoudaGames deleted
C:\ProgramData\AskPartnerNetwork deleted
C:\ProgramData\Alawar Entertainment deleted
C:\ProgramData\Alawar Stargaze deleted
C:\ProgramData\AlawarWrapper deleted
C:\ProgramData\APN deleted
C:\ProgramData\Uniblue\DriverScanner deleted
C:\Users\Gebruiker\AppData\Local\foxtab_speeddial.crx deleted
C:\Users\Gebruiker\AppData\Local\Thinstall deleted
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It! deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\Gebruiker\AppData\LocalLow\AVG Security Toolbar deleted
C:\Users\Gebruiker\AppData\LocalLow\Conduit deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Security Toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\windows\SysNative\tasks\YourFile DownloaderUpdate deleted
C:\END deleted
C:\Users\Public\Documents\AlawarWrapper deleted
C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\gisax6ha.default\Invalidprefs.js deleted
C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted
“C:\Users\Gebruiker\AppData\Local\{7B99F471-0B76-434C-897C-23D38242C97F}” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4056 MB
CPU Info: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
CPU Speed: 2748,2 MHz
Sound Card: Luidsprekers (High Definition A |
Digitale audio (S/PDIF) (High D |
Display Adapters: NVIDIA GeForce 210 | NVIDIA GeForce 210 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | RT73 USB draadloze LAN-kaart | Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
CD / DVD Drives: 1x (F: | ) F: TSSTcorpCDDVDW SH-S223C
Ports: COM1 | COM2 LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 325,0GB | D: 303,2GB | E: 303,2GB
Hard Disks - Free: C: 239,4GB | D: 125,6GB | E: 196,8GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 07/05/10 | 7636MS - 20100705
Time Zone: West-Europa (standaardtijd)
Motherboard *: MSI H55M-E33(MS-7636)
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Internet Explorer Version: 11.0.9600.16476
Mozilla Firefox version: 26.0 (x86 nl)
Google Chrome version: 32.0.1700.107
Adobe Reader version: 10.1.9.22
Sun Java version: 1.7.0_45 (32-bit)
Flash Player version: 12.0.0.43
Shockwave Player version: 11.6.3r633
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-02-01 19:18:17 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe
2014-02-01 19:18:16 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe
2014-02-01 19:18:16 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe
2014-02-01 19:18:16 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe
2014-02-01 19:18:16 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe
====== C:\Users\GEBRUI~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-02-02 07:07:11 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-01-15 05:12:33 FFA06EF43987ED0DD42AD59B260C0C78 7808 —-a-w- C:\Windows\Sysnative\drivers\usbd.sys
2014-01-15 05:12:33 DD253AFC3BC6CBA412342DE60C3647F3 30720 —-a-w- C:\Windows\Sysnative\drivers\usbuhci.sys
2014-01-15 05:12:33 DCA68B0943D6FA415F0C56C92158A83A 99840 —-a-w- C:\Windows\Sysnative\drivers\usbccgp.sys
2014-01-15 05:12:33 8D1196CFBB223621F2C67D45710F25BA 343040 —-a-w- C:\Windows\Sysnative\drivers\usbhub.sys
2014-01-15 05:12:33 765A92D428A8DB88B960DA5A8D6089DC 25600 —-a-w- C:\Windows\Sysnative\drivers\usbohci.sys
2014-01-15 05:12:33 18A85013A3E0F7E1755365D287443965 53248 —-a-w- C:\Windows\Sysnative\drivers\usbehci.sys
2014-01-15 05:12:33 12FEB33791920678F8433701C822BCFD 325120 —-a-w- C:\Windows\Sysnative\drivers\usbport.sys
2014-01-15 05:12:29 3555BA97171CD153118F73FDCCC8BFDE 376768 —-a-w- C:\Windows\Sysnative\drivers\netio.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-02-01 19:41:45 ——– d—–w- C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-02-03 12:28:30 ——– d—–w- C:\PROGRA~2\Spotnet
2014-01-25 15:41:36 ——– d—–w- C:\PROGRA~2\COMMON~1\Nero
2014-01-25 15:41:29 ——– d—–w- C:\PROGRA~2\Nero
======= C: =====
====== C:\Users\Gebruiker\AppData\Roaming ======
2014-02-04 11:24:48 ——– d—–w- C:\Users\Vincent\AppData\Local\temp
2014-02-04 11:24:48 ——– d—–w- C:\Users\UpdatusUser\AppData\Local\temp
2014-02-04 11:24:48 ——– d—–w- C:\Users\Public\AppData\Local\temp
2014-02-04 11:24:48 ——– d—–w- C:\Users\Default\AppData\Local\temp
2014-02-04 11:24:48 ——– d—–w- C:\Users\Default User\AppData\Local\temp
2014-02-04 11:24:48 ——– d—–w- C:\Users\AppData\AppData\Local\temp
2014-01-28 19:45:57 83B098914B4CCD819B641B2CBB3A1A3B 127 —-a-w- C:\Users\Gebruiker\AppData\Roaming\WB.CFG
2014-01-28 19:45:52 ——– d—–w- C:\Users\Gebruiker\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-01-26 13:14:25 ——– d—–w- C:\Users\Gebruiker\AppData\Roaming\aliasworlds
====== C:\Users\Gebruiker ======
2014-02-04 11:24:48 ——– d—–w- C:\Users\Vincent\AppData
2014-02-03 12:28:36 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotnet
2014-02-03 12:28:30 ——– d—–w- C:\ProgramData\Spotnet
2014-01-28 19:45:23 37B666D5933B34EBBCE6D07D27A1E972 666856 —-a-w- C:\Users\Gebruiker\Downloads\ZipSetup(1).exe
2014-01-28 19:44:40 37B666D5933B34EBBCE6D07D27A1E972 666856 —-a-w- C:\Users\Gebruiker\Downloads\ZipSetup.exe
2014-01-25 15:41:30 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-01-13 10:54:52 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
====== C: exe-files ==
2014-02-04 03:23:57 BA7524A2D91F895CE7502C78B6A4CBAF 732888 —-a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.107\32.0.1700.107_32.0.1700.102_chrome_updater.exe
2014-02-03 12:28:35 E6FDBB66A816B3D1D96A811069442AC8 229376 —-a-w- C:\Program Files (x86)\Spotnet\win\par2\par2-classic.exe
2014-02-03 12:28:35 D17D03DEF41FF44013A5D5D6BF55B330 276992 —-a-w- C:\Program Files (x86)\Spotnet\win\unrar\x64\UnRAR.exe
2014-02-03 12:28:35 ABCAF37BDE149152CA8AB766736D4ADC 515072 —-a-w- C:\Program Files (x86)\Spotnet\win\par2\x64\par2.exe
2014-02-03 12:28:35 75375C22C72F1BEB76BEA39C22A1ED68 167936 —-a-w- C:\Program Files (x86)\Spotnet\win\unzip\unzip.exe
2014-02-03 12:28:35 1BAF578E4B16A56CDAC24D5C6B18E4F5 260096 —-a-w- C:\Program Files (x86)\Spotnet\win\unrar\UnRAR.exe
2014-02-03 12:28:35 1977F54AFB662549DCE68E26D6E48178 423936 —-a-w- C:\Program Files (x86)\Spotnet\win\par2\par2.exe
2014-02-03 12:28:33 BE6EBB6F8C6F5AD290709FD6B5E166AD 114702 —-a-w- C:\Program Files (x86)\Spotnet\lib\curl.exe
2014-02-03 12:28:31 B2344619EB86432A2391599EB35CB059 348672 —-a-w- C:\Program Files (x86)\Spotnet\SABnzbd.exe
2014-02-03 12:28:31 AB8011B91286000129AEAC36EDA49C05 1160704 —-a-w- C:\Program Files (x86)\Spotnet\Spotnet.exe
2014-02-03 12:28:30 62046B32A67A02F04C00B04F84A7A8A1 716189 —-a-w- C:\Program Files (x86)\Spotnet\unins000.exe
2014-02-01 19:41:46 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Gebruiker.exe
2014-02-01 19:27:00 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Gebruiker\Desktop\scanprogamma's\RSITx64.exe
2014-02-01 19:18:17 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe
2014-02-01 19:18:16 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe
2014-02-01 19:18:16 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe
2014-02-01 19:18:16 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe
2014-02-01 19:18:16 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe
2014-01-28 19:45:52 8C7FB9078A63B7E5E899E7A2DBB0DB53 1114624 —-a-w- C:\Users\Gebruiker\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe
2014-01-28 19:45:23 37B666D5933B34EBBCE6D07D27A1E972 666856 —-a-w- C:\Users\Gebruiker\Downloads\ZipSetup(1).exe
2014-01-28 19:44:40 37B666D5933B34EBBCE6D07D27A1E972 666856 —-a-w- C:\Users\Gebruiker\Downloads\ZipSetup.exe
=== C: other files ==
2014-02-03 12:28:34 CEC377014B9500F6907523ABB35090B9 4692380 —-a-w- C:\Program Files (x86)\Spotnet\lib\sabnzbd.zip
2014-02-03 12:28:34 35F1020D983FF711E51ED4D68E6948F6 1376889 —-a-w- C:\Program Files (x86)\Spotnet\lib\sabhelper.zip
2014-02-02 07:07:11 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys
==== Startup Registry Enabled ======================
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“OfficeSyncProcess”=“C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
“MyTomTomSA.exe”=“C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe”
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE”
“Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”
“SwitchBoard”=“C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe”
“AdobeCS6ServiceManager”=“C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“OfficeSyncProcess”=“C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
“MyTomTomSA.exe”=“C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe”
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE”
“Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”
==== Startup Registry Enabled x64 ======================
“BCSSync”=“C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices”
“AdobeAAMUpdater-1.0”=“C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”
“MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
==== Startup Registry Disabled ======================
“HP Software Update”=“C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe”
“SunJavaUpdateSched”=“\”C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\“”
“Adobe ARM”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
==== Startup Folders ======================
2013-03-09 18:41:43 1110 —-a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
2010-12-10 21:13:29 2099 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a——
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma”
“C:\Windows\SysNative\tasks\CreateChoiceProcessTask”
“C:\Windows\SysNative\tasks\Google Updater and Installer”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA”
“C:\Windows\SysNative\tasks\HP-Online updateprogramma”
“C:\Windows\SysNative\tasks\Java Update Scheduler”
“C:\Windows\SysNative\tasks\SidebarExecute”
“C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013”
“C:\Windows\SysNative\tasks\{00C22069-570A-40C5-AE7F-5F2A3018CAB7}”
“C:\Windows\SysNative\tasks\{00D51E20-627A-4D6B-88ED-56329B53F7EB}”
“C:\Windows\SysNative\tasks\{06E3DD95-BB43-496D-B349-89A7F5B96DC7}”
“C:\Windows\SysNative\tasks\{1D58C92D-AE4E-48F2-8DF2-617474763CB4}”
“C:\Windows\SysNative\tasks\{2D55BABF-E0D3-4E92-80ED-0153D14D5E8B}”
“C:\Windows\SysNative\tasks\{34719CA7-1FC3-4E53-A4B5-BDF75638766E}”
“C:\Windows\SysNative\tasks\{36F2E2F2-BDCB-4397-AB31-9F9AFF19BE7F}”
“C:\Windows\SysNative\tasks\{4E75DE1E-6CA0-4BA6-B6D5-810A2F6243AE}”
“C:\Windows\SysNative\tasks\{5A697AFE-E22B-45A3-A04F-A27F64912519}”
“C:\Windows\SysNative\tasks\{5CAFC5BA-97D7-4EAD-96B5-DBA5D6127DE2}”
“C:\Windows\SysNative\tasks\{61CC3963-A0D7-40A0-98F0-1FC9A0125C5A}”
“C:\Windows\SysNative\tasks\{629AEF6B-2E8C-45B8-9DE8-CC0EE2028F5B}”
“C:\Windows\SysNative\tasks\{70D15E14-5A37-4832-8DA4-BA1A590E9D27}”
“C:\Windows\SysNative\tasks\{787D7516-08F2-499C-8632-DFA94743A5F7}”
“C:\Windows\SysNative\tasks\{85B91A49-292E-4D27-8307-5716875B62C0}”
“C:\Windows\SysNative\tasks\{A14BA952-52CE-4440-B1B6-2AAC6B120ADF}”
“C:\Windows\SysNative\tasks\{A3D3CC5E-7A14-4576-A46C-ABAD1A2A5E01}”
“C:\Windows\SysNative\tasks\{A5646B4C-7E2F-4CBD-97F6-1C5FF3E98634}”
“C:\Windows\SysNative\tasks\{B9D344D3-0A0B-466C-BEC3-82809830EBFB}”
“C:\Windows\SysNative\tasks\{C633E03C-203E-4D33-BD04-1FCA425ABBCB}”
“C:\Windows\SysNative\tasks\{C6AE82DC-A702-45CA-A0E3-BA1C5214AC54}”
“C:\Windows\SysNative\tasks\{D8B09773-7D13-482B-A81B-16F39D3283A9}”
“C:\Windows\SysNative\tasks\{E92F8274-6D02-470F-91B0-BA2F23836521}”
“C:\Windows\SysNative\tasks\{EAEFF34F-8ED8-4408-A27E-8CD9665BD4B4}”
“C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask”
==== Folders in C:\ProgramData 0-6 Months Old ======================
2013-10-23 11:07:43 ——– d—–w- C:\ProgramData\Apple
2013-10-23 11:09:12 ——– d—–w- C:\ProgramData\Apple Computer
2013-10-23 11:09:13 ——– d—–w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-01 11:46:40 ——– d—–w- C:\ProgramData\HP Product Assistant
2014-02-03 12:28:30 ——– d—–w- C:\ProgramData\Spotnet
==== Firefox Extensions Registry ======================
“smartwebprinting@hp.com”=“C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3”
“smartwebprinting@hp.com”=“C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3”
==== Firefox Extensions ======================
ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\gisax6ha.default
- Flashbug - %ProfilePath%\extensions\flashbug@coursevector.com
- FlashFirebug - %ProfilePath%\extensions\flashfirebug@o-minds.com
- Flashlight - %ProfilePath%\extensions\flashlight@stephennolan.com.au
- WebCake - %ProfilePath%\extensions\plugin@getwebcake.com
- Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
- Webmail Ad Blocker - %ProfilePath%\extensions\gmailnoads@mywebber.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\gisax6ha.default
2557FBC582910A71CDEB0F22886D118D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
9F8210675BD2ACC283959BB33F0307DF - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin
==== Deleted Firefox Extensions ======================
C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\gisax6ha.default\extensions\plugin@getwebcake.com deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaajpkhjdkhhnkmgfjodbkfpbmibkkk - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx
bbmanpbfjipmicnlbchaifoomleljpal - No path found
dchmpbaclbiioedakpcldenooikekokm - C:\Users\GEBRUI~1\AppData\Local\foxtab_speeddial.crx
jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
ndibdjnfmopecpmkdieinmbadjfpblof - No path found
ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx
omaonpoimgkmbllpdihbnmgphjoipdhf - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbmanpbfjipmicnlbchaifoomleljpal - No path found
dchmpbaclbiioedakpcldenooikekokm - C:\Users\GEBRUI~1\AppData\Local\foxtab_speeddial.crx
Ask Toolbar - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk
YouTube - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
MyHarmony Chrome Plugin - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf
Gmail - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
avast WebRep - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
==== Chrome Fix ======================
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_produtoolsmaps.ourtoolbar.com_0.localstorage-journal deleted successfully
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nederlands.babylon.com_0.localstorage-journal deleted successfully
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage deleted successfully
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage-journal deleted successfully
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk deleted successfully
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaajpkhjdkhhnkmgfjodbkfpbmibkkk_0.localstorage deleted successfully
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaajpkhjdkhhnkmgfjodbkfpbmibkkk_0.localstorage-journal deleted successfully
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk deleted successfully
==== Set IE to Default ======================
Old Values:
“Start Page”=“https://www.google.nl/”
New Values:
“Start Page”=“https://www.google.nl/”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bbmanpbfjipmicnlbchaifoomleljpal deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bbmanpbfjipmicnlbchaifoomleljpal deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm deleted successfully
==== HijackThis Entries ======================
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
O4 - HKCU\..\Run: “C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe”
O4 - HKCU\..\Run: C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XZ7Y5L9 will be deleted at reboot
C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QKUGFOA will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Gebruiker\AppData\Local\Mozilla\Firefox\Profiles\gisax6ha.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=983 folders=328 49525097 bytes)
==== Empty Temp Folders ======================
C:\Users\AppData\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\Vincent\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XZ7Y5L9” not found
“C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QKUGFOA” not found
==== EOF on di 04-02-2014 at 16:43:02,30 ======================

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

foxtab

Ben

mar

Ben

mar

Ben

rudi

mar

mar

Ben

mar