veel malware en traag

• 

  Dennis

  20-03-2014 16:55

  hallo

  Logfile of random's system information tool 1.09 (written by random/random)

  Run by Kayleigh at 2014-03-20 16:48:11

  Microsoft Windows 7 Home Premium Service Pack 1

  System drive C: has 167 GB (70%) free of 238 GB

  Total RAM: 4074 MB (60% free)

  Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 16:48:18, on 20-3-2014

  Platform: Windows 7 SP1 (WinNT 6.00.3505)

  MSIE: Internet Explorer v11.0 (11.00.9600.16521)

  Boot mode: Normal

  Running processes:

  C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

  C:\Program Files\AVAST Software\Avast\AvastUI.exe

  C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

  C:\Program Files\trend micro\Kayleigh.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)

  R3 - URLSearchHook: WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll

  F2 - REG:system.ini: UserInit=userinit.exe,

  O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll

  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

  O2 - BHO: WhiteSmoke US New - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll

  O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

  O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

  O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

  O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

  O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

  O3 - Toolbar: (no name) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - (no file)

  O3 - Toolbar: WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll

  O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

  O4 - HKLM\..\Run: C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

  O4 - HKLM\..\Run: C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

  O4 - HKLM\..\Run: “C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe” LPCM

  O4 - HKLM\..\Run: “C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe” /hide:60

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”

  O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKCU\..\Run: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR

  O4 - HKCU\..\Run: “C:\Users\Kayleigh\AppData\Local\Google\Update\GoogleUpdate.exe” /c

  O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-19\..\Run: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

  O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

  O4 - HKUS\S-1-5-18\..\Run: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User ‘SYSTEM’)

  O4 - HKUS\.DEFAULT\..\Run: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User ‘Default user’)

  O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User ‘Default user’)

  O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

  O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

  O4 - Global Startup: Toshiba Places Icon Utility.lnk = ?

  O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

  O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

  O8 - Extra context menu item: Toevoegen aan TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

  O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

  O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

  O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

  O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

  O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

  O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

  O9 - Extra ‘Tools’ menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

  O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll

  O9 - Extra ‘Tools’ menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll

  O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

  O9 - Extra ‘Tools’ menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

  O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

  O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

  O11 - Options group: Accelerated graphics

  O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

  O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

  O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

  O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

  O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

  O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

  O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

  O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

  O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

  O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

  O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

  O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

  O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

  O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

  O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

  O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe

  O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

  O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

  O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe

  O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

  O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

  O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

  O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

  O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

  O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

  O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

  O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

  O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

  O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

  O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

  O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

  O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

  O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

  O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

  O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

  O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

  –

  End of file - 15949 bytes

  ======Listing Processes======

  \SystemRoot\System32\smss.exe

  %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

  wininit.exe

  %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

  C:\Windows\system32\services.exe

  C:\Windows\system32\lsass.exe

  C:\Windows\system32\lsm.exe

  C:\Windows\system32\svchost.exe -k DcomLaunch

  C:\Windows\system32\nvvsvc.exe

  C:\Windows\system32\svchost.exe -k RPCSS

  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

  C:\Windows\system32\svchost.exe -k LocalService

  C:\Windows\system32\svchost.exe -k netsvcs

  C:\Windows\system32\svchost.exe -k NetworkService

  winlogon.exe

  “C:\Program Files\AVAST Software\Avast\AvastSvc.exe”

  “C:\Program Files\AVAST Software\Avast\afwServ.exe”

  C:\Windows\System32\spoolsv.exe

  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

  “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”

  “C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”

  “C:\Program Files\Bonjour\mDNSResponder.exe”

  “C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe”

  C:\Windows\system32\svchost.exe -k imgsvc

  C:\Windows\system32\TODDSrv.exe

  “C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe”

  “C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe”

  C:\Windows\system32\nvvsvc.exe -session -first

  “C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe”

  “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”

  WLIDSvcM.exe 2336

  C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

  C:\Windows\servicing\TrustedInstaller.exe

  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

  “taskhost.exe”

  “C:\Windows\system32\Dwm.exe”

  “C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe” /TUStart /pid:2276

  C:\Windows\Explorer.EXE

  “C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe”

  “C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe”

  “C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe”

  “C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe”

  “C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe”

  “C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” -s

  “C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe” /FORPCEE3

  “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”

  “C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe” /STAR

  “C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe”

  “C:\Program Files\Synaptics\SynTP\SynTPHelper.exe”

  “C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe”

  “C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe” LPCM

  “C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE” /tsr

  “C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe” /hide:60

  “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui

  taskeng.exe {549284FD-55AD-4D79-9B3B-066E8679A53C}

  “C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe”

  “C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe”

  “C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe”

  “C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe”

  “C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe”

  “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe”

  “c:\Program Files (x86)\Nero\Update\NASvc.exe”

  C:\Windows\System32\svchost.exe -k secsvcs

  “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe”

  “C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe”

  “C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe”

  C:\Windows\system32\svchost.exe -k SDRSVC

  C:\Windows\system32\wbem\wmiprvse.exe

  “C:\Users\Kayleigh\Desktop\RSITx64.exe”

  ======Scheduled tasks folder======

  C:\Windows\tasks\Adobe Flash Player Updater.job

  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3414775462-2620423805-1927351078-1000Core.job

  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3414775462-2620423805-1927351078-1000UA.job

  =========Mozilla firefox=========

  ProfilePath - C:\Users\Kayleigh\AppData\Roaming\Mozilla\Firefox\Profiles\ykpqa5z2.default

  prefs.js - “browser.search.useDBForOrder” - true

  prefs.js - “browser.startup.homepage” - “http://www.trovigo.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPC889039B-55ED-45EA-ABCB-EF10D7DCF5A1&SSPV=”

  “Description”=Adobe® Flash® Player 12.0.0.77 Plugin

  “Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

  “Description”=

  “Path”=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

  “Description”=Google Earth in your browser

  “Path”=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

  “Description”=McAfee Mss Plugin

  “Path”=C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll

  “Description”=

  “Path”=disabled

  “Description”=Ag Player Plugin

  “Path”=C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

  “Description”=Office Authorization plug-in for NPAPI browsers

  “Path”=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

  “Description”=Microsoft SharePoint Plug-in for Firefox

  “Path”=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

  “Description”=WLPG Install MIME type

  “Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

  “Description”=WLPG Install MIME type

  “Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

  “Description”=Google Update

  “Path”=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

  “Description”=Google Update

  “Path”=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

  “Description”=VideoDownloadConverter Plugin

  “Path”=C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll

  “Description”=WildTangent Games App Presence Detector Plugin

  “Path”=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll

  “Description”=Handles PDFs in-place in Firefox

  “Path”=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

  “Description”=Adobe® Flash® Player 12.0.0.77 Plugin

  “Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll

  “Description”=

  “Path”=disabled

  “Description”=Ag Player Plugin

  “Path”=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

  “Description”=Office Authorization plug-in for NPAPI browsers

  “Path”=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

  C:\Users\Kayleigh\AppData\Roaming\Mozilla\Firefox\Profiles\ykpqa5z2.default\extensions\

  pavel.sherbakov@gmail.com

  C:\Users\Kayleigh\AppData\Roaming\Mozilla\Firefox\Profiles\ykpqa5z2.default\searchplugins\

  conduit-search.xml

  ======Registry dump======

  avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

  Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

  DVDVideoSoft IE Extension - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll

  MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll

  Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

  WhiteSmoke US New Toolbar - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll

  avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

  Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

  Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

  Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

  DVDVideoSoft IE Extension - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

  TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

  {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

  {48586425-6bb7-4f51-8dc6-38c88e3ebb58}

  {462be121-2b54-4218-bf00-b9bf8135b23f} - WhiteSmoke US New Toolbar - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll

  {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

  “TosNC”=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe

  “TosReelTimeMonitor”=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

  “Toshiba TEMPRO”=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

  “TPwrMain”=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE

  “TCrdMain”=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

  “RtHDVCpl”=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

  “RtHDVBg”=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

  “SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  “TosSENotify”=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

  “TosVolRegulator”=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

  “Toshiba Registration”=C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe

  “TOPI.EXE”=C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

  “Google Update”=C:\Users\Kayleigh\AppData\Local\Google\Update\GoogleUpdate.exe

  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

  C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe

  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

  C:\Users\Kayleigh\AppData\Local\Google\Update\GoogleUpdate.exe

  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

  C:\Program Files (x86)\iTunes\iTunesHelper.exe

  C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

  C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

  C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

  c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe

  C:\Program Files (x86)\QuickTime\QTTask.exe

  C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe

  C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe

  “SVPWUTIL”=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe

  “HWSetup”=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe

  “KeNotify”=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

  “ToshibaServiceStation”=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

  “APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

  “AvastUI.exe”=C:\Program Files\AVAST Software\Avast\AvastUI.exe

  “Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

  McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

  Toshiba Places Icon Utility.lnk - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

  C:\Users\Kayleigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

  OneNote 2010 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

  “AppInit_DLLs”=“C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll”

  WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

  “SecurityProviders”=credssp.dll

  “ConsentPromptBehaviorAdmin”=5

  “ConsentPromptBehaviorUser”=3

  “EnableUIADesktopToggle”=0

  “dontdisplaylastusername”=0

  “legalnoticecaption”=

  “legalnoticetext”=

  “shutdownwithoutlogon”=1

  “undockwithoutlogon”=1

  “EnableLinkedConnections”=1

  “NoActiveDesktop”=1

  “NoActiveDesktopChanges”=1

  “ForceActiveDesktopOn”=0

  “vidc.mrle”=msrle32.dll

  “vidc.msvc”=msvidc32.dll

  “msacm.imaadpcm”=imaadp32.acm

  “msacm.msg711”=msg711.acm

  “msacm.msgsm610”=msgsm32.acm

  “msacm.msadpcm”=msadp32.acm

  “midimapper”=midimap.dll

  “wavemapper”=msacm32.drv

  “VIDC.UYVY”=msyuv.dll

  “VIDC.YUY2”=msyuv.dll

  “VIDC.YVYU”=msyuv.dll

  “VIDC.IYUV”=iyuv_32.dll

  “vidc.i420”=iyuv_32.dll

  “VIDC.YVU9”=tsbyuv.dll

  “msacm.l3acm”=C:\Windows\System32\l3codeca.acm

  “MSVideo8”=VfWWDM32.dll

  “wave2”=wdmaud.drv

  “midi2”=wdmaud.drv

  “mixer2”=wdmaud.drv

  “wave3”=wdmaud.drv

  “midi3”=wdmaud.drv

  “mixer3”=wdmaud.drv

  “wave4”=wdmaud.drv

  “midi4”=wdmaud.drv

  “mixer4”=wdmaud.drv

  “wave1”=wdmaud.drv

  “midi1”=wdmaud.drv

  “mixer1”=wdmaud.drv

  “wave”=wdmaud.drv

  “midi”=wdmaud.drv

  “mixer”=wdmaud.drv

  “aux”=wdmaud.drv

  ======File associations======

  .js - edit - C:\Windows\System32\Notepad.exe %1

  .js - open - C:\Windows\System32\WScript.exe “%1” %*

  ======List of files/folders created in the last 1 month======

  2014-03-20 16:48:11 —-D—- C:\rsit

  2014-03-20 16:48:11 —-D—- C:\Program Files\trend micro

  2014-03-19 15:11:54 —-SHD—- C:\Config.Msi

  2014-03-15 09:31:44 —-A—- C:\Windows\system32\wwansvc.dll

  2014-03-15 09:31:42 —-A—- C:\Windows\system32\win32k.sys

  2014-03-15 09:31:40 —-A—- C:\Windows\SYSWOW64\wer.dll

  2014-03-15 09:31:40 —-A—- C:\Windows\system32\wer.dll

  2014-03-15 09:31:37 —-A—- C:\Windows\SYSWOW64\iertutil.dll

  2014-03-15 09:31:37 —-A—- C:\Windows\SYSWOW64\iernonce.dll

  2014-03-15 09:31:37 —-A—- C:\Windows\system32\iertutil.dll

  2014-03-15 09:31:37 —-A—- C:\Windows\system32\ieetwcollectorres.dll

  2014-03-15 09:31:36 —-A—- C:\Windows\SYSWOW64\urlmon.dll

  2014-03-15 09:31:36 —-A—- C:\Windows\SYSWOW64\mshtml.dll

  2014-03-15 09:31:36 —-A—- C:\Windows\SYSWOW64\msfeeds.dll

  2014-03-15 09:31:36 —-A—- C:\Windows\SYSWOW64\ieetwproxystub.dll

  2014-03-15 09:31:34 —-A—- C:\Windows\SYSWOW64\iesetup.dll

  2014-03-15 09:31:34 —-A—- C:\Windows\system32\iernonce.dll

  2014-03-15 09:31:33 —-A—- C:\Windows\SYSWOW64\jsproxy.dll

  2014-03-15 09:31:33 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll

  2014-03-15 09:31:33 —-A—- C:\Windows\SYSWOW64\ieui.dll

  2014-03-15 09:31:33 —-A—- C:\Windows\system32\urlmon.dll

  2014-03-15 09:31:33 —-A—- C:\Windows\system32\ieetwproxystub.dll

  2014-03-15 09:31:32 —-A—- C:\Windows\SYSWOW64\ieframe.dll

  2014-03-15 09:31:32 —-A—- C:\Windows\system32\msfeeds.dll

  2014-03-15 09:31:31 —-A—- C:\Windows\system32\iesetup.dll

  2014-03-15 09:31:31 —-A—- C:\Windows\system32\ie4uinit.exe

  2014-03-15 09:31:29 —-A—- C:\Windows\SYSWOW64\wininet.dll

  2014-03-15 09:31:29 —-A—- C:\Windows\SYSWOW64\msrating.dll

  2014-03-15 09:31:29 —-A—- C:\Windows\SYSWOW64\jscript9.dll

  2014-03-15 09:31:29 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe

  2014-03-15 09:31:29 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll

  2014-03-15 09:31:29 —-A—- C:\Windows\system32\jsproxy.dll

  2014-03-15 09:31:28 —-A—- C:\Windows\system32\ieui.dll

  2014-03-15 09:31:28 —-A—- C:\Windows\system32\ieetwcollector.exe

  2014-03-15 09:31:27 —-A—- C:\Windows\system32\ieframe.dll

  2014-03-15 09:31:26 —-A—- C:\Windows\system32\jscript9diag.dll

  2014-03-15 09:31:26 —-A—- C:\Windows\system32\jscript9.dll

  2014-03-15 09:31:26 —-A—- C:\Windows\system32\ieUnatt.exe

  2014-03-15 09:31:25 —-A—- C:\Windows\system32\ieapfltr.dll

  2014-03-15 09:31:24 —-A—- C:\Windows\system32\wininet.dll

  2014-03-15 09:31:24 —-A—- C:\Windows\system32\msrating.dll

  2014-03-15 09:31:23 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe

  2014-03-15 09:31:23 —-A—- C:\Windows\system32\mshtml.dll

  2014-03-15 09:30:03 —-A—- C:\Windows\system32\qedit.dll

  2014-03-15 09:30:02 —-A—- C:\Windows\SYSWOW64\qedit.dll

  2014-03-15 09:29:58 —-A—- C:\Windows\SYSWOW64\WindowsCodecs.dll

  2014-03-15 09:29:58 —-A—- C:\Windows\system32\WindowsCodecs.dll

  2014-03-10 20:03:27 —-A—- C:\Windows\system32\drivers\aswndisflt.sys

  2014-03-10 20:02:50 —-A—- C:\Windows\system32\drivers\aswKbd.sys

  2014-03-01 13:17:16 —-A—- C:\Windows\SYSWOW64\PerfStringBackup.INI

  2014-03-01 13:13:49 —-D—- C:\Windows\Migration

  ======List of files/folders modified in the last 1 month======

  2014-03-20 16:48:18 —-D—- C:\Windows\Prefetch

  2014-03-20 16:48:14 —-D—- C:\Windows\Temp

  2014-03-20 16:48:11 —-RD—- C:\Program Files

  2014-03-20 16:46:14 —-D—- C:\Windows\inf

  2014-03-20 16:46:13 —-D—- C:\Windows\debug

  2014-03-20 16:46:13 —-D—- C:\Windows

  2014-03-20 16:41:37 —-A—- C:\Windows\SYSWOW64\log.txt

  2014-03-20 16:41:28 —-D—- C:\Windows\system32\Tasks

  2014-03-20 16:41:24 —-D—- C:\Program Files\CCleaner

  2014-03-20 16:40:11 —-RD—- C:\Program Files (x86)

  2014-03-20 16:39:42 —-D—- C:\Windows\system32\config

  2014-03-20 16:34:51 —-D—- C:\Windows\system32\catroot

  2014-03-20 16:28:22 —-D—- C:\Windows\system32\catroot2

  2014-03-20 16:28:17 —-D—- C:\Windows\winsxs

  2014-03-20 16:20:26 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware

  2014-03-20 16:19:38 —-D—- C:\Windows\system32\drivers

  2014-03-19 21:34:01 —-D—- C:\Windows\system32\MRT

  2014-03-19 21:33:58 —-A—- C:\Windows\system32\MRT.exe

  2014-03-19 21:33:46 —-SHD—- C:\System Volume Information

  2014-03-19 19:47:51 —-D—- C:\Windows\System32

  2014-03-19 19:47:51 —-A—- C:\Windows\system32\PerfStringBackup.INI

  2014-03-19 15:13:48 —-SHD—- C:\Windows\Installer

  2014-03-19 15:13:25 —-D—- C:\ProgramData\Adobe

  2014-03-19 15:13:22 —-D—- C:\Program Files (x86)\Common Files

  2014-03-19 15:13:22 —-D—- C:\Program Files (x86)\Adobe

  2014-03-19 15:11:37 —-D—- C:\Windows\SysWOW64

  2014-03-19 14:48:54 —-D—- C:\Users\Kayleigh\AppData\Roaming\Mozilla

  2014-03-18 15:09:31 —-D—- C:\Windows\system32\NDF

  2014-03-16 13:48:56 —-D—- C:\Windows\system32\wdi

  2014-03-16 09:35:15 —-D—- C:\Program Files (x86)\Internet Explorer

  2014-03-16 09:35:14 —-D—- C:\Program Files\Internet Explorer

  2014-03-16 09:34:55 —-D—- C:\Program Files\Microsoft Silverlight

  2014-03-16 09:34:54 —-D—- C:\Program Files (x86)\Microsoft Silverlight

  2014-03-16 00:52:47 —-D—- C:\ProgramData\Microsoft Help

  2014-03-15 10:17:21 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe

  2014-03-10 20:03:34 —-D—- C:\Windows\system32\DriverStore

  2014-03-10 20:01:42 —-RD—- C:\Program Files (x86)\Skype

  2014-03-10 20:01:34 —-D—- C:\ProgramData\Skype

  2014-03-03 10:16:57 —-D—- C:\Windows\Microsoft.NET

  2014-03-01 13:21:31 —-RSD—- C:\Windows\assembly

  2014-03-01 13:14:13 —-D—- C:\Windows\SYSWOW64\en-US

  2014-03-01 13:14:13 —-D—- C:\Windows\system32\en-US

  2014-03-01 13:13:49 —-SD—- C:\ProgramData\Microsoft

  2014-02-23 09:40:46 —-D—- C:\Windows\rescache

  ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

  R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys

  R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys

  R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys

  R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys

  R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

  R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

  R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS

  R1 aswKbd;aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys

  R1 aswNdisFlt;Avast! Firewall Driver; C:\Windows\system32\DRIVERS\aswNdisFlt.sys

  R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys

  R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys

  R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys

  R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys

  R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys

  R3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys

  R3 CeKbFilter;CeKbFilter; C:\Windows\system32\DRIVERS\CeKbFilter.sys

  R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

  R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys

  R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys

  R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys

  R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys

  R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys

  R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys

  R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys

  R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys

  R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys

  R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys

  S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys

  S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys

  S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys

  S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys

  S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys

  S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys

  S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys

  S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys

  S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys

  S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys

  S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys

  ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

  R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

  R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe

  R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe

  R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe

  R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

  R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

  R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

  R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

  R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe

  R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe

  R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe

  R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

  R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

  R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

  R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe

  R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

  R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

  R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

  S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

  S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

  S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

  S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe

  S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

  S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

  S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

  S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

  S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe

  S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe

  S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe

  S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

  S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

  S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

  S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

  S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe

  S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

  S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

  S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

  S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

  S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

  —————–EOF—————–

  heb hier een laptop van mijn schoondochter waar heel veel malware opstond en erg traag was

  volgens mij draaien er ook teveel virusscanner mee

  ik wil er mse op zetten is dat mogelijk?

  logjes

  Rapporteren
• 

  Dennis

  20-03-2014 16:57

  vervolg

  Malwarebytes Anti-Malware 1.75.0.1300

  www.malwarebytes.org

  Databaseversie: v2014.03.20.03

  Windows 7 Service Pack 1 x64 NTFS

  Internet Explorer 11.0.9600.16521

  Kayleigh :: KAYLEIGH-TOSH

  20-3-2014 16:23:28

  mbam-log-2014-03-20 (16-23-28).txt

  Scan type: Snelle scan

  Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

  Uitgeschakelde scan opties: P2P

  Objecten gescand: 226291

  Verstreken tijd: 13 minuut/minuten, 42 seconde(n)

  Geheugenprocessen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Geheugenmodulen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registersleutels gedetecteerd: 11

  HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\VideoDownloadConverter_4z.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\VideoDownloadConverter_4z.SkinLauncher (PUP.Optional.FunWebProducts.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\VideoDownloadConverter_4z.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\VideoDownloadConverter_4z.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  Registerwaarden gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registerdata gedetecteerd: 1

  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Slecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Goed: () -> Succesvol in quarantaine geplaatst en gerepareerd.

  Mappen gedetecteerd: 27

  C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

  C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

  C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

  C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

  C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

  C:\Program Files (x86)\SearchProtect\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

  C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

  C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\902974ADF2374D4D8D95EC08017EA584 (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\9C76D4BAA25C40A4A16A79C80210F9AB (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\AFB00E890316406C87609B5D1A685901 (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\CA129AE253304449950B9619FC8A1F0F (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\D055BB9D62F142B8B4E4A8351DB52B40 (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\F5623701EB0C4100BEE29DE2F6F7EB67 (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  Bestanden gedetecteerd: 115

  C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Zal worden verwijderd tijdens het herstarten.

  C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Zal worden verwijderd tijdens het herstarten.

  C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Zal worden verwijderd tijdens het herstarten.

  C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Zal worden verwijderd tijdens het herstarten.

  C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zsknlcr.dll (PUP.Optional.FunWebProducts.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\9C76D4BAA25C40A4A16A79C80210F9AB\DeltaTB.exe (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\CA129AE253304449950B9619FC8A1F0F\sp-downloader.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nsc3C58.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nsc4AFA.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nsc8933.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nsc8F3C.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nsh8720.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nsh9796.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nsn7295.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nss791C.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nss8E24.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nss91CD.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nsx42EE.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nsx762E.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nsl4683.tmp\InstallManager.exe (PUP.Optional.InstallMonetizer.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nsm1C7\SpSetup.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Local\Temp\nsx4C6E\SpSetup.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Windows\Temp\nse3EC8.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Windows\Temp\nseA26B.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Windows\Temp\nssFB63.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Windows\Temp\nsu3ED8.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Windows\Temp\nsuAAF.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Windows\Temp\nsx6E70.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Windows\Temp\nsxCB6D.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Windows\Temp\nsxCBBB.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\Downloads\DownloadSetup__2299_i356465886_il11.exe (PUP.Optional.Amonetize) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\Local Settings\Temporary Internet Files\Content.IE5\24QFQNZ1\SPSetup.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\Local Settings\Temporary Internet Files\Content.IE5\AIKIY9WA\Flvto_Converter_7428.exe (PUP.Optional.InstallMonetizer.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\Local Settings\Temporary Internet Files\Content.IE5\BT7N8TR1\sp-downloader.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\Local Settings\Temporary Internet Files\Content.IE5\BT7N8TR1\spstub.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1392323622950 (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\902974ADF2374D4D8D95EC08017EA584\4009.ico (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\902974ADF2374D4D8D95EC08017EA584\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\902974ADF2374D4D8D95EC08017EA584\OCBrowserHelper_1.0.3.85.dll (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\902974ADF2374D4D8D95EC08017EA584\setup_759.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\9C76D4BAA25C40A4A16A79C80210F9AB\5639.ico (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\9C76D4BAA25C40A4A16A79C80210F9AB\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\9C76D4BAA25C40A4A16A79C80210F9AB\OCBrowserHelper_1.0.6.125.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\AFB00E890316406C87609B5D1A685901\PCSU_SL_3.1.2.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\D055BB9D62F142B8B4E4A8351DB52B40\DivXInstaller.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  C:\Users\Kayleigh\AppData\Roaming\OpenCandy\F5623701EB0C4100BEE29DE2F6F7EB67\TuneUpUtilities2013-2200334_nl-NL.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

  (einde)

  Rapporteren
• 

  Ben

  20-03-2014 17:08

  Hallo,

  Zover ik zie staat alleen Avast erop, dit is één van de betere gratis scanners.

  Maar we kijken even verder.

  Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.

  Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

  Download Zoek.exe naar het bureaublad.

  * Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

  Zoek.exe uitvoeren

  Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

  * Dubbelklik vervolgens op Zoek.exe om de tool te starten.

  * Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

  * Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:

  * Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

  firefoxlook;

  emptyclsid;

  torpigcheck;

  emptyfolderscheck;delete

  {872b5b88-9db5-4310-bdd0-ac189557e5f5};c

  C:\Program Files (x86)\WhiteSmoke_US_New;fs

  {48586425-6bb7-4f51-8dc6-38c88e3ebb58};c

  ;r

  “AppInit_DLLs”=-;r

  C:\PROGRA~2\SearchProtect;fs

  chromelook;

  standardsearch;

  filesrcm;

  autoclean;

  startupall;

  * Klik nu op de knop "Run script".

  * Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  * Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  * Post het geopende logje in het volgende bericht.

  Rapporteren
• 

  Dennis

  20-03-2014 18:13

  hoi ben

  zoek exe doet al 1 uur nix meer????

  Rapporteren
• 

  Ben

  20-03-2014 18:18

  Hallo Dennis,

  Dan sluit je zoek.exe af en probeer het volgende;

  Download ZHPDiag naar het bureaublad.

  Antivirussoftware uitschakelen

  Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPDiag.

  Antivirus software uitschakelen

  Antispy & malware software uitschakelen

  ZHPDiag installeren

  Dubbelklik op zhpdiag.exe om de installatie te starten.

  Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

  Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.

  Klik op "Installer“ wanneer daar om gevraagd wordt en op ”Terminer" wanneer de installatie voltooid is.

  ZHPDiag uitvoeren

  Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

  • Dubbelklik op de snelkoppeling met de naam ZHPDiag

  • Het startvenster verschijnt, klik nu op "Configureren".

  • Als de taal niet als Nederlands is ingesteld klik rechts onderaan op het

    

    icoontje "Sélectionner une langue“ en kies ”Néerlandais".

  • Klik daarna links onderaan op het

    

    icoontje "Diagnosemogelijkheden".

  • Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.

    Plaats dat logje.

  Rapporteren
• 

  dennis

  20-03-2014 18:35

  logje

  ~ Verslag van ZHPDiag v2014.3.19.15 - Nicolas Coolman (19-3-2014)

  ~ Gelanceerd door Kayleigh (20-3-2014 18:29:55)

  ~ Het adres van de website : http://nicolascoolman.webs.com

  ~ Gratis supportforum voor desinfectie : http://nicolascoolman.webs.com/apps/links/

  ~ Vertaald door de gebruiker

  ~ Staat van de versie :

  ~ Lijst wit : Ingeschakeld door het programma

  ~ Tot misbruik van bevoegdheden : OK

  ~ Gebruikersaccountbeheer (UAC) : Activate by user

  —\\ Internet-browsers

  MSIE: Internet Explorer v11.0.9600.16521

  MFIE: Mozilla Firefox 27.0.1 (Defaut)

  GCIE: Google Chrome v33.0.1750.154

  OBIE: Safari v5.34.57.2

  —\\ Windows productinformatie

  ~ Langage: Néerlandais

  Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

  Windows Server License Manager Script : OK

  Software Protection Service (Protection logicielle) : OK

  Windows Automatic Updates : OK

  Windows Activation Technologies : OK

  —\\ Software om het systeem te beveiligen

  avast! Internet Security v9.0.2013

  Malwarebytes Anti-Malware versie 1.75.0.1300

  McAfee Security Scan Plus v3.8.141.11

  Windows Defender W7

  —\\ Systeem optimalisatie software

  CCleaner v4.10 =>Piriform Ltd

  —\\ Delen van software PeerToPeer

  —\\ Software die extra aandacht behoeft

  Adobe Flash Player 12 Plugin

  Adobe Reader XI - Nederlands

  —\\ Informatie over het systeem

  ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

  ~ Operating System: 64 Bits

  Boot mode: Normal (Normal boot)

  Total RAM: 4073 MB (59% free)

  System Restore: Activé (Enable)

  System drive C: has 165 GB (70%) free of 233 GB

  —\\ Verbinding met het systeem-modus

  ~ Computer Name: KAYLEIGH-TOSH

  ~ User Name: Kayleigh

  ~ All Users Names: Kayleigh, Gast, Administrator,

  ~ Unselected Option: None

  Logged in as Administrator

  —\\ Omgevingsvariabelen

  ~ System Unit : C:\

  ~ %AppZHP% : C:\Users\Kayleigh\AppData\Roaming\ZHP\

  ~ %AppData% : C:\Users\Kayleigh\AppData\Roaming\

  ~ %Desktop% : C:\Users\Kayleigh\Desktop\

  ~ %Favorites% : C:\Users\Kayleigh\Favorites\

  ~ %LocalAppData% : C:\Users\Kayleigh\AppData\Local\

  ~ %StartMenu% : C:\Users\Kayleigh\AppData\Roaming\Microsoft\Windows\Start Menu\

  ~ %Windir% : C:\Windows\

  ~ %System% : C:\Windows\System32\

  —\\ Overzicht vaste en verwisselbare stations

  C: Hard drive, Flash drive, Thumb drive (Free 165 Go of 233 Go)

  D: Hard drive, Flash drive, Thumb drive (Free 221 Go of 232 Go)

  E: CD-ROM drive (Not Inserted)

  —\\ Staat van het Windows Beveiligingscentrum

  NoActiveDesktopChanges: Modified

  ~ Security Center: 41 Legitimates Filtered in 00mn 00s

  —\\ Zoeken naar bepaalde algemene bestanden

  - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) – C:\Windows\Explorer.exe

  - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) – C:\Windows\System32\Wininit.exe

  - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.1-3-2014 - 4:10:28.) – C:\Windows\System32\wininet.dll

  - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.21-11-2010 - 4:24:29.) – C:\Windows\System32\Winlogon.exe

  - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.21-11-2010 - 4:24:16.) – C:\Windows\System32\sppcomapi.dll

  - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-9-2013 - 2:09:10.) – C:\Windows\system32\Drivers\AFD.sys

  - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) – C:\Windows\system32\Drivers\atapi.sys

  - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) – C:\Windows\system32\Drivers\Cdfs.sys

  - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21-11-2010 - 4:23:47.) – C:\Windows\system32\Drivers\Cdrom.sys

  - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21-11-2010 - 4:24:32.) – C:\Windows\system32\Drivers\DfsC.sys

  - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21-11-2010 - 4:23:47.) – C:\Windows\system32\Drivers\HDAudBus.sys

  - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) – C:\Windows\system32\Drivers\i8042prt.sys

  - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) – C:\Windows\system32\Drivers\IpNat.sys

  - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) – C:\Windows\system32\Drivers\MRxSmb.sys

  - (.Microsoft Corporation - MBT Transport driver.) (.21-11-2010 - 4:23:51.) – C:\Windows\system32\Drivers\netBT.sys

  - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.12-4-2013 - 15:45:08.) – C:\Windows\system32\Drivers\ntfs.sys

  - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) – C:\Windows\system32\Drivers\Parport.sys

  - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21-11-2010 - 4:24:33.) – C:\Windows\system32\Drivers\Rasl2tp.sys

  - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) – C:\Windows\system32\Drivers\smb.sys

  - (.Microsoft Corporation - TDI Translation Driver.) (.21-11-2010 - 4:24:32.) – C:\Windows\system32\Drivers\tdx.sys

  - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.21-11-2010 - 4:23:47.) – C:\Windows\system32\Drivers\volsnap.sys

  ~ Generic Processes: Scanned in 00mn 00s

  —\\ Status van de verborgen bestanden (verborgen/totaal)

  ~ Mes images (My Pictures) : 1/3394

  ~ Mes musiques (My Musics) : 328/2025

  ~ Mes Videos (My Videos) : 1/6

  ~ Mes Favoris (My Favorites) : 1/28

  ~ Mes Documents (My Documents) : 1/1033

  ~ Mon Bureau (My Desktop) : 1/21

  ~ Menu demarrer (Programs) : 1/25

  ~ Hidden Files: Scanned in 00mn 06s

  —\\ Gestarte processen

  - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) – C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe

  - (.TOSHIBA CORPORATION - KeNotify MFC Application.) – C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

  - (.AVAST Software - avast! Antivirus.) – C:\Program Files\AVAST Software\Avast\AvastUI.exe

  - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) – C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

  - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) – C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

  - (.Microsoft Corporation - Internet Explorer.) – C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe

  - (.Nicolas Coolman - ZHPDiag.) – C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe

  - (.AVAST Software - avast! Service.) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe

  - (.AVAST Software - avast! firewall service.) – C:\Program Files\AVAST Software\Avast\afwServ.exe

  - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

  - (.Apple Inc. - MobileDeviceService.) – C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  - (.Realsil Microelectronics Inc. - Realtek Card Reader Icon Tool..) – C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

  - (.TOSHIBA CORPORATION - ConfigFree Service Process.) – C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

  - (.Intel Corporation - Local Manageability Service.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

  - (.Nero AG - NeroUpdate.) – c:\Program Files (x86)\Nero\Update\NASvc.exe

  - (.Intel Corporation - User Notification Service.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

  ~ Processes Running: Scanned in 00mn 01s

  —\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)

  C:\Users\Kayleigh\AppData\Local\Google\Chrome\User Data\Default\Preferences

  G1 - GCS: Preference http://www.trovigo.com =>Hijacker.Trovigo

  G0 - GCSP: Preference http://www.trovigo.com =>Hijacker.Trovigo

  G2 - GCE: Preference Winkel v.0.2 (Activé)

  G2 - GCE: Preference Extutil v.0.1 (Activé)

  G2 - GCE: Preference McAfee Security Scan+ v.3.8.141.12 (Désactivé)

  G2 - GCE: Preference Managera v.0.1 (Activé)

  G2 - GCE: Preference Google Network Speech v.1.0 (Activé)

  G2 - GCE: Preference Hangout Services v.1.0 (Activé)

  ~ Google Browser: 21 Legitimates Filtered in 00mn 02s

  —\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)

  C:\Users\Kayleigh\AppData\Roaming\Mozilla\Firefox\Profiles\ykpqa5z2.default\prefs.js

  M3 - MFPP: Plugins - – C:\Users\Kayleigh\AppData\Roaming\Mozilla\Firefox\Profiles\ykpqa5z2.default\searchplugins\conduit-search.xml =>Toolbar.Conduit

  M0 - MFSP: prefs.js http://www.trovigo.com =>Hijacker.Trovigo

  M2 - MFEP: prefs.js Speed Dial - New Tab Page, Sync v (..) =>PUP.QuickShare

  ~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s

  —\\ Internet Explorer, start, zoeken, URLSearchHook, Phishing (R0, R1, R3, R4)

  R3 - URLSearchHook: WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) – C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll =>PUP.WhiteSmoke

  ~ IE Browser: 21 Legitimates Filtered in 00mn 00s

  —\\ Internet Explorer, proxybeheer (R5)

  R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

  R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

  R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

  R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

  R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

  R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

  ~ Proxy management: Scanned in 00mn 00s

  —\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's

  F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

  F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

  F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

  ~ Keys: Scanned in 00mn 00s

  —\\ Hosts-bestand omleiding (O1)

  ~ Le fichier hosts est sain (The hosts file is clean).

  ~ Hosts File: Scanned in 00mn 00s

  ~ Nombre de lignes (Lines number): 21

  —\\ Browser Helper-objecten vanuit browser (O2)

  O2 - BHO: WhiteSmoke US New - {462be121-2b54-4218-bf00-b9bf8135b23f} . (.Conduit Ltd. - Conduit Toolbar.) – C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll =>PUP.WhiteSmoke

  ~ BHO: 14 Legitimates Filtered in 00mn 00s

  —\\ Internet Explorer werkbalken (O3)

  O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) – C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

  O3 - Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan sleutel

  O3 - Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} Orphan sleutel

  O3 - Toolbar\WebBrowser: (no name) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} Orphan sleutel

  O3 - Toolbar\WebBrowser: (no name) - {462BE121-2B54-4218-BF00-B9BF8135B23F} Orphan sleutel

  ~ Toolbar: Scanned in 00mn 00s

  —\\ Andere Verwijzigingen gebruikers (O4)

  O4 - GS\Desktop : Google Chrome.lnk . (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

  O4 - GS\Desktop : Manual.lnk . (.TOSHIBA - Toshiba Regensburg EXternal file Launcher.) – C:\Program Files (x86)\TOSHIBA\Manuals\TREXLauncher.exe

  O4 - GS\Desktop : McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) – C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe

  O4 - GS\Desktop : Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe

  O4 - GS\Desktop : Safari.lnk . (…) – C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

  O4 - GS\Program : Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe

  O4 - GS\Program : Photo-Service.lnk . (…) – C:\Program Files (x86)\Photo-Service\Photo-Service.exe

  O4 - GS\Program : Safari.lnk . (…) – C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

  O4 - GS\QuickLaunch : Apple Safari.lnk . (…) – C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

  O4 - GS\QuickLaunch : Google Chrome.lnk . (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

  O4 - GS\QuickLaunch : Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files (x86)\Internet Explorer\iexplore.exe

  O4 - GS\TaskBar : Google Chrome.lnk . (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

  O4 - GS\TaskBar : Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files (x86)\Internet Explorer\iexplore.exe

  O4 - GS\TaskBar : Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe

  O4 - GS\Program : Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files (x86)\Internet Explorer\iexplore.exe

  O4 - GS\SystemTools : Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files (x86)\Internet Explorer\iexplore.exe

  O4 - GS\Desktop : Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files (x86)\Internet Explorer\iexplore.exe

  ~ Global Startup: 84 Legitimates Filtered in 00mn 02s

  —\\ Toepassingen gestart door register & bestand (O4)

  O4 - GS\Startup : McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) – C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

  O4 - GS\Startup : Toshiba Places Icon Utility.lnk . (.Toshiba - Toshiba Places Icon Utility.) – C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

  O4 - GS\Startup : OneNote 2010 Schermopname en Snel starten.lnk . (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) – C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe =>.Microsoft Corporation

  O4 - HKLM\..\Run: C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe (.not file.)

  O4 - HKLM\..\Run: C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (.not file.)

  O4 - HKLM\..\Run: . (.Toshiba Europe GmbH - Toshiba TEMPRO.) – C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe =>.Toshiba Corporation

  O4 - HKLM\..\Run: C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.)

  O4 - HKLM\..\Run: C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.)

  O4 - HKLM\..\Run: . (.Realtek Semiconductor - Realtek HD Audio configuratie.) – C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

  O4 - HKLM\..\Run: . (.Realtek Semiconductor - HD Audio Background Process.) – C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

  O4 - HKLM\..\Run: C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)

  O4 - HKLM\..\Run: . (.TOSHIBA Corporation - No Comment.) – C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

  O4 - HKLM\..\Run: . (.TOSHIBA Corporation - Toshiba Volume Regulator.) – C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe =>.Toshiba Corporation

  O4 - HKLM\..\Run: . (.Toshiba Europe GmbH - Toshiba Notebook Registration Reminder.) – C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe

  O4 - HKCU\..\Run: . (.TOSHIBA - TOSHIBA Online Product Information.) – C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation

  O4 - HKCU\..\Run: . (.Google Inc. - Google Installer.) – C:\Users\Kayleigh\AppData\Local\Google\Update\GoogleUpdate.exe

  O4 - HKLM\..\Wow6432Node\Run: . (.TOSHIBA - SVPWUTIL Application.) – C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe

  O4 - HKLM\..\Wow6432Node\Run: . (.TOSHIBA Electronics, Inc. - HWSetup.) – C:\Program Files\TOSHIBA\Utilities\HWSetup.exe

  O4 - HKLM\..\Wow6432Node\Run: . (.TOSHIBA CORPORATION - KeNotify MFC Application.) – C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

  O4 - HKLM\..\Wow6432Node\Run: . (.TOSHIBA Corporation - TOSHIBA Service Station.) – C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation

  O4 - HKLM\..\Wow6432Node\Run: . (.Apple Inc. - Apple Push.) – C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

  O4 - HKLM\..\Wow6432Node\Run: . (.AVAST Software - avast! Antivirus.) – C:\Program Files\AVAST Software\Avast\AvastUI.exe

  O4 - HKLM\..\Wow6432Node\Run: . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated

  O4 - HKUS\.DEFAULT\..\Run: . (.TOSHIBA - TOSHIBA Online Product Information.) – C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation

  O4 - HKUS\S-1-5-18\..\Run: . (.TOSHIBA - TOSHIBA Online Product Information.) – C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation

  O4 - HKUS\S-1-5-19\..\Run: . (.Microsoft Corporation - Windows-bureaubladgadgets.) – C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

  O4 - HKUS\S-1-5-19\..\Run: . (.TOSHIBA - TOSHIBA Online Product Information.) – C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation

  O4 - HKUS\S-1-5-20\..\Run: . (.Microsoft Corporation - Windows-bureaubladgadgets.) – C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

  O4 - HKUS\S-1-5-20\..\Run: . (.TOSHIBA - TOSHIBA Online Product Information.) – C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation

  O4 - HKUS\S-1-5-19\..\RunOnce: . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

  O4 - HKUS\S-1-5-20\..\RunOnce: . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

  O4 - HKUS\S-1-5-21-3414775462-2620423805-1927351078-1000\..\Run: . (.TOSHIBA - TOSHIBA Online Product Information.) – C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation

  O4 - HKUS\S-1-5-21-3414775462-2620423805-1927351078-1000\..\Run: . (.Google Inc. - Google Installer.) – C:\Users\Kayleigh\AppData\Local\Google\Update\GoogleUpdate.exe

  ~ Application: Scanned in 00mn 00s

  —\\ Knoppen op de werkbalk “belangrijkste instrumenten” Internet Explorer (O9)

  O9 - Extra button: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)

  O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} – C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)

  O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} . (…) – C:\Program Files\TOSHIBA\BulletinBoard\images\pin.ico

  O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (…) – C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\dvdvideosoft.ico

  ~ IE Extra Buttons: Scanned in 00mn 00s

  —\\ Domeinadres van de DNS (O17) wijzigen

  O17 - HKLM\System\CCS\Services\Tcpip\..\{EEA37E85-F912-4321-B12B-D6183AC552AB}: DhcpNameServer = 212.54.40.25 212.54.35.25

  O17 - HKLM\System\CS1\Services\Tcpip\..\{EEA37E85-F912-4321-B12B-D6183AC552AB}: DhcpNameServer = 212.54.40.25 212.54.35.25

  O17 - HKLM\System\CS2\Services\Tcpip\..\{EEA37E85-F912-4321-B12B-D6183AC552AB}: DhcpNameServer = 212.54.40.25 212.54.35.25

  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25

  ~ Domain: Scanned in 00mn 00s

  —\\ Aanvullend Protocol (O18)

  O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) –

  O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) – C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation

  ~ Protocole Additionnel: Scanned in 00mn 00s

  —\\ AppInit_DLLs waarde en subsleutels Winlogon Notify (autorun) (O20)

  O20 - AppInit_DLLs: . (…) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (.not file.) =>Toolbar.Conduit

  ~ AppInit DLL: Scanned in 00mn 00s

  —\\ Geïnstalleerde software (O42)

  O42 - Logiciel: Video Download Converter version 1.0.0.0 - (…) – VDC_is1 =>Adware.VideoDownloadConverter

  O42 - Logiciel: WhiteSmoke US New Toolbar - (.WhiteSmoke US New.) – WhiteSmoke_US_New Toolbar =>PUP.WhiteSmoke

  ~ Logic: 35 Legitimates Filtered in 00mn 01s

  —\\ HKCU & HKLM Software Keys

  =>Toolbar.Conduit

  =>PUP.WhiteSmoke

  ~ Key Software: 338 Legitimates Filtered in 00mn 01s

  —\\ ‘Inhoud van mappen programma’s, ProgramFiles, ProgramData, AppData (O43)

  O43 - CFD: 25-8-2012 - 19:11:40 - —-D C:\Program Files (x86)\Conduit

  O43 - CFD: 17-10-2012 - 18:19:19 - —-D C:\Program Files (x86)\PC Speed Up

  O43 - CFD: 13-10-2012 - 11:43:52 - —-D C:\Program Files (x86)\Video Download Converter =>Adware.VideoDownloadConverter

  O43 - CFD: 15-10-2012 - 17:55:11 - —-D C:\Program Files (x86)\WhiteSmoke_US_New =>PUP.WhiteSmoke

  O43 - CFD: 17-10-2012 - 18:15:11 - —-D C:\Users\Kayleigh\AppData\Local\Conduit

  ~ Program Folder: 168 Legitimates Filtered in 00mn 29s

  —\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)

  O44 - LFC: - 20-3-2014 - 17:17:28 —A- . (…) – C:\zoek-results.log

  O44 - LFC: - 20-3-2014 - 17:23:09 —A- . (…) – C:\folders.log

  O44 - LFC: - 20-3-2014 - 17:23:16 —A- . (…) – C:\runcheck.txt

  ~ Files: 44 Legitimates Filtered in 00mn 04s

  —\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45)

  O45 - LFCP: - 20-3-2014 - 16:16:07 —A- - C:\Windows\Prefetch\CLTMNG.EXE-2AA8FD1D.pf

  O45 - LFCP: - 20-3-2014 - 16:21:37 —A- - C:\Windows\Prefetch\IS-POHMD.EXE-7743258F.pf

  O45 - LFCP: - 20-3-2014 - 16:48:18 —A- - C:\Windows\Prefetch\KAYLEIGH.EXE-817C608F.pf

  O45 - LFCP: - 20-3-2014 - 16:48:19 —A- - C:\Windows\Prefetch\RSITX64.EXE-92466821.pf

  O45 - LFCP: - 20-3-2014 - 17:12:56 —A- - C:\Windows\Prefetch\PEVZ.EXE-FFC957E1.pf

  O45 - LFCP: - 20-3-2014 - 17:12:58 —A- - C:\Windows\Prefetch\WGET.EXE-04D14D7A.pf

  O45 - LFCP: - 20-3-2014 - 17:13:05 —A- - C:\Windows\Prefetch\ZOEK.EXE-51E5C2C2.pf

  O45 - LFCP: - 20-3-2014 - 17:22:17 —A- - C:\Windows\Prefetch\FIND.EXE-9AADDA11.pf

  O45 - LFCP: - 20-3-2014 - 17:23:09 —A- - C:\Windows\Prefetch\REMOVE.EXE-95BDBDB5.pf

  O45 - LFCP: - 20-3-2014 - 17:23:16 —A- - C:\Windows\Prefetch\PEVZ.EXE-54EC5240.pf

  O45 - LFCP: - 20-3-2014 - 17:40:10 —A- - C:\Windows\Prefetch\INSTUP.EXE-7E543EAF.pf

  ~ Prefetcher: 139 Legitimates Filtered in 00mn 00s

  —\\ Registersleutel Shell MountPoints2 (MPKS) (O51)

  O51 - MPSK:{c88a3eb8-a36e-11e3-9ed4-b870f4c8fd56}\AutoRun\command. (…) – F:\laucher.exe (.not file.)

  ~ Keys: Scanned in 00mn 00s

  —\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53)

  O53 - SMSR:HKLM\…\startupreg\MobileDocuments . (…) – C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (.not file.)

  O53 - SMSR:HKLM\…\startupreg\VideoDownloadConverter Search Scope Monitor . (.MindSpark - MindSpark Toolbar Platform SearchScope Moni.) – C:\Program Files (x86)\VIDEOD~2\bar\1.bin\4zsrchmn.exe =>Adware.VideoDownloadConverter

  O53 - SMSR:HKLM\…\startupreg\VideoDownloadConverter_4z Browser Plugin Loader . (…) – C:\Program Files (x86)\VIDEOD~2\bar\1.bin\4zbrmon.exe (.not file.) =>Adware.VideoDownloadConverter

  ~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s

  —\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)

  O55 - MWPS: - “EnableUIADesktopToggle”=0

  O55 - MWPS: - “FilterAdministratorToken”=0

  O55 - MWPS: - “EnableLinkedConnections”=1

  ~ MWPS: 17 Legitimates Filtered in 00mn 00s

  —\\ Opsomming van de registersleutel PoliciesExplorer (CÖKVI) (O56)

  O56 - MWPE: - “NoActiveDesktopChanges”=1

  ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

  —\\ Overzicht van de drivers (SDL) (O58)

  O58 - SDL: - 3-2-2014 - 21:38:18 —A- . (…) – C:\Windows\System32\Drivers\aswRvrt.sys

  O58 - SDL: - 3-2-2014 - 21:38:18 —A- . (…) – C:\Windows\System32\Drivers\aswVmm.sys

  O58 - SDL: - 14-7-2009 - 2:47:48 —A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) – C:\Windows\System32\Drivers\elxstor.sys

  O58 - SDL: - 10-6-2009 - 21:31:59 —A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) – C:\Windows\System32\Drivers\hcw85cir.sys

  O58 - SDL: - 20-9-2012 - 5:35:36 —A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) – C:\Windows\System32\Drivers\ssudbus.sys

  O58 - SDL: - 20-9-2012 - 5:35:36 —A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) – C:\Windows\System32\Drivers\ssudmdm.sys

  O58 - SDL: - 14-7-2009 - 2:45:55 —A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) – C:\Windows\System32\Drivers\stexstor.sys

  O58 - SDL: - 13-12-2012 - 13:50:36 —A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) – C:\Windows\System32\Drivers\usbaapl64.sys

  ~ Drivers: 17 Legitimates Filtered in 00mn 06s

  —\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)

  O61 - LFC: 18-3-2014 - 18:31:39 —A- . (…) – C:\Users\Kayleigh\Documents\School\HU\2013 - 2014\Leerschema periode C.xlsx

  O61 - LFC: 18-3-2014 - 18:31:39 —A- . (…) – C:\Users\Kayleigh\Documents\School\HU\2013 - 2014\PGO\E5 Zuivelbest Kosten baten analyse HACCP - versie 2.1.xlsx

  O61 - LFC: 18-3-2014 - 18:31:39 —A- . (…) – C:\Users\Kayleigh\Documents\School\HU\2013 - 2014\PGO\E5 Zuivelbest Kosten baten analyse HACCP - versie 2.2.xlsx

  O61 - LFC: 18-3-2014 - 18:31:39 —A- . (…) – C:\Users\Kayleigh\Documents\School\HU\2013 - 2014\PGO\Enquêtevragen.docx

  O61 - LFC: 18-3-2014 - 18:31:39 —A- . (…) – C:\Users\Kayleigh\Documents\School\HU\2013 - 2014\PGO\MWJKumpen2011.pdf

  O61 - LFC: 19-3-2014 - 18:31:25 —A- . (…) – C:\Users\Kayleigh\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists

  O61 - LFC: 19-3-2014 - 18:31:25 —A- . (…) – C:\Users\Kayleigh\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

  O61 - LFC: 19-3-2014 - 18:31:30 —A- . (…) – C:\Users\Kayleigh\AppData\Local\Google\Chrome\User Data\Local State

  O61 - LFC: 19-3-2014 - 18:31:31 —A- . (…) – C:\Users\Kayleigh\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\CdmAdapterVersion

  O61 - LFC: 19-3-2014 - 18:31:31 —A- . (…) – C:\Users\Kayleigh\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdm.dll

  O61 - LFC: 19-3-2014 - 18:31:31 —A- . (…) – C:\Users\Kayleigh\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\manifest.fingerprint

  O61 - LFC: 19-3-2014 - 18:31:31 —A- . (…) – C:\Users\Kayleigh\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\manifest.json

  O61 - LFC: 19-3-2014 - 18:31:36 —A- . (…) – C:\Users\Kayleigh\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat =>Toolbar.Conduit

  O61 - LFC: 19-3-2014 - 18:31:39 —A- . (…) – C:\Users\Kayleigh\Downloads\Overzicht herkansingen 4TR3A en 4L3A periode 3 2013-2014.xlsx

  O61 - LFC: 19-3-2014 - 18:31:39 —A- . (…) – C:\Users\Kayleigh\Downloads\opgave_persoonlijke_gegevens_veiligheidsonderzoek_burgerluchtvaart_nl (1).pdf

  O61 - LFC: 19-3-2014 - 18:31:39 —A- . (…) – C:\Users\Kayleigh\Downloads\opgave_persoonlijke_gegevens_veiligheidsonderzoek_burgerluchtvaart_nl (2).pdf

  O61 - LFC: 19-3-2014 - 18:31:39 —A- . (…) – C:\Users\Kayleigh\Downloads\opgave_persoonlijke_gegevens_veiligheidsonderzoek_burgerluchtvaart_nl (3).pdf

  O61 - LFC: 19-3-2014 - 18:31:39 —A- . (…) – C:\Users\Kayleigh\Downloads\opgave_persoonlijke_gegevens_veiligheidsonderzoek_burgerluchtvaart_nl.pdf

  O61 - LFC: 20-3-2014 - 18:31:36 —A- . (…) – C:\Users\Kayleigh\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat =>Toolbar.Conduit

  O61 - LFC: 20-3-2014 - 18:31:36 —A- . (…) – C:\Users\Kayleigh\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat =>Toolbar.Conduit

  O61 - LFC: 20-3-2014 - 18:31:36 —A- . (…) – C:\Users\Kayleigh\AppData\Local\SearchProtect\UI\rep\UIRepository.dat =>Toolbar.Conduit

  O61 - LFC: 20-3-2014 - 18:31:38 —A- . (…) – C:\Users\Kayleigh\AppData\Roaming\ZHP\Log.txt =>.Nicolas Coolman

  O61 - LFC: 20-3-2014 - 18:31:38 —A- . (…) – C:\Users\Kayleigh\AppData\Roaming\ZHP\TestsZHPDiag.txt =>.Nicolas Coolman

  O61 - LFC: 20-3-2014 - 18:31:38 —A- . (…) – C:\Users\Kayleigh\Documents\cc_20140320_164743.reg

  ~ 75 Fichiers temporaires (Temporary files)

  ~ Files: 395 Legitimates Filtered in 00mn 15s

  —\\ Lijst van cleaning tools (CLAB) (O63)

  O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) – ZHPDiag_is1 =>.Nicolas Coolman

  O63 - Logiciel: RSIT - (.random/random.)

  ~ ADS: Scanned in 00mn 00s

  —\\ Startmenu Internet (SMI) (O68)

  O68 - StartMenuInternet: (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe

  O68 - StartMenuInternet: (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

  O68 - StartMenuInternet: (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe

  O68 - StartMenuInternet: (.Apple Inc. - Safari.) – C:\Program Files (x86)\Safari\Safari.exe

  ~ Keys: Scanned in 00mn 00s

  —\\ Zoek "infecties in internetbrowsers (SBI) (O69)

  O69 - SBI: prefs.js user_pref(“browser.search.defaultenginename”, “Conduit Search”);

  O69 - SBI: SearchScopes {11B83169-A460-4173-BB9B-6B8E3AAFABF2} - (eBay) - http://rover.ebay.com =>Toolbar.eBay

  O69 - SBI: SearchScopes {639622FB-DB84-4C72-8AD9-A44E342CD602} - (Bing) - http://www.bing.com

  O69 - SBI: SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com

  O69 - SBI: SearchScopes {E93EC008-CF6B-4C1F-8972-9547A321E96A} - (Amazon) - http://www.amazon.co.uk

  ~ Keys: Scanned in 00mn 00s

  —\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)

  (…) – C:\Users\Kayleigh\Desktop\RSITx64.exe

  (…) – C:\Users\Kayleigh\Desktop\zoek.exe

  ~ Files: 4 Legitimates Filtered in 00mn 00s

  —\\ Microsoft Installer-bestanden (WIS) (NTFS) (O93)

  (.AVG - AVG PC TuneUp 2014 (nl-NL).) – C:\Windows\Installer\7e7ae.msi

  (.AVG - AVG PC TuneUp 2014.) – C:\Windows\Installer\7e7b2.msi

  ~ WIS: 178 Legitimates Filtered in 01mn 07s

  —\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)

  SS - | Demand 15-3-2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

  SS - | Demand 12-10-2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

  SS - | Auto 25-8-2012 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

  SS - | Demand 25-8-2012 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

  SS - | Demand 14-11-2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

  SS - | Demand 20-2-2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe

  SS - | Demand 16-1-2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe

  SS - | Demand 15-2-2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

  SS - | Auto 5-9-2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

  SS - | Demand 10-2-2011 112080 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation

  SS - | Demand 10-7-1658 0 | (WMPNetworkSvc) . (…) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

  SR - | Auto 23-9-2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

  SR - | Auto 21-12-2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  SR - | Auto 3-2-2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

  SR - | Auto 10-3-2014 113704 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe

  SR - | Auto 30-8-2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

  SR - | Auto 28-1-2010 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

  SR - | Auto 10-3-2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

  SR - | Auto 4-8-2010 1809920 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

  SR - | Auto 1-2-2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

  SR - | Auto 14-1-2011 572712 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe

  SR - | Auto 18-2-2011 993896 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe

  SR - | Demand 11-2-2011 54136 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation

  SR - | Auto 20-10-2010 138656 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe

  SR - | Auto 9-12-2010 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

  SR - | Demand 8-12-2010 137632 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

  SR - | Auto 30-10-2013 2099000 | (TuneUp.UtilitiesSvc) . (.AVG.) - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

  SR - | Auto 1-2-2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

  SR - | Auto 14-7-2009 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.AVG.) - C:\Windows\System32\svchost.exe

  SR - | Auto 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

  SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

  ~ Services: Scanned in 01mn 09s

  —\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)

  Run by Kayleigh at 20-3-2014 18:33:19

  ~ OS 64 not supported by MBR tool

  ~ MBR: 0 Legitimates Filtered in 00mn 00s

  —\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)

  Written by ad13, http://ad13.geekstog

  Run by Kayleigh at 20-3-2014 18:33:21

  ********* Dump file Name *********

  C:\PhysicalDisk0_MBR.bin

  ~ MBR: Scanned in 00mn 02s

  —\\ Extra scan (O88)

  Database Version : 13031 - (19-3-2014)

  Clés trouvées (Keys found) : 27

  Valeurs trouvées (Values found) : 1

  Dossiers trouvés (Folders found) : 12

  Fichiers trouvés (Files found) : 2

  =>PUP.WhiteSmoke^

  =>Adware.VideoDownloadConverter^

  =>PUP.WhiteSmoke^

  =>Adware.VideoDownloadConverter^

  =>Adware.VideoDownloadConverter^

  =>Toolbar.AVGSearch

  =>PUP.ToparcadeHits

  =>Toolbar.AVGSearch

  =>Toolbar.AVGSearch

  =>Toolbar.AVGSearch

  =>Toolbar.AVGSearch

  =>Toolbar.Conduit

  =>Adware.VideoDownloadConverter

  =>Toolbar.Conduit

  =>Toolbar.DVDVideoSoft

  =>Toolbar.Conduit

  =>Toolbar.Conduit

  =>Adware.VideoDownloadConverter

  =>Adware.VideoDownloadConverter

  =>Adware.VideoDownloadConverter

  =>Adware.VideoDownloadConverter

  =>Adware.VideoDownloadConverter

  =>Adware.VideoDownloadConverter

  =>Adware.VideoDownloadConverter

  =>Toolbar.Conduit

  =>Toolbar.Conduit

  =>Toolbar.Conduit^

  :{462be121-2b54-4218-bf00-b9bf8135b23f} =>PUP.WhiteSmoke^

  C:\Users\Kayleigh\AppData\Roaming\Mozilla\Firefox\Profiles\ykpqa5z2.default\extensions\pavel.sherbakov@gmail.com =>PUP.QuickShare^

  C:\Program Files (x86)\Video Download Converter =>Adware.VideoDownloadConverter^

  C:\Program Files (x86)\WhiteSmoke_US_New =>PUP.WhiteSmoke^

  C:\Program Files (x86)\Conduit =>Toolbar.Conduit

  C:\Program Files (x86)\VideoDownloadConverter_4z =>Adware.VideoDownloadConverter

  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter =>Adware.VideoDownloadConverter

  C:\Users\Kayleigh\AppData\Local\Conduit =>Toolbar.Conduit

  C:\Users\Kayleigh\AppData\Local\SearchProtect =>Toolbar.Conduit

  C:\Users\Kayleigh\AppData\LocalLow\Conduit =>Toolbar.Conduit

  C:\Users\Kayleigh\AppData\LocalLow\PriceGong =>Adware.PriceGong

  C:\Users\Kayleigh\AppData\LocalLow\WhiteSmoke_US_New =>PUP.Whitesmoke

  C:\Users\Kayleigh\AppData\LocalLow\VideoDownloadConverter_4z =>Adware.VideoDownloadConverter

  =>Toolbar.Conduit^

  =>PUP.WhiteSmoke^

  ~ Additionnel Scan: 338166 Items scanned in 00mn 19s

  —\\ Samenvatting van detecties gevonden op uw werkstation

  ~ http://nicolascoolman.webs.com/apps/blog/show/41751631-hijacker-trovigo =>Hijacker.Trovigo

  ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit

  ~ http://nicolascoolman.webs.com/apps/blog/show/28577022-pup-quickshare =>PUP.QuickShare

  ~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke

  ~ http://nicolascoolman.webs.com/apps/blog/show/29640158-adware-videodownloadconverter =>Adware.VideoDownloadConverter

  ~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits

  ~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong

  ~ MSI: 7 link(s) detected in 00mn 19s

  ~ 1732 Legitimates filtered by white list

  End of the scan (583 lines in 03mn 47s)(0)

  Rapporteren
• 

  Ben

  20-03-2014 18:45

  Hallo,

  Kopieer onderstaande vet gedrukte code volledig:

  Script ZHPFix

  O3 - Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan sleutel

  O3 - Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} Orphan sleutel

  O3 - Toolbar\WebBrowser: (no name) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} Orphan sleutel

  O3 - Toolbar\WebBrowser: (no name) - {462BE121-2B54-4218-BF00-B9BF8135B23F} Orphan sleutel

  =>PUP.WhiteSmoke^

  =>Adware.VideoDownloadConverter^

  =>PUP.WhiteSmoke^

  =>Adware.VideoDownloadConverter^

  =>Adware.VideoDownloadConverter^

  =>Toolbar.AVGSearch

  =>PUP.ToparcadeHits

  =>Toolbar.AVGSearch

  =>Toolbar.AVGSearch

  =>Toolbar.AVGSearch

  =>Toolbar.AVGSearch

  =>Toolbar.Conduit

  =>Adware.VideoDownloadConverter

  =>Toolbar.Conduit

  =>Toolbar.DVDVideoSoft

  =>Toolbar.Conduit

  =>Toolbar.Conduit

  =>Adware.VideoDownloadConverter

  =>Adware.VideoDownloadConverter

  =>Adware.VideoDownloadConverter

  =>Adware.VideoDownloadConverter

  =>Adware.VideoDownloadConverter

  =>Adware.VideoDownloadConverter

  =>Adware.VideoDownloadConverter

  =>Toolbar.Conduit

  =>Toolbar.Conduit

  =>Toolbar.Conduit^

  :{462be121-2b54-4218-bf00-b9bf8135b23f} =>PUP.WhiteSmoke^

  C:\Users\Kayleigh\AppData\Roaming\Mozilla\Firefox\Profiles\ykpqa5z2.default\extensions\pavel.sherbakov@gmail.com =>PUP.QuickShare^

  C:\Program Files (x86)\Video Download Converter =>Adware.VideoDownloadConverter^

  C:\Program Files (x86)\WhiteSmoke_US_New =>PUP.WhiteSmoke^

  C:\Program Files (x86)\Conduit =>Toolbar.Conduit

  C:\Program Files (x86)\VideoDownloadConverter_4z =>Adware.VideoDownloadConverter

  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter =>Adware.VideoDownloadConverter

  C:\Users\Kayleigh\AppData\Local\Conduit =>Toolbar.Conduit

  C:\Users\Kayleigh\AppData\Local\SearchProtect =>Toolbar.Conduit

  C:\Users\Kayleigh\AppData\LocalLow\Conduit =>Toolbar.Conduit

  C:\Users\Kayleigh\AppData\LocalLow\PriceGong =>Adware.PriceGong

  C:\Users\Kayleigh\AppData\LocalLow\WhiteSmoke_US_New =>PUP.Whitesmoke

  C:\Users\Kayleigh\AppData\LocalLow\VideoDownloadConverter_4z =>Adware.VideoDownloadConverter

  =>Toolbar.Conduit^

  =>PUP.WhiteSmoke^

  shortcutfix

  emptytemp

  emptyflash

  Antivirussoftware uitschakelen

  Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPFix.

  Antivirus software uitschakelen

  Antispy & malware software uitschakelen

  ZHPFix uitvoeren

  Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

  Dubbelklik de snelkoppeling

  

  ZHPFix op het bureaublad.

  Druk op de knop "Import"

  Druk daarna onderaan op de knop "Go".

  Wacht nu geduldig af tot er een logje opent, plaats dit logje.

  Rapporteren
• 

  Dennis

  20-03-2014 18:55

  `hoi ben heb je een linkje van die fix?

  Rapporteren
• 

  Dennis

  20-03-2014 19:01

  zag m telaat stond op desktop\\

  logjeRapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014

  Fichier d'export Registre :

  Run by Kayleigh at 20-3-2014 18:58:54

  High Elevated Privileges : OK

  Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

  Prullenbak geleegd (00mn 03s)

  Reparatie van browser snelkoppelingen

  ========== Registersleutels ==========

  VERWIJDERD:* HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter Search Scope Monitor

  VERWIJDERD:* HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader

  VERWIJDERD:* HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

  VERWIJDERD:* HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

  VERWIJDERD: HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

  VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

  VERWIJDERD: HKLM\Software\Classes\AppID\ScriptHelper.EXE

  VERWIJDERD: HKCU\Software\AppDataLow\Software\ConduitSearchScopes

  VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VDC_is1

  VERWIJDERD: HKCU\Software\AppDataLow\Toolbar

  VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}

  VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32

  VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS

  VERWIJDERD: HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z

  VERWIJDERD: HKLM\Software\Wow6432Node\VideoDownloadConverter_4z

  VERWIJDERD: HKLM\Software\Classes\VideoDownloadConverter_4z.HTMLMenu

  VERWIJDERD: HKLM\Software\Classes\VideoDownloadConverter_4z.HTMLMenu.1

  VERWIJDERD: HKLM\Software\Classes\VideoDownloadConverter_4z.RadioSettings

  VERWIJDERD: HKLM\Software\Classes\VideoDownloadConverter_4z.RadioSettings.1

  VERWIJDERD: HKLM\Software\Classes\VideoDownloadConverter_4z.SettingsPlugin

  VERWIJDERD: HKLM\Software\Classes\Toolbar.CT3244149

  VERWIJDERD: HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

  VERWIJDERD: HKLM\Software\Wow6432Node\Conduit

  VERWIJDERD: HKLM\Software\Wow6432Node\WhiteSmoke_US_New

  ========== De registerwaarden ==========

  VERWIJDERD: Toolbar: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

  VERWIJDERD: Toolbar: {872B5B88-9DB5-4310-BDD0-AC189557E5F5}

  VERWIJDERD: Toolbar: {48586425-6BB7-4F51-8DC6-38C88E3EBB58}

  VERWIJDERD: Toolbar: {462BE121-2B54-4218-BF00-B9BF8135B23F}

  ========== Mappen ==========

  VERWIJDERD: c:\users\kayleigh\appdata\roaming\mozilla\firefox\profiles\ykpqa5z2.default\extensions\pavel.sherbakov@gmail.com

  VERWIJDERD: c:\program files (x86)\video download converter

  VERWIJDERD: c:\program files (x86)\whitesmoke_us_new

  VERWIJDERD: c:\program files (x86)\conduit

  VERWIJDERD: c:\program files (x86)\videodownloadconverter_4z

  VERWIJDERD: c:\programdata\microsoft\windows\start menu\programs\video download converter

  VERWIJDERD: c:\users\kayleigh\appdata\local\conduit

  VERWIJDERD: c:\users\kayleigh\appdata\local\searchprotect

  VERWIJDERD: c:\users\kayleigh\appdata\locallow\conduit

  VERWIJDERD: c:\users\kayleigh\appdata\locallow\pricegong

  VERWIJDERD: c:\users\kayleigh\appdata\locallow\whitesmoke_us_new

  VERWIJDERD: c:\users\kayleigh\appdata\locallow\videodownloadconverter_4z

  Verwijderen tijdelijke Windows (5)

  Verwijderd Flash Cookies (0)

  ========== Bestanden ==========

  Verwijderen tijdelijke Windows (80) (30.710.531 octets)

  Verwijderd Flash Cookies (0) (0 octets)

  ========== Samenvatting ==========

  24 : Registersleutels

  4 : De registerwaarden

  14 : Mappen

  2 : Bestanden

  End of clean in 00mn 25s

  ========== Pad naar bestand verslag ==========

  C:\Users\Kayleigh\AppData\Roaming\ZHP\ZHPFix.txt - 20-3-2014 18:58:57

  Rapporteren
• 

  Ben

  20-03-2014 19:01

  Hallo,

  Na het downloaden en installeren heb je twee iconen op je bureaublad gekregen: ZHPDiag en ZHPFix

  Na het kopiëren van de fix doe je het volgende;

  Dubbelklik de snelkoppeling/icoon ZHPFix op het bureaublad.

  Druk op de knop "Import"

  Druk daarna onderaan op de knop "Go".

  Wacht nu geduldig af tot er een logje opent, plaats dit logje.

  Rapporteren

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.