veel ongevraagde starpagina's

Guy Sourbron

18-04-2014 19:02

Hallo
hier de logfile van RSIT het logje van mbam kan ik niet plaatsenomdat telkens ik download en dan klik op uitvoeren de volgende melding krijg
“C:\users\herman\appdata\local\temp\is-40OTT.tmp” niet maken
fout 5:toegang geweigerd
Hopelijk kan iemand mij helpen.
ps ik heb die pc van mijn broer overgenomen omdat mijne pc nog xp had.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Herman at 2014-04-18 18:47:10
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 846 GB (93%) free of 912 GB
Total RAM: 3063 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:47:18, on 18/04/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Herman\AppData\Local\Genesis\Genesis.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Herman\Favorites\Downloads\RSIT.exe
C:\Program Files\trend micro\Herman.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=M1F4BB514-1117-4646-97CF-748532ABF9C9&SearchSource=55&CUI=&UM=5&UP=SP4E570A75-FD93-4D3E-91AC-6178B499B17C&SSPV=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files\Speed Test 127\ScriptHost.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: “c:\users\herman\appdata\local\genesis\genesis.exe” /r
O4 - Startup: MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files\MyPC Backup\BackupStack.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Update melondrea - Unknown owner - C:\Program Files\melondrea\updatemelondrea.exe (file missing)
O23 - Service: Util melondrea - Unknown owner - C:\Program Files\melondrea\bin\utilmelondrea.exe (file missing)
–
End of file - 8310 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Herman.job
======Registry dump======
Speed Test 127 - C:\Program Files\Speed Test 127\ScriptHost.dll
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
“IAStorIcon”=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
“CLMLServer”=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
“RtHDVCpl”=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
“GrooveMonitor”=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
“avgnt”=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
“Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“APSDaemon”=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
“SunJavaUpdateSched”=C:\Program Files\Common Files\Java\Java Update\jusched.exe
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe
“swg”=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
“SUPERAntiSpyware”=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
“genesis”=c:\users\herman\appdata\local\genesis\genesis.exe
C:\Users\Herman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MyPC Backup.lnk - C:\Program Files\MyPC Backup\MyPC Backup.exe
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoDrives”=0
“NoDrives”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“vidc.cvid”=iccvid.dll
“msacm.siren”=sirenacm.dll
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“wave3”=wdmaud.drv
“midi3”=wdmaud.drv
“mixer3”=wdmaud.drv
“wave4”=wdmaud.drv
“midi4”=wdmaud.drv
“mixer4”=wdmaud.drv
“VIDC.FFDS”=ff_vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-04-18 18:47:11 —-D—- C:\Program Files\trend micro
2014-04-18 18:47:10 —-D—- C:\rsit
2014-04-18 17:57:40 —-A—- C:\Windows\system32\ff_vfw.dll
2014-04-18 17:57:39 —-D—- C:\Program Files\ffdshow
2014-04-18 17:57:35 —-D—- C:\Program Files\MyPC Backup
2014-04-18 17:57:20 —-D—- C:\Program Files\Speed Test 127
2014-04-17 12:21:44 —-D—- C:\Users\Herman\AppData\Roaming\ProductData
2014-04-17 12:21:43 —-D—- C:\ProgramData\IObit
2014-04-17 12:20:42 —-D—- C:\Users\Herman\AppData\Roaming\IObit
2014-04-17 12:20:42 —-D—- C:\ProgramData\ProductData
2014-04-17 12:20:41 —-D—- C:\Program Files\IObit
2014-04-15 21:28:52 —-A—- C:\Windows\system32\vbscript.dll
2014-04-15 21:28:52 —-A—- C:\Windows\system32\ieui.dll
2014-04-15 21:28:47 —-A—- C:\Windows\system32\ieetwcollectorres.dll
2014-04-15 21:28:47 —-A—- C:\Windows\system32\ieapfltr.dll
2014-04-15 21:28:45 —-A—- C:\Windows\system32\msrating.dll
2014-04-15 21:28:45 —-A—- C:\Windows\system32\msfeeds.dll
2014-04-15 21:28:45 —-A—- C:\Windows\system32\jsproxy.dll
2014-04-15 21:28:44 —-A—- C:\Windows\system32\dxtrans.dll
2014-04-15 21:28:44 —-A—- C:\Windows\system32\dxtmsft.dll
2014-04-15 21:28:43 —-A—- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-15 21:28:43 —-A—- C:\Windows\system32\ieUnatt.exe
2014-04-15 21:28:43 —-A—- C:\Windows\system32\iesetup.dll
2014-04-15 21:28:43 —-A—- C:\Windows\system32\iernonce.dll
2014-04-15 21:28:43 —-A—- C:\Windows\system32\ie4uinit.exe
2014-04-15 21:28:42 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-15 21:28:42 —-A—- C:\Windows\system32\jscript9diag.dll
2014-04-15 21:28:42 —-A—- C:\Windows\system32\ieetwproxystub.dll
2014-04-15 21:28:42 —-A—- C:\Windows\system32\ieetwcollector.exe
2014-04-15 21:28:39 —-A—- C:\Windows\system32\iertutil.dll
2014-04-15 21:28:38 —-A—- C:\Windows\system32\wininet.dll
2014-04-15 21:28:38 —-A—- C:\Windows\system32\urlmon.dll
2014-04-15 21:28:37 —-A—- C:\Windows\system32\ieframe.dll
2014-04-15 21:28:36 —-A—- C:\Windows\system32\mshtml.dll
2014-04-15 21:28:35 —-A—- C:\Windows\system32\jscript9.dll
2014-04-10 11:36:15 —-A—- C:\Windows\system32\iologmsg.dll
2014-04-10 11:36:15 —-A—- C:\Windows\system32\drivers\storport.sys
2014-04-10 11:36:15 —-A—- C:\Windows\system32\drivers\msiscsi.sys
2014-04-10 11:36:15 —-A—- C:\Windows\system32\drivers\Diskdump.sys
2014-04-10 11:36:11 —-A—- C:\Windows\system32\drivers\ntfs.sys
2014-04-10 11:36:10 —-A—- C:\Windows\system32\kernel32.dll
2014-04-08 19:40:14 —-A—- C:\Windows\system32\drivers\wStLibG.sys
2014-04-08 18:15:17 —-D—- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-08 18:12:05 —-A—- C:\Windows\Active Setup Log.txt
2014-04-08 18:12:05 —-A—- C:\Windows\Active Setup Log.BAK
2014-04-08 18:09:32 —-D—- C:\Program Files\melondrea
2014-04-08 18:09:32 —-D—- C:\Program Files\Advanced System Protector
2014-04-08 18:09:11 —-A—- C:\Windows\system32\roboot.exe
2014-04-08 18:09:09 —-D—- C:\Users\Herman\AppData\Roaming\systweak
2014-03-21 01:27:17 —-RSH—- C:\Windows\system32\2EC10B82BE.sys
2014-03-21 01:27:17 —-ASH—- C:\Windows\system32\KGyGaAvL.sys
2014-03-21 01:25:16 —-D—- C:\Users\Herman\AppData\Roaming\Corel
======List of files/folders modified in the last 1 month======
2014-04-18 18:47:18 —-D—- C:\Windows\Prefetch
2014-04-18 18:47:15 —-D—- C:\Windows\temp
2014-04-18 18:47:11 —-RD—- C:\Program Files
2014-04-18 18:08:09 —-D—- C:\Windows\system32\config
2014-04-18 17:58:07 —-SHD—- C:\Windows\Installer
2014-04-18 17:58:06 —-D—- C:\Windows\winsxs
2014-04-18 17:57:40 —-D—- C:\Windows\System32
2014-04-17 13:58:13 —-SD—- C:\ProgramData\Microsoft
2014-04-17 13:58:13 —-D—- C:\Program Files\Microsoft
2014-04-17 13:40:51 —-D—- C:\Windows\rescache
2014-04-17 12:21:43 —-D—- C:\ProgramData
2014-04-17 12:08:25 —-D—- C:\Windows\system32\catroot2
2014-04-16 16:26:32 —-D—- C:\Windows\system32\nl-NL
2014-04-16 16:26:32 —-D—- C:\Windows\PolicyDefinitions
2014-04-16 16:26:31 —-D—- C:\Windows\system32\en-US
2014-04-16 16:26:30 —-D—- C:\Program Files\Internet Explorer
2014-04-15 21:29:09 —-D—- C:\Windows\system32\catroot
2014-04-15 21:28:24 —-SHD—- C:\System Volume Information
2014-04-15 21:12:42 —-D—- C:\Windows
2014-04-15 16:39:45 —-D—- C:\Windows\system32\Tasks
2014-04-15 16:29:05 —-DC—- C:\Windows\system32\DRVSTORE
2014-04-15 16:29:05 —-D—- C:\Windows\system32\drivers
2014-04-11 08:28:00 —-D—- C:\Program Files\Common Files\Symantec Shared
2014-04-10 20:35:46 —-D—- C:\Windows\system32\DriverStore
2014-04-10 13:03:05 —-D—- C:\ProgramData\Microsoft Help
2014-04-10 13:02:05 —-D—- C:\Windows\system32\MRT
2014-04-10 13:01:09 —-D—- C:\Windows\debug
2014-04-10 13:01:08 —-A—- C:\Windows\system32\MRT.exe
2014-04-10 12:03:52 —-D—- C:\Windows\inf
2014-04-10 12:03:52 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-04-10 11:59:48 —-SD—- C:\Users\Herman\AppData\Roaming\Microsoft
2014-04-10 11:28:34 —-D—- C:\Program Files\Canon
2014-04-09 19:33:24 —-D—- C:\Windows\twain_32
2014-04-09 19:33:24 —-D—- C:\Users\Herman\AppData\Roaming\Canon
2014-04-09 19:33:23 —-HD—- C:\ProgramData\CanonIJScan
2014-04-09 18:54:29 —-A—- C:\Windows\win.ini
2014-04-09 10:12:55 —-D—- C:\Windows\Tasks
2014-04-08 18:15:17 —-D—- C:\Program Files\Common Files\Apple
2014-04-08 18:12:46 —-D—- C:\ProgramData\Apple
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R1 wStLibG;wStLibG; C:\Windows\system32\drivers\wStLibG.sys
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys
S3 ViaC7;Stuurprogramma voor VIA C7-processor; C:\Windows\system32\DRIVERS\viac7.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys
S3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
S2 BackupStack;Computer Backup (MyPC Backup); C:\Program Files\MyPC Backup\BackupStack.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
S2 Update melondrea;Update melondrea; C:\Program Files\melondrea\updatemelondrea.exe
S2 Util melondrea;Util melondrea; C:\Program Files\melondrea\bin\utilmelondrea.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
Ben

18-04-2014 19:23

Hallo,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
torpigcheck;
emptyfolderscheck;delete
;r
“genesis”=-;r
c:\users\herman\appdata\local\genesis;fs
C:\Users\Herman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk;f
C:\Program Files\MyPC Backup;fs
C:\Program Files\Speed Test 127;fs
C:\Program Files\ffdshow;fs
C:\Windows\system32\ff_vfw.dll;f
C:\Program Files\melondrea;fs
C:\Program Files\Advanced System Protector;fs
C:\Windows\system32\roboot.exe;f
C:\Users\Herman\AppData\Roaming\systweak;f
C:\Windows\system32\2EC10B82BE.sys;f
C:\Windows\system32\KGyGaAvL.sys;f
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
Guy Sourbron

18-04-2014 20:00

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Herman on vr 18/04/2014 at 19:39:33,44.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Herman\Desktop\zoek.exe
==== Older Logs ======================
C:\zoek-results2013-05-27-115507.log 41101 bytes
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
2009-07-14 02:37:05 d—–w- \Windows
2014-04-15 19:11:21 851 —-a-w- DA27D8515E147647F32A561A49E2C8A8 \windows\Active Setup Log.BAK
2014-04-15 19:12:42 851 —-a-w- C92C10F490149F39D2EE303B3ED770A4 \windows\Active Setup Log.txt
2010-11-20 12:16:55 65024 —-a-w- DBD14D0DB0382DFE96D7B5007DDD5ABE \windows\bfsvc.exe
2014-04-18 15:42:35 67584 –s-a-w- 1163E52C6C2D5218F57279D9BA7DB6A2 \windows\bootstat.dat
2006-04-07 11:29:52 29798 —-a-w- B42AE0D664880C5A182F658F76863F17 \windows\corelpf.lrs
2009-11-02 13:42:21 12 —-a-w- E8254807ED3421BDB5A79F65AD628B3D \windows\csup.txt
2011-02-25 05:30:54 2616320 —-a-w- 8B88EBBB05A0E56B7DCC708498C02B3E \windows\explorer.exe
2009-07-14 01:14:20 13824 —-a-w- F9202335BBA03A02F084FE588564BBF5 \windows\fveupdate.exe
2009-07-14 01:14:21 497152 —-a-w- 2FF3A32F01DF61836FED59D441D8B9DF \windows\HelpPane.exe
2009-07-14 01:14:21 15360 —-a-w- 9B90B0C78671A4881D06C91941F6F379 \windows\hh.exe
2009-06-10 21:14:32 48265 —-a-w- 1AEB4967A760D6EC21A3270F1B004AC1 \windows\HomePremium.xml
2009-07-13 22:58:08 43131 —-a-w- 23AF90D2355D8C83AA4567EF1763B467 \windows\mib.bin
2009-06-10 21:19:27 1405 —-a-w- B9FB94A8DA62711C6955825DEFB25C5A \windows\msdfmap.ini
2009-07-14 01:14:27 179712 —-a-w- D378BFFB70923139D6A4F546864AA61C \windows\notepad.exe
2009-10-01 15:51:00 28704 —-a-w- F675791A03FD70F97B63852937A33CCA \windows\ocsetup_cbs_install_OEMHelpCustomization.txt
2009-10-01 15:51:00 196608 —-a-w- CB01791718BE46E057951F9EDA1B6396 \windows\ocsetup_install_OEMHelpCustomization.etl
2014-04-17 17:00:49 2416 —-a-w- C3ADC89D8D5B7B3971042635FB78DD3F \windows\PFRO.log
2009-07-14 01:14:30 398336 ——w- 8A4883F5E7AC37444F23279239553878 \windows\regedit.exe
2014-04-18 15:42:36 3864 —-a-w- 9F51CF30D5A624B5E85C72013E80E7AD \windows\setupact.log
2014-03-24 12:45:49 0 —-a-w- D41D8CD98F00B204E9800998ECF8427E \windows\setuperr.log
2009-06-10 21:14:45 48201 —-a-w- 9060C3C745E7B2D8E1A81DD061021546 \windows\Starter.xml
2012-07-10 11:21:23 215 —-a-w- 3CF3D4A45CC2AF973DBC30EC8D33252B \windows\system.ini
2009-06-10 21:41:17 94784 —-a-w- 0BEA3F79A36B1F67B2CE0F595524C77C \windows\twain.dll
2010-11-20 12:21:32 51200 —-a-w- 163A95975E1D8819E653AA3E961371CA \windows\twain_32.dll
2009-06-10 21:41:17 49680 —-a-w- F36A271706EDD23C94956AFB56981184 \windows\twunk_16.exe
2009-07-14 01:14:42 31232 —-a-w- 0BD6E68F3EA0DD62CD86283D86895381 \windows\twunk_32.exe
2014-04-09 16:54:29 580 —-a-w- 1D51317F03CD167763005C2F4E991BC3 \windows\win.ini
2009-07-14 04:41:57 749 —ha-r- 5A5CFF37F1BD0F86B9BDAAD7A9445882 \windows\WindowsShell.Manifest
2014-04-18 17:04:18 1289244 —-a-w- 25D509F43FC093B95A3170FF0555415E \windows\WindowsUpdate.log
2009-06-10 21:42:20 256192 —-a-w- 8E6F7D51A5CB299C25621C6C1AB57E84 \windows\winhelp.exe
2009-07-14 01:14:45 9728 —-a-w- 1D420D66250BCAAAED05724FB34008CF \windows\winhlp32.exe
2012-03-08 16:37:20 302448 —-a-w- 4860944ABF2F8EAB74039A3A132B9995 \windows\WLXPGSS.SCR
2009-06-10 21:34:23 316640 —-a-w- DC17DD0189B0C36D863B4DD0A036C10F \windows\WMSysPr9.prx
2009-07-14 01:14:49 9216 —-a-w- 6E8EACC0B339365D79A2C06896865D3D \windows\write.exe
2009-06-10 21:42:49 707 —-a-w- B317B33694BAC49D492DD3F23E374899 \windows\_default.pif
==== Empty Folders Check ======================
C:\Program Files\Advanced System Protector deleted successfully
C:\Program Files\EGB3 deleted successfully
C:\Program Files\melondrea deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Common Files\Symantec Shared deleted successfully
C:\Users\Herman\AppData\Roaming\Canon deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4100528506-3948064159-3423319945-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Herman\AppData\Local\Genesis\Genesis.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\Explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Herman\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update melondrea deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
“genesis”=-
==== Deleting Files \ Folders ======================
C:\Program Files\MyPC Backup not found
C:\Program Files\Speed Test 127 not found
C:\Program Files\melondrea not found
C:\Program Files\Advanced System Protector not found
“C:\Users\Herman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk” not found
C:\Program Files\ffdshow deleted
C:\Windows\system32\appdata deleted
C:\Program Files\Wondershare deleted
C:\Program Files\Common Files\Wondershare deleted
C:\found.000 deleted
C:\Users\Herman\AppData\Roaming\systweak deleted
C:\Users\Herman\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\system32\roboot.exe deleted
C:\Users\Herman\registrybooster.exe deleted
“C:\Windows\system32\ff_vfw.dll” deleted
“C:\Windows\system32\2EC10B82BE.sys” not deleted
“C:\Windows\system32\KGyGaAvL.sys” not deleted
“C:\Users\Herman\AppData\Local\{3A1B731E-B056-43EE-8C1B-75264E58B227}” deleted
“C:\Users\Herman\AppData\Local\{57A933E8-D766-4CC2-9CF3-F5E57AAC9BD0}” deleted
“C:\Users\Herman\AppData\Local\{6F896EF4-3CE3-4340-B90D-5399C2167CBC}” deleted
“c:\users\herman\appdata\local\Genesis\Genesis.exe” deleted
“c:\users\herman\appdata\local\Genesis\genesis.gdb” deleted
“c:\users\herman\appdata\local\Genesis” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601)
Memory (RAM): 3064 MB
CPU Info: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
CPU Speed: 2730,5 MHz
Sound Card: Luidsprekers (Realtek High Defi |
Realtek Digital Output (Realtek |
Display Adapters: NVIDIA GeForce GT 240 | NVIDIA GeForce GT 240 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GH22NS40
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 890,4GB | D: 40,0GB | F: 298,1GB
Hard Disks - Free: C: 826,5GB | D: 31,0GB | F: 134,7GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 11/03/09 | MEDION - 20091103
Time Zone: Romance (standaardtijd)
Motherboard *: MEDIONPC MS-7616
Country: België
Language: NLB
==== System Specs (Software) ======================
Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 34.0.1847.116
Internet Explorer Version: 11.0.9600.17041
Google Chrome version: 34.0.1847.116
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_51 (32-bit)
Shockwave Player version: 12.0.4r144
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Herman\AppData\Local\Temp ====
2014-04-18 15:58:01 D47E65ABCB4A7DA607E20DFA5506BB0E 1338304 —-a-w- C:\Users\Herman\AppData\Local\temp\?odec Performer804499.exe
2014-04-18 15:57:33 5689D43C3B201DD3810FA3BBA4A6476A 4216840 —-a-w- C:\Users\Herman\AppData\Local\temp\vcredist_x86.exe
2014-04-18 15:57:26 45922155C9628E11441AA869C6287BB7 10372136 —-a-w- C:\Users\Herman\AppData\Local\temp\BackupSetup.exe
2014-04-17 10:20:42 123E21E0A4082FDCA153B341BC0C440A 2154272 —-a-w- C:\Users\Herman\AppData\Local\temp\_tmp122041908\LiveUpdate.exe
2014-04-17 10:20:41 09B115E1FDCC0E81EFB9DC70C06D0298 611648 —-a-w- C:\Users\Herman\AppData\Local\temp\_tmp122041908\ProductStatistics.dll
2014-04-15 19:12:22 316287C0010874356127DD8B7BC17896 281600 —-atw- C:\Users\Herman\AppData\Local\temp\n1063\s1063.exe
2014-04-15 19:10:38 316287C0010874356127DD8B7BC17896 281600 —-atw- C:\Users\Herman\AppData\Local\temp\n724\s724.exe
2014-04-15 14:46:44 316287C0010874356127DD8B7BC17896 281600 —-atw- C:\Users\Herman\AppData\Local\temp\n4553\s4553.exe
2014-04-15 14:42:58 E5575149A477DC94AF527FC7D751A407 6379728 —-a-w- C:\Users\Herman\AppData\Local\temp\nsd2BE4\SpSetup.exe
2014-04-15 14:42:46 9FB9D49C2DB7EDD1084AB765D619F5C6 66368 —-a-w- C:\Users\Herman\AppData\Local\temp\n3700\searchprotect_2111-1a12a8ce.exe
2014-04-15 14:42:39 95EC4D27CDFE6FEAD42D49D572E29F0F 357888 —-a-w- C:\Users\Herman\AppData\Local\temp\n3700\GenesisInstaller.exe
2014-04-15 14:42:23 316287C0010874356127DD8B7BC17896 281600 —-atw- C:\Users\Herman\AppData\Local\temp\n3700\s3700.exe
2014-04-08 16:19:23 316287C0010874356127DD8B7BC17896 281600 —-atw- C:\Users\Herman\AppData\Local\temp\n996\s996.exe
2014-04-08 16:11:55 316287C0010874356127DD8B7BC17896 281600 —-atw- C:\Users\Herman\AppData\Local\temp\n2301\s2301.exe
2014-04-08 16:09:02 20612ACB94F364173094E91FD08D02DA 4624790 —-a-w- C:\Users\Herman\AppData\Local\temp\n1670\systemspeedup_1203-72c8223c.exe
2014-04-08 16:08:57 5783C9C37A5A3E87EA4BF77A38A77D2D 233024 —-a-w- C:\Users\Herman\AppData\Local\temp\n1670\melondrea_0702-81cfb2ef.exe
2014-04-08 16:08:42 316287C0010874356127DD8B7BC17896 281600 —-atw- C:\Users\Herman\AppData\Local\temp\n1670\s1670.exe
2014-04-08 13:06:40 096E0D55823FDEB3916584071E9B7ACA 156063 —-a-w- C:\Users\Herman\AppData\Local\temp\nszBD5B.exe
2014-04-08 13:06:40 096E0D55823FDEB3916584071E9B7ACA 156063 —-a-w- C:\Users\Herman\AppData\Local\temp\nsn89FF.exe
2014-04-08 13:06:40 096E0D55823FDEB3916584071E9B7ACA 156063 —-a-w- C:\Users\Herman\AppData\Local\temp\nsn6CBC.exe
2014-04-08 13:06:40 096E0D55823FDEB3916584071E9B7ACA 156063 —-a-w- C:\Users\Herman\AppData\Local\temp\nsn69FD.exe
2014-04-08 13:06:40 096E0D55823FDEB3916584071E9B7ACA 156063 —-a-w- C:\Users\Herman\AppData\Local\temp\nsi8C9F.exe
====== Java Cache =====
====== C:\Windows\system32 =====
2014-04-15 19:28:52 CE6921D33682C6C3DB8A45853CC69402 455168 —-a-w- C:\Windows\System32\vbscript.dll
2014-04-15 19:28:52 AA12D7A960DB78DD9690AB5B5DAE6586 440832 —-a-w- C:\Windows\System32\ieui.dll
2014-04-15 19:28:50 A127D17C354B473B0F4C6265538F5A2C 2724864 —-a-w- C:\Windows\System32\mshtml.tlb
2014-04-15 19:28:47 BB185D4A9362AA17CBCEC0768CDBF249 704512 —-a-w- C:\Windows\System32\ieapfltr.dll
2014-04-15 19:28:47 116632CE6DF92EA78C2B849E1279B1FA 4096 —-a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-04-15 19:28:45 EDACA6C44D9CE200F899B7DB0F201DFF 164864 —-a-w- C:\Windows\System32\msrating.dll
2014-04-15 19:28:45 EBC35FE64056910A84485BEEB6DCCAC6 524288 —-a-w- C:\Windows\System32\msfeeds.dll
2014-04-15 19:28:45 31385A6CAA31BE9D07B0B32E5AA99ABB 43008 —-a-w- C:\Windows\System32\jsproxy.dll
2014-04-15 19:28:44 7E9FE7DB43BC204E44F159F843E35C15 367616 —-a-w- C:\Windows\System32\dxtmsft.dll
2014-04-15 19:28:44 34FC79C948EE2C5FD0CD699E7D7F91B7 244224 —-a-w- C:\Windows\System32\dxtrans.dll
2014-04-15 19:28:43 E5E97E94DD9D69D8EE90CFA96156CD8A 575488 —-a-w- C:\Windows\System32\ie4uinit.exe
2014-04-15 19:28:43 C9CA9803299EB6AFA34CB520BAAB083D 32256 —-a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-15 19:28:43 82287FCFFA4A2D60FD744E3FEB3192C5 61952 —-a-w- C:\Windows\System32\iesetup.dll
2014-04-15 19:28:43 21BF6759685FD193715B483F2B3F21B1 112128 —-a-w- C:\Windows\System32\ieUnatt.exe
2014-04-15 19:28:43 0FDC1A576A3F40420882C0F7C4A66EAD 32768 —-a-w- C:\Windows\System32\iernonce.dll
2014-04-15 19:28:42 BECAA526B8A1823A36A1BA123B8C41A9 646144 —-a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-15 19:28:42 6557B48D53D653CFCCE3CB1CFA53A8E1 51200 —-a-w- C:\Windows\System32\ieetwproxystub.dll
2014-04-15 19:28:42 2101D94DED769CE86A3DE1152F4FCDF5 108032 —-a-w- C:\Windows\System32\ieetwcollector.exe
2014-04-15 19:28:42 0F4A295516781897FFB09B4CCF2E8798 592896 —-a-w- C:\Windows\System32\jscript9diag.dll
2014-04-15 19:28:39 05BD47136DE62FAFE9F95B40E4100144 2178048 —-a-w- C:\Windows\System32\iertutil.dll
2014-04-15 19:28:38 E4E829EE073E046B0EB19B5FECB19B8C 1789440 —-a-w- C:\Windows\System32\wininet.dll
2014-04-15 19:28:38 C4A383FD50FBD7E274DD41CF571DF898 1967104 —-a-w- C:\Windows\System32\inetcpl.cpl
2014-04-15 19:28:38 76F58DB8F85C125E0D6B3AA42F3BF1D0 1143808 —-a-w- C:\Windows\System32\urlmon.dll
2014-04-15 19:28:37 2AFBB91BBD2378933B26E6D68C140D1B 11745792 —-a-w- C:\Windows\System32\ieframe.dll
2014-04-15 19:28:36 EA85144F35EDE6EE25C484D4242FF2C8 17387008 —-a-w- C:\Windows\System32\mshtml.dll
2014-04-15 19:28:35 8C46360D6EF9D4C563FE834C4F287DA3 4254720 —-a-w- C:\Windows\System32\jscript9.dll
2014-04-10 09:36:10 F74FFA7654702F81884BDB41EB80DAC2 868352 —-a-w- C:\Windows\System32\kernel32.dll
====== C:\Windows\system32\drivers =====
2014-04-10 09:36:15 F1A449D762657230629D8BFC107ABC14 149440 —-a-w- C:\Windows\System32\drivers\storport.sys
2014-04-10 09:36:15 EB34CE31FABD4DC4343FD2AD16D2CAF9 234432 —-a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-04-10 09:36:15 5FB4F271032B6435F3B2252F577A4815 27072 —-a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-04-10 09:36:11 C8DFF8D07755A66C7A4A738930F0FEAC 1212352 —-a-w- C:\Windows\System32\drivers\ntfs.sys
2014-04-08 17:40:14 050AFC578C788CE5564913617F1850C5 52920 —-a-w- C:\Windows\System32\drivers\wStLibG.sys
2014-04-08 10:27:07 D41D8CD98F00B204E9800998ECF8427E 0 —ha-w- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
====== C:\Windows\Tasks ======
2014-04-15 14:39:45 494D3AB26B9605394072E4D3B1BA0479 3172 —-a-w- C:\Windows\system32\Tasks\{E01067C8-37CD-496F-962E-CE2D9DA5E9DB}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-04-18 16:47:11 ——– d—–w- C:\Program Files\trend micro
2014-04-17 10:20:41 ——– d—–w- C:\Program Files\IObit
======= C: =====
====== C:\Users\Herman\AppData\Roaming ======
2014-04-17 10:21:44 ——– d—–w- C:\Users\Herman\AppData\Roaming\ProductData
2014-04-17 10:20:42 ——– d—–w- C:\Users\Herman\AppData\Roaming\IObit
2014-04-16 15:01:12 ——– d-sh–w- C:\Users\Herman\AppData\Locallow\EmieUserList
2014-04-16 15:01:06 ——– d-sh–w- C:\Users\Herman\AppData\Local\EmieUserList
2014-04-16 15:01:06 ——– d-sh–w- C:\Users\Herman\AppData\Local\EmieSiteList
2014-04-16 15:01:04 ——– d-sh–w- C:\Users\Herman\AppData\Locallow\EmieSiteList
2014-04-15 14:17:05 407AAB8C27CF7081EECE071C90A65B83 17 —-a-w- C:\Users\Herman\AppData\Local\resmon.resmoncfg
2014-04-08 16:22:42 ——– d—–w- C:\Users\Herman\AppData\Local\Apps
2014-04-08 16:09:08 ——– d—–w- C:\Users\Herman\AppData\Local\Programs
2014-03-20 23:27:50 0473169B4922BFF612EF270D2B1A0285 6656 —-a-w- C:\Users\Herman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-20 23:27:16 ——– d—–w- C:\Users\Herman\AppData\Local\Corel
2014-03-20 23:25:16 ——– d—–w- C:\Users\Herman\AppData\Roaming\Corel
====== C:\Users\Herman ======
2014-04-18 15:57:41 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-04-17 10:21:43 ——– d—–w- C:\ProgramData\IObit
2014-04-17 10:20:42 ——– d—–w- C:\ProgramData\ProductData
2014-04-15 14:42:46 BAA6F47C5D42F6DC4AC61B517251AD0E 508240 —-a-w- C:\Users\Herman\Desktop\outlook-express-6.0.2600.0-en(1).exe
2014-04-08 16:15:17 ——– d—–w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
====== C: exe-files ==
2014-04-18 16:52:10 32A7154F9934CF3AA5D945D02D069D1F 17523384 —-a-w- C:\Users\Herman\Favorites\Downloads\mbam-setup-2.0.0.1000 (2).exe
2014-04-18 16:47:11 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Herman.exe
2014-04-18 16:46:52 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\Herman\Favorites\Downloads\RSIT.exe
2014-04-18 16:46:25 32A7154F9934CF3AA5D945D02D069D1F 17523384 —-a-w- C:\Users\Herman\Favorites\Downloads\mbam-setup-2.0.0.1000 (1).exe
2014-04-18 16:45:18 32A7154F9934CF3AA5D945D02D069D1F 17523384 —-a-w- C:\Users\Herman\Favorites\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-18 15:58:01 D47E65ABCB4A7DA607E20DFA5506BB0E 1338304 —-a-w- C:\Users\Herman\AppData\Local\temp\?odec Performer804499.exe
2014-04-18 15:57:33 5689D43C3B201DD3810FA3BBA4A6476A 4216840 —-a-w- C:\Users\Herman\AppData\Local\temp\vcredist_x86.exe
2014-04-18 15:57:26 45922155C9628E11441AA869C6287BB7 10372136 —-a-w- C:\Users\Herman\AppData\Local\temp\BackupSetup.exe
2014-04-18 15:55:28 D47E65ABCB4A7DA607E20DFA5506BB0E 1338304 —-a-w- C:\Users\Herman\Favorites\Downloads\CodecPerformerSetup.exe
2014-04-17 20:13:34 ADACCDC99F8D4F2F96DE6C21337D84B0 137699152 —-a-w- C:\Users\Herman\Favorites\Downloads\iTunesSetup (3).exe
2014-04-17 19:39:23 F3F774B020260368D8FAB72CFBF90B2A 9789256 —-a-w- C:\Users\Herman\Desktop\iTunes\iTunes.exe
2014-04-17 19:39:23 B4E6C1B28AF8806008CB654C716ABAFA 152392 —-a-w- C:\Users\Herman\Desktop\iTunes\iTunesHelper.exe
2014-04-17 19:38:28 9CB5477899D2E424B15C3A0199A0AB2E 60928 —-a-w- C:\Users\Herman\Desktop\Outlook Express\oemig50.exe
2014-04-17 19:38:28 852BB5E3F66D6EF7B73BE26C52C51B8A 73216 —-a-w- C:\Users\Herman\Desktop\Outlook Express\setup50.exe
2014-04-17 19:38:28 53607D408C0343EE729A80531B99E6CF 30208 —-a-w- C:\Users\Herman\Desktop\Outlook Express\wabmig.exe
2014-04-17 19:38:28 29A9A30CA99EA2C28E1153FFB1AF2B57 45568 —-a-w- C:\Users\Herman\Desktop\Outlook Express\wab.exe
2014-04-17 19:38:28 03B2C41313BBA2270759E0361848403A 60416 —-a-w- C:\Users\Herman\Desktop\Outlook Express\msimn.exe
2014-04-17 19:38:16 F2E2409679CDEB5348F3B2B4ABDC2454 160584 —-a-w- C:\Users\Herman\Desktop\Twonky\TwonkyServer\plugins\iTunes-import.exe
2014-04-17 19:38:15 C052967A9D83F8EAE3E1BB812484AF0F 16200 —-a-w- C:\Users\Herman\Desktop\Twonky\TwonkyServer\cgi-bin\tfs.exe
2014-04-17 19:38:14 E5693587C11147946B3DCB732BB54A2D 271176 —-a-w- C:\Users\Herman\Desktop\Twonky\TwonkyServer\twonkywebdav.exe
2014-04-17 19:38:14 DD79F52C4E5A19590DD2D0B5AF7BD755 549704 —-a-w- C:\Users\Herman\Desktop\Twonky\TwonkyServer\twonkystarter.exe
2014-04-17 19:38:14 580464D12061D5B543229E337086821C 280800 —-a-w- C:\Users\Herman\Desktop\Twonky\TwonkyServer\UninstallTwonkyServer.exe
2014-04-17 19:38:14 4DF6E2D2E6AAD4AEB68CF6102A7977CC 594760 —-a-w- C:\Users\Herman\Desktop\Twonky\TwonkyServer\twonkytray.exe
2014-04-17 19:38:14 43A91DF591B579F98CF0635EAC2D22A0 1672008 —-a-w- C:\Users\Herman\Desktop\Twonky\TwonkyServer\twonkyserver.exe
2014-04-17 19:38:14 31BE29432A2923E03B9BAB0BE64C5F98 4760392 —-a-w- C:\Users\Herman\Desktop\Twonky\TwonkyServer\cgi-bin\convert.exe
2014-04-17 19:38:13 7AF2D723203A62C7AE9C7595B2FAB846 545608 —-a-w- C:\Users\Herman\Desktop\Twonky\TwonkyServer\twonkyproxy.exe
2014-04-17 19:38:13 3FCF47E6E8C985A7077040DD4F304DA0 496456 —-a-w- C:\Users\Herman\Desktop\Twonky\TwonkyServer\rmm.exe
2014-04-17 10:20:42 123E21E0A4082FDCA153B341BC0C440A 2154272 —-a-w- C:\Users\Herman\AppData\Local\temp\_tmp122041908\LiveUpdate.exe
2014-04-17 10:20:42 123E21E0A4082FDCA153B341BC0C440A 2154272 —-a-w- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
2014-04-17 10:20:41 C4400365E4DAB2EF91284A0264B38B03 4730688 —-a-w- C:\Program Files\IObit\PCtransfer\PCtransfer.exe
2014-04-17 10:20:23 C4400365E4DAB2EF91284A0264B38B03 4730688 —-a-w- C:\Users\Herman\Favorites\Downloads\pctransfer.exe
2014-04-15 19:28:43 E5E97E94DD9D69D8EE90CFA96156CD8A 575488 —-a-w- C:\Windows\System32\ie4uinit.exe
2014-04-15 19:28:43 21BF6759685FD193715B483F2B3F21B1 112128 —-a-w- C:\Windows\System32\ieUnatt.exe
2014-04-15 19:28:42 BECAA526B8A1823A36A1BA123B8C41A9 646144 —-a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-15 19:28:42 2101D94DED769CE86A3DE1152F4FCDF5 108032 —-a-w- C:\Windows\System32\ieetwcollector.exe
2014-04-15 19:28:39 F972DDD19A10F53D74021DDEAC07CCA6 470016 —-a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-04-15 19:28:39 BEA4E0C0BA936E8A3DB24D1A37BF70BE 222720 —-a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-04-15 19:28:38 0667ED9F8E905E1F73DB60ACCEDCBCA7 811728 —-a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-04-15 19:12:22 316287C0010874356127DD8B7BC17896 281600 —-atw- C:\Users\Herman\AppData\Local\temp\n1063\s1063.exe
2014-04-15 19:11:35 5D87D5B6CEB4AA8847A1935D935687D5 510680 —-a-w- C:\Users\Herman\Favorites\Downloads\Outlook Express (1).exe
2014-04-15 19:10:38 316287C0010874356127DD8B7BC17896 281600 —-atw- C:\Users\Herman\AppData\Local\temp\n724\s724.exe
2014-04-15 14:46:44 316287C0010874356127DD8B7BC17896 281600 —-atw- C:\Users\Herman\AppData\Local\temp\n4553\s4553.exe
2014-04-15 14:42:58 E5575149A477DC94AF527FC7D751A407 6379728 —-a-w- C:\Users\Herman\AppData\Local\temp\nsd2BE4\SpSetup.exe
2014-04-15 14:42:46 BAA6F47C5D42F6DC4AC61B517251AD0E 508240 —-a-w- C:\Users\Herman\Desktop\outlook-express-6.0.2600.0-en(1).exe
2014-04-15 14:42:46 9FB9D49C2DB7EDD1084AB765D619F5C6 66368 —-a-w- C:\Users\Herman\AppData\Local\temp\n3700\searchprotect_2111-1a12a8ce.exe
2014-04-15 14:42:39 95EC4D27CDFE6FEAD42D49D572E29F0F 357888 —-a-w- C:\Users\Herman\AppData\Local\temp\n3700\GenesisInstaller.exe
2014-04-15 14:42:23 316287C0010874356127DD8B7BC17896 281600 —-atw- C:\Users\Herman\AppData\Local\temp\n3700\s3700.exe
2014-04-15 14:34:41 ADACCDC99F8D4F2F96DE6C21337D84B0 137699152 —-a-w- C:\Users\Herman\Favorites\Downloads\iTunesSetup (2).exe
=== C: other files ==
==== Startup Registry Enabled ======================
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
“IAStorIcon”=“C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“CLMLServer”=“C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe”
“RtHDVCpl”=“C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s”
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
“avgnt”=“C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min”
“Adobe ARM”=“C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APSDaemon”=“C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\Norton Security Scan for Herman.job –ah—– C:\:MF t-C:\PROGRA1\NORTON2\Engine\4031.24\Nss.exe
==== Other Scheduled Tasks ======================
“C:\Windows\system32\tasks\Adobe Flash Player Updater”
“C:\Windows\system32\tasks\CCleanerSkipUAC”
“C:\Windows\system32\tasks\CreateChoiceProcessTask”
“C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA”
“C:\Windows\system32\tasks\Norton Security Scan for Herman”
“C:\Windows\system32\tasks\User_Feed_Synchronization-{ED3EFFCD-6440-42B5-8315-0CC054534C6A}”
“C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate”
==== Firefox Extensions ======================
ProfilePath: C:\Users\Herman\AppData\Roaming\Mozilla\Firefox\Profiles\gd87bqbj.default
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Herman\AppData\Roaming\Mozilla\Firefox\Profiles\gd87bqbj.default
C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
B16EC84E06F26B8B85800F3B07B8D757 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
33839CA6CC3FD43400ECAEC4D73C74E2 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
9D35E12B661581B83DD74EB910EA9E6D - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll - Java Deployment Toolkit 6.0.240.7
==== Chrome Look ======================
Google Docs - Herman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Herman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Herman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Herman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Planetarium - Herman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp
Google Wallet - Herman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Herman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://search.conduit.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=M1F4BB514-1117-4646-97CF-748532ABF9C9&SearchSource=55&CUI=&UM=5&UP=SP4E570A75-FD93-4D3E-91AC-6178B499B17C&SSPV=”
New Values:
“Start Page”=“http://www.google.com”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{27F40618-1EB3-453C-AD20-7592C5309CE9}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR”
{27F40618-1EB3-453C-AD20-7592C5309CE9} Google Url=“http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=1I7SUNC_nlBE402”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
{A6C11E2B-7653-4138-9BC5-AEC5D1ED1970} Bing Url=“http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox”
==== HijackThis Entries ======================
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Herman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Herman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Herman\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=212 folders=46 80374215 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Herman\AppData\Local\temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Herman\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Windows\system32\2EC10B82BE.sys” not deleted
“C:\Windows\system32\KGyGaAvL.sys” not deleted
==== EOF on vr 18/04/2014 at 19:53:55,80 ======================
Ben

18-04-2014 20:08

Hallo,
Download Emsisoft Anti-Malware naar het bureaublad.
Emsisoft Anti-Malware uitvoeren
Dubbelklik op "EmsisoftAntiMalwareSetup.exe" om Emsisoft Anti-Malware te installeren.
Kies in het volgende scherm de gewenste taal en klik op "OK"
Selecteer de optie "Ik accepteer de licentieovereenkomst“ en klik op ”Installeren"
Klik in het licentiescherm op de knop "Volgende" .
Vink in het volgende scherm de optie "Update extra talen uit" en klik op volgende.
Klik nu op de optie "Computer scannen“ en kies de optie ”Slim“ en druk op de knop ”scan"
Laat de gevonden items in quarantaine plaatsen en klik op "Rapport bekijken", het logbestand wordt nu automatisch geopend.
Plaats dit logje.
Guy Sourbron

18-04-2014 21:03

Emsisoft Anti-Malware - Versie 8.1
Laatste Update: 18/04/2014 20:25:08
Gebruikersaccount: GUY-SOURBRON\Herman
Scaninstellingen:
Scanmodus: Slimme scan
Objecten: Rootkits, Geheugen, Sporen, C:\Windows\, C:\Program Files\
Detecteer PUPs: Aan
Scan archieven: Uit
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
Scan gestart: 18/04/2014 20:26:07
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Ontdekt: Application.Win32.WebApp (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Ontdekt: Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-4100528506-3948064159-3423319945-1000\SOFTWARE\SYSTWEAK Ontdekt: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\PERFORMERSOFT Ontdekt: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK Ontdekt: Application.InstallAd (A)
C:\Documents and Settings\All Users\Application Data\Ask Ontdekt: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.BAD Ontdekt: Backdoor.Win32.Beast (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Ontdekt: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-4100528506-3948064159-3423319945-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Ontdekt: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-4100528506-3948064159-3423319945-1000\SOFTWARE\YAHOOPARTNERTOOLBAR Ontdekt: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP Ontdekt: Application.AdReg (A)
Gescand: 161425
Gevonden: 11
Scan geëindigd: 18/04/2014 20:59:39
Scantijd: 0:33:32
Ben

18-04-2014 21:05

Hallo,
Heb je het genen wat is gevonden ook laten verwijderen?
Guy Sourbron

18-04-2014 21:10

ja nu in qaurantaine geplaatst
Ben

18-04-2014 21:12

Hallo,
Oke hoe draait de pc nu?
Guy Sourbron

19-04-2014 17:48

Dag Ben
Heb nog eens getest en gesurft maar er komen geen ongevraagde pagina's meer op de achtergrond de pc werkt ook terug sneller.
Ik denk dat wij het topic kunnen afsluiten.
Hartelijk dank
en een vrolijk pasen.
Guy:)-D
Ben

19-04-2014 18:16

Hallo,
Dat is mooi, je mag EmsisoftAntiMalware weer verwijderen.
Met het onderstaande tooltje ruim je o.a. de rest van alle gebruikte tools op:
Download
Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Remove disinfection tools
Purge System Restore
Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

veel ongevraagde starpagina's

Guy Sourbron

Ben

Guy Sourbron

Ben

Guy Sourbron

Ben

Guy Sourbron

Ben

Guy Sourbron

Ben