Is mijn logje schoon??

buuf

05-06-2014 18:22

Hallo,
Graag zou ik willen weten of er nog iets niet oke op mijn computer staat.
Groetjes Buuf
Hier mijn logjes:
info.txt logfile of random's system information tool 1.10 2014-06-05 18:18:38
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A4CC3585400000001010002FEFFFF3F0000003B4C380180FEFFFF07FEFFFF7A4C38013D7D3F0600FEFFFF0FFEFFFFB7C977070AC1290B0000000000000000000000000000000055AA
======Uninstall list======
Adobe Flash Player 13 Plugin–>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe -maintain plugin
Canon MX350 series MP Drivers–>“C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series\DelDrv64.exe” /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series /L0x0013
CCleaner–>“C:\Program Files\CCleaner\uninst.exe”
CleanUp!–>C:\Program Files (x86)\CleanUp!\uninstall.exe
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{F2CE207D-C146-4BFD-A1C2-219483C58819}” “1033” “0”
Java 7 Update 55–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217055FF}
Malwarebytes Anti-Malware versie 2.0.2.1012–>“C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe”
Microsoft .NET Framework 4.5.1–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.1–>MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}
Microsoft Office Access MUI (English) 2010–>MsiExec.exe /X{90140000-0015-0409-1000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010–>MsiExec.exe /X{90140000-0117-0409-1000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010–>MsiExec.exe /X{90140000-0016-0409-1000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010–>MsiExec.exe /X{90140000-00BA-0409-1000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010–>MsiExec.exe /X{90140000-0044-0409-1000-0000000FF1CE}
Microsoft Office Office 32-bit Components 2010–>MsiExec.exe /X{90140000-0043-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010–>MsiExec.exe /X{90140000-00A1-0409-1000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010–>MsiExec.exe /X{90140000-001A-0409-1000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010–>MsiExec.exe /X{90140000-0018-0409-1000-0000000FF1CE}
Microsoft Office Professional Plus 2010–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe” /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010–>MsiExec.exe /X{90140000-0011-0000-1000-0000000FF1CE}
Microsoft Office Proof (English) 2010–>MsiExec.exe /X{90140000-001F-0409-1000-0000000FF1CE}
Microsoft Office Proof (French) 2010–>MsiExec.exe /X{90140000-001F-040C-1000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010–>MsiExec.exe /X{90140000-001F-0C0A-1000-0000000FF1CE}
Microsoft Office Proofing (English) 2010–>MsiExec.exe /X{90140000-002C-0409-1000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010–>MsiExec.exe /X{90140000-0019-0409-1000-0000000FF1CE}
Microsoft Office Shared 32-bit MUI (English) 2010–>MsiExec.exe /X{90140000-0043-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010–>MsiExec.exe /X{90140000-006E-0409-1000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010–>MsiExec.exe /X{90140000-0115-0409-1000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010–>MsiExec.exe /X{90140000-001B-0409-1000-0000000FF1CE}
Microsoft Security Client–>MsiExec.exe /X{BFAE8D5B-F918-486F-B74E-90762DF11C5C}
Microsoft Security Essentials–>“C:\Program Files\Microsoft Security Client\Setup.exe” /x
Mozilla Firefox 29.0.1 (x86 nl)–>“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe”
Mozilla Maintenance Service–>“C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe”
NVIDIA Grafisch stuurprogramma 307.83–>“C:\Windows\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\installer.{2C2904B1-88B6-4CBA-86BF-D8E35EB3EC6C}\NVI2.DLL”,UninstallPackage Display.Driver
NVIDIA Update 1.10.8–>“C:\Windows\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\installer.{2C2904B1-88B6-4CBA-86BF-D8E35EB3EC6C}\NVI2.DLL”,UninstallPackage Display.Update
PDF-Viewer–>“C:\Program Files\Tracker Software\PDF Viewer\unins000.exe”
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {BD0F9F7E-62B2-3971-9E2E-B87B832CE89D}
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {513BC47F-0560-33C2-A029-C5387642233A}
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {599EC629-2679-30CE-B28B-7432EF5FC126}
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{8E99BFFF-3DFD-4FEF-AF09-FB6BFA486BBE}” “1033” “0”
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-006E-0409-1000-0000000FF1CE}” “{3EF1F35B-C7BC-47B6-ACE9-FB33C992A812}” “1033” “0”
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{A2F2E3C4-887C-4A3B-B73A-576984420D12}” “1033” “0”
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{43ADD46C-BD44-49BB-AB04-E1A42F2DD7AB}” “1033” “0”
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{8A1AE697-FB15-4C7D-A002-E2F0B1BEE737}” “1033” “0”
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{DEE523DB-C590-45D3-B658-73F93062D7B3}” “1033” “0”
Security Update for Microsoft Office 2010 (KB2878284) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0409-1000-0000000FF1CE}” “{E8E80E5C-ED16-4EEE-B9F2-DA16941D253D}” “1033” “0”
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{C7B639A9-54A9-4B30-87AA-45BD4F06E1A6}” “1033” “0”
Security Update for Microsoft Word 2010 (KB2863926) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{752042E1-CEE6-4326-8967-732A94B3702D}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{A3364707-2F53-4C83-8F68-C9877A9080C7}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0015-0409-1000-0000000FF1CE}” “{C7BC6847-623D-4D8F-B87C-82215F0752BA}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0016-0409-1000-0000000FF1CE}” “{C7BC6847-623D-4D8F-B87C-82215F0752BA}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0018-0409-1000-0000000FF1CE}” “{C7BC6847-623D-4D8F-B87C-82215F0752BA}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0019-0409-1000-0000000FF1CE}” “{C7BC6847-623D-4D8F-B87C-82215F0752BA}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001A-0409-1000-0000000FF1CE}” “{C7BC6847-623D-4D8F-B87C-82215F0752BA}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001B-0409-1000-0000000FF1CE}” “{C7BC6847-623D-4D8F-B87C-82215F0752BA}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0409-1000-0000000FF1CE}” “{C814F7D9-CE9D-45AA-BA7C-88BDD0E1EB7C}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-040C-1000-0000000FF1CE}” “{77A8B979-11B0-4774-8003-574EE8A4BC22}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0C0A-1000-0000000FF1CE}” “{05916788-991E-417B-A8F3-77F90A2B8271}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002C-0409-1000-0000000FF1CE}” “{D4D48631-AC28-4250-B882-C956555B0B1D}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{F3FAAB68-7697-4B1F-A23A-72312565AEAB}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0409-1000-0000000FF1CE}” “{944EFCFD-823D-4C0A-9B01-CD76EEAEA1F3}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0044-0409-1000-0000000FF1CE}” “{C7BC6847-623D-4D8F-B87C-82215F0752BA}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-006E-0409-1000-0000000FF1CE}” “{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-00A1-0409-1000-0000000FF1CE}” “{C7BC6847-623D-4D8F-B87C-82215F0752BA}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-00BA-0409-1000-0000000FF1CE}” “{C7BC6847-623D-4D8F-B87C-82215F0752BA}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0115-0409-1000-0000000FF1CE}” “{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}” “1033” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0117-0409-1000-0000000FF1CE}” “{C7BC6847-623D-4D8F-B87C-82215F0752BA}” “1033” “0”
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}” “1033” “0”
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{84B191B5-5319-463A-A305-8C4D53B1D20A}” “1033” “0”
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}” “1033” “0”
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}” “1033” “0”
Update for Microsoft Office 2010 (KB2553092)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{E636FE63-842B-4F4B-9884-DA189ACC0B91}” “1033” “0”
Update for Microsoft Office 2010 (KB2553092)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0044-0409-1000-0000000FF1CE}” “{E636FE63-842B-4F4B-9884-DA189ACC0B91}” “1033” “0”
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{79C725A1-3964-421C-A528-78C1C083C7C7}” “1033” “0”
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}” “1033” “0”
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}” “1033” “0”
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{EBD18DE5-BC84-4B57-9A30-097044871F9A}” “1033” “0”
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{4AD36582-256B-433D-8593-F31773A15CA4}” “1033” “0”
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{4AD36582-256B-433D-8593-F31773A15CA4}” “1033” “0”
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{F216169C-2B40-429B-8370-B5BA06EC5423}” “1033” “0”
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{F216169C-2B40-429B-8370-B5BA06EC5423}” “1033” “0”
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{07DC9C6C-E916-4F42-8677-716930ED0393}” “1033” “0”
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}” “1033” “0”
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}” “1033” “0”
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0044-0409-1000-0000000FF1CE}” “{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}” “1033” “0”
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-040C-1000-0000000FF1CE}” “{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}” “1033” “0”
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0C0A-1000-0000000FF1CE}” “{E84E9B25-BEB6-4F2F-84BB-755CDA8E89C0}” “1033” “0”
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{8A6BDA63-4D23-4485-A466-8979E10BCF49}” “1033” “0”
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{8A6BDA63-4D23-4485-A466-8979E10BCF49}” “1033” “0”
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{3029C408-1DD1-4273-8E58-87CB1B638FC8}” “1033” “0”
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{3029C408-1DD1-4273-8E58-87CB1B638FC8}” “1033” “0”
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{DDDC32A5-9528-4771-B91A-97A8E1D7957B}” “1033” “0”
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001A-0409-1000-0000000FF1CE}” “{DBAC8ED2-9287-499E-AD66-590C7413C7DE}” “1033” “0”
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{A20A650C-F820-4CE4-AEA5-EC140192FAFB}” “1033” “0”
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0018-0409-1000-0000000FF1CE}” “{393B360E-62F8-463D-B914-1ECDC1359A46}” “1033” “0”
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}” “1033” “0”
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}” “1033” “0”
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{F6F342A1-530B-4D48-A468-1E3F70928984}” “1033” “0”
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}” “1033” “0”
VLC media player 2.1.3–>C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WinRAR 4.11 (64-bit)–>C:\Program Files\WinRAR\uninstall.exe
======System event log======
Computer Name: 37L4247F27-25
Event Code: 7036
Message: De Distributed Link Tracking Client-service heeft nu de status stopped.
Record Number: 5
Source Name: Service Control Manager
Time Written: 20101121035831.108772-000
Event Type: Informatie
User:
Computer Name: 37L4247F27-25
Event Code: 7036
Message: De Desktop Window Manager Session Manager-service heeft nu de status stopped.
Record Number: 4
Source Name: Service Control Manager
Time Written: 20101121035831.108772-000
Event Type: Informatie
User:
Computer Name: 37L4247F27-25
Event Code: 7036
Message: De Power-service heeft nu de status stopped.
Record Number: 3
Source Name: Service Control Manager
Time Written: 20101121035831.108772-000
Event Type: Informatie
User:
Computer Name: 37L4247F27-25
Event Code: 7036
Message: De Windows Event Log-service heeft nu de status stopped.
Record Number: 2
Source Name: Service Control Manager
Time Written: 20101121035831.093172-000
Event Type: Informatie
User:
Computer Name: 37L4247F27-25
Event Code: 7036
Message: De Diagnostic Policy Service-service heeft nu de status stopped.
Record Number: 1
Source Name: Service Control Manager
Time Written: 20101121035831.093172-000
Event Type: Informatie
User:
=====Application event log=====
Computer Name: 37L4247F27-25
Event Code: 5617
Message: Subsystemen van Windows Management Instrumentation-service zijn geïnitialiseerd
Record Number: 5
Source Name: Microsoft-Windows-WMI
Time Written: 20140413215512.000000-000
Event Type: Informatie
User:
Computer Name: 37L4247F27-25
Event Code: 5615
Message: De Windows Management Instrumentation-service is gestart
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20140413215506.000000-000
Event Type: Informatie
User:
Computer Name: 37L4247F27-25
Event Code: 4625
Message: Het EventSystem-subsysteem onderdrukt gedurende 86400 seconden dubbele vermeldingen in het gebeurtenislogboek. De time-out voor onderdrukking kan worden ingesteld met de REG_DWORD-waarde SuppressDuplicateDuration in de volgende registersleutel: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 3
Source Name: Microsoft-Windows-EventSystem
Time Written: 20140413215458.000000-000
Event Type: Informatie
User:
Computer Name: 37L4247F27-25
Event Code: 1531
Message: De User Profile-service is gestart.
Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20140413215457.719600-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM
Computer Name: 37L4247F27-25
Event Code: 1532
Message: De User Profile-service is gestopt.
Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101121035831.124372-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: 37L4247F27-25
Event Code: 4735
Message: Er is een lokale groep met beveiliging gewijzigd.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: 37L4247F27-25$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Groep:
Beveiligings-id: S-1-5-32-551
Naam van groep: Back-upoperators
Domein van groep: Builtin
Gewijzigde kenmerken:
SAM-accountnaam: -
SID-geschiedenis: -
Aanvullende gegevens:
Bevoegdheden: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140413215425.583600-000
Event Type: Controle geslaagd
User:
Computer Name: 37L4247F27-25
Event Code: 4731
Message: Er is een lokale groep met beveiliging gemaakt.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: 37L4247F27-25$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Nieuwe groep:
Beveiligings-id: S-1-5-32-551
Naam van groep: Back-upoperators
Domein van groep: Builtin
Kenmerken:
SAM-accountnaam: Back-upoperators
SID-geschiedenis: -
Aanvullende gegevens:
Bevoegdheden: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140413215425.583600-000
Event Type: Controle geslaagd
User:
Computer Name: 37L4247F27-25
Event Code: 4902
Message: De tabel voor controlebeleid per gebruiker is gemaakt.
Aantal elementen: 0
Beleids-id: 0x3052a
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140413215425.022000-000
Event Type: Controle geslaagd
User:
Computer Name: 37L4247F27-25
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-0-0
Accountnaam: -
Accountdomein: -
Aanmeldings-id: 0x0
Aanmeldingstype: 0
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x4
Naam proces:
Netwerkgegevens:
Naam van werkstation: -
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: -
Verificatiepakket: -
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140413215420.763200-000
Event Type: Controle geslaagd
User:
Computer Name: 37L4247F27-25
Event Code: 4608
Message: Windows wordt opgestart.
Deze gebeurtenis wordt in het logboek geregistreerd wanneer LSASS.EXE wordt gestart en het subsysteem voor controle wordt geïnitialiseerd.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140413215420.498000-000
Event Type: Controle geslaagd
User:
======Environment variables======
“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=AMD64
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
“PSModulePath”=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
“NUMBER_OF_PROCESSORS”=1
“PROCESSOR_LEVEL”=15
“PROCESSOR_IDENTIFIER”=AMD64 Family 15 Model 127 Stepping 2, AuthenticAMD
“PROCESSOR_REVISION”=7f02
“windows_tracing_logfile”=C:\BVTBin\Tests\installpackage\csilogfile.log
“windows_tracing_flags”=3
—————–EOF—————–
Ben

05-06-2014 18:25

Hallo,
Je heb het info.txt logje geplaatst ik zou graag het "Log.txt" logje willen zien (tu)
buuf

05-06-2014 18:26

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5-6-2014
Scan Time: 17:41:24
Logfile: malwarescan.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.05.08
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: kersten
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 287915
Time Elapsed: 14 min, 29 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 8
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, ,
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, ,
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, ,
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, ,
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-4013957942-683068003-3656966143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com, Quarantined, ,
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4013957942-683068003-3656966143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, ,
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4013957942-683068003-3656966143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, ,
PUP.Optional.Softonic.A, HKU\S-1-5-21-4013957942-683068003-3656966143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, ,
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4013957942-683068003-3656966143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0A2O1C1R1H2Z1S1G1M1F, Quarantined,
Registry Data: 2
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q&cr=760540685&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q&cr=760540685&ir=),Replaced,
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q&cr=760540685&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q&cr=760540685&ir=),Replaced,
Folders: 1
PUP.Optional.SimilarSites.A, C:\Users\kersten\AppData\Roaming\SimilarSites, Quarantined, ,
Files: 61
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.AL”, 2), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.aflt”, “wnzp_14_17_ff”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.appId”, “{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.cd”, “2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.cntry”, “NL”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.cr”, “760540685”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.dfltLng”, “”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.dfltSrch”, true), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.dnsErr”, true), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.dpkLst”, “3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.excTlbr”, false), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.hdrMd5”, “1DAFC3BC80B5A9DE63BAA095DAE53266”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.hmpg”, true), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.hmpgUrl”, “http://start.mysearchdial.com/?f=1&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q&cr=760540685&ir=”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.id”, “001D72AFC53C30D0”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.instlDay”, “16181”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.instlRef”, “140305_a”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.lastB”, “http://start.mysearchdial.com/?f=1&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q&cr=760540685&ir=”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.lastVrsnTs”, “1.8.29.011:52:5”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.newTabUrl”, “http://start.mysearchdial.com/?f=2&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q&cr=760540685&ir=”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.pnu_base”, “{\”newVrsn\“:\”95\“,\”lastVrsn\“:\”95\“,\”vrsnLoad\“:\”\“,\”showMsg\“:\”false\“,\”showSilent\“:\”false\“,\”msgTs\“:0,\”lstMsgTs\“:\”0\“}”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.prdct”, “mysearchdial”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.prtnrId”, “mysearchdial”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.sg”, “none”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.srchPrvdr”, “Mysearchdial”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.tlbrId”, “base”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.tlbrSrchUrl”, “http://start.mysearchdial.com/?f=3&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q&cr=760540685&ir=&q=”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.vrsn”, “1.8.29.0”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.vrsni”, “1.8.29.0”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial_i.newTab”, false), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial_i.smplGrp”, “none”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\prefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial_i.vrsnTs”, “1.8.29.011:52:5”), Replaced,
PUP.Optional.MySearch.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.irmysearch.aflt”, “wnzp_14_17_ff”), Replaced,
PUP.Optional.MySearch.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.irmysearch.instlRef”, “140305_a”), Replaced,
PUP.Optional.MySearch.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.irmysearch.cr”, “760540685”), Replaced,
PUP.Optional.MySearch.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.irmysearch.cd”, “2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.hmpg”, true), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.hmpgUrl”, “http://start.mysearchdial.com/?f=1&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q&cr=760540685&ir=”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.dfltSrch”, true), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.srchPrvdr”, “Mysearchdial”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.dnsErr”, true), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial_i.newTab”, false), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.newTabUrl”, “http://start.mysearchdial.com/?f=2&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q&cr=760540685&ir=”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.tlbrSrchUrl”, “http://start.mysearchdial.com/?f=3&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q&cr=760540685&ir=&q=”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.id”, “001D72AFC53C30D0”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.instlDay”, “16181”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.vrsn”, “1.8.29.0”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.vrsni”, “1.8.29.0”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial_i.vrsnTs”, “1.8.29.011:52:5”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.prtnrId”, “mysearchdial”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.prdct”, “mysearchdial”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.aflt”, “wnzp_14_17_ff”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial_i.smplGrp”, “none”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.tlbrId”, “base”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.instlRef”, “140305_a”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.dfltLng”, “”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.appId”, “{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.excTlbr”, false), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.cr”, “760540685”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.cd”, “2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0CyByCtBzztGyCyE0B0DtG0D0E0BzztGyDyCtD0DtGyC0F0ByEtD0DtB0D0CyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyDyBzz0A0A0AtG0FyBtCtBtGtDyE0F0FtG0A0B0CyDtGtCtD0F0C0B0EzytDtA0FyC0C2Q”), Replaced,
PUP.Optional.MySearchDial.A, C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default\user.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.AL”, 2), Replaced,
Physical Sectors: 0
(No malicious items detected)
(end)
buuf

05-06-2014 18:28

Sorry, nu de goeie…
Logfile of random's system information tool 1.10 (written by random/random)
Run by kersten at 2014-06-05 18:18:30
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 22 GB (43%) free of 51 GB
Total RAM: 1790 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:18:35, on 5-6-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Users\kersten\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\kersten.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Users\kersten\AppData\Roaming\uTorrent\uTorrent.exe” /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-21-4013957942-683068003-3656966143-1001\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-4013957942-683068003-3656966143-1001\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 7129 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
“C:\Windows\system32\nvvsvc.exe”
C:\Windows\system32\svchost.exe -k RPCSS
“C:\Program Files\Microsoft Security Client\MsMpEng.exe”
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
“C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-06569754-0e51-41d7-aaab-7ce02cee5782 -SystemEventPortName:HostProcess-5998adfe-9484-473b-8993-33bb7c55a88f -IoCancelEventPortName:HostProcess-4696ed87-253b-406c-94f8-46b512e4c6f1 -NonStateChangingEventPortName:HostProcess-96f83b46-9f2d-40a3-9588-c5582ad99518 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e2c0e9c7-950c-4f32-83b8-9eb937dc0486 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe”
C:\Windows\system32\SearchIndexer.exe /Embedding
taskhost.exe USER
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
“C:\Users\kersten\AppData\Roaming\uTorrent\uTorrent.exe” /MINIMIZED
“C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1
“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
“C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE”
“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
“C:\Program Files\Microsoft Security Client\NisSrv.exe”
“D:\downloads\RSITx64.exe”
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AppCloudUpdater.job - C:\Users\kersten\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE /Check
=========Mozilla firefox=========
ProfilePath - C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default
prefs.js - “browser.search.useDBForOrder” - “false”
prefs.js - “browser.startup.homepage” - “about:home”
“Description”=Adobe® Flash® Player 13.0.0.214 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
“Description”=
“Path”=C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
“Description”=
“Path”=disabled
“Description”=Office Authorization plug-in for NPAPI browsers
“Path”=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
“Description”=Microsoft SharePoint Plug-in for Firefox
“Path”=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
“Description”=
“Path”=C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
“Description”=VLC Multimedia Plugin
“Path”=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
“Description”=Adobe® Flash® Player 13.0.0.214 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll
“Description”=
“Path”=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
“Description”=
“Path”=disabled
“Description”=Office Authorization plug-in for NPAPI browsers
“Path”=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
“Description”=
“Path”=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
npPDFXCviewNPPlugin.dll
======Registry dump======
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
“MSC”=C:\Program Files\Microsoft Security Client\msseces.exe
“BCSSync”=C:\Program Files\Microsoft Office\Office14\BCSSync.exe
“uTorrent”=C:\Users\kersten\AppData\Roaming\uTorrent\uTorrent.exe
“SunJavaUpdateSched”=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2014-06-05 18:18:31 —-D—- C:\Program Files\trend micro
2014-06-05 18:18:30 —-D—- C:\rsit
2014-06-05 17:40:57 —-A—- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-06-05 17:40:12 —-D—- C:\ProgramData\Malwarebytes
2014-06-05 17:40:12 —-D—- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-05 17:40:12 —-A—- C:\Windows\system32\drivers\mwac.sys
2014-06-05 17:40:12 —-A—- C:\Windows\system32\drivers\mbamchameleon.sys
2014-06-05 17:40:12 —-A—- C:\Windows\system32\drivers\mbam.sys
2014-06-05 17:34:13 —-D—- C:\Program Files\CCleaner
2014-05-25 15:40:30 —-D—- C:\Program Files\Common Files\DESIGNER
2014-05-25 15:17:45 —-D—- C:\Program Files\Microsoft Synchronization Services
2014-05-25 15:16:45 —-D—- C:\Windows\PCHEALTH
2014-05-25 15:16:45 —-D—- C:\Program Files\Microsoft Sync Framework
2014-05-25 15:16:45 —-D—- C:\Program Files\Microsoft SQL Server Compact Edition
2014-05-25 15:14:09 —-D—- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-05-25 15:12:31 —-D—- C:\Program Files\Microsoft Analysis Services
2014-05-25 15:12:31 —-D—- C:\Program Files (x86)\Microsoft Analysis Services
2014-05-25 15:11:17 —-D—- C:\Program Files (x86)\Microsoft Office
2014-05-25 15:11:05 —-D—- C:\Program Files\Microsoft Office
2014-05-25 15:11:03 —-D—- C:\ProgramData\Microsoft Help
2014-05-25 15:10:35 —-RHD—- C:\MSOCache
2014-05-25 14:54:07 —-D—- C:\ProgramData\Microsoft Toolkit
2014-05-25 14:47:01 —-D—- C:\Users\kersten\AppData\Roaming\WinRAR
2014-05-25 14:45:23 —-D—- C:\Program Files\WinRAR
2014-05-25 13:59:43 —-D—- C:\Program Files (x86)\MSECache
2014-05-22 20:48:24 —-D—- C:\Users\kersten\AppData\Roaming\.minecraft
2014-05-22 20:48:01 —-D—- C:\ProgramData\Oracle
2014-05-22 20:47:52 —-D—- C:\ProgramData\Sun
2014-05-22 20:47:46 —-A—- C:\Windows\SYSWOW64\javaws.exe
2014-05-22 20:47:27 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-05-22 20:47:27 —-A—- C:\Windows\SYSWOW64\javaw.exe
2014-05-22 20:47:27 —-A—- C:\Windows\SYSWOW64\java.exe
2014-05-22 20:46:56 —-D—- C:\Program Files (x86)\Java
2014-05-14 23:42:12 —-A—- C:\Windows\SYSWOW64\mshtmled.dll
2014-05-14 23:42:12 —-A—- C:\Windows\system32\mshtmled.dll
2014-05-14 23:42:12 —-A—- C:\Windows\system32\mshtml.dll
2014-05-14 23:42:10 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2014-05-14 23:09:20 —-A—- C:\Windows\system32\shell32.dll
2014-05-14 23:09:19 —-A—- C:\Windows\SYSWOW64\shell32.dll
2014-05-14 23:09:17 —-A—- C:\Windows\system32\aepdu.dll
2014-05-14 23:09:16 —-A—- C:\Windows\system32\aeinv.dll
2014-05-14 23:08:49 —-A—- C:\Windows\system32\lsasrv.dll
2014-05-14 23:08:48 —-A—- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-05-14 23:08:48 —-A—- C:\Windows\system32\kerberos.dll
2014-05-14 23:08:47 —-A—- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-05-14 23:08:47 —-A—- C:\Windows\SYSWOW64\kerberos.dll
2014-05-14 23:08:47 —-A—- C:\Windows\system32\winlogon.exe
2014-05-14 23:08:47 —-A—- C:\Windows\system32\msv1_0.dll
2014-05-14 23:08:46 —-A—- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-14 23:08:46 —-A—- C:\Windows\system32\objsel.dll
2014-05-14 23:08:45 —-A—- C:\Windows\system32\ntoskrnl.exe
2014-05-14 23:08:44 —-A—- C:\Windows\SYSWOW64\objsel.dll
2014-05-14 23:08:44 —-A—- C:\Windows\system32\wdigest.dll
2014-05-14 23:08:44 —-A—- C:\Windows\system32\TSpkg.dll
2014-05-14 23:08:44 —-A—- C:\Windows\system32\KernelBase.dll
2014-05-14 23:08:43 —-A—- C:\Windows\SYSWOW64\wdigest.dll
2014-05-14 23:08:43 —-A—- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-14 23:08:43 —-A—- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-14 23:08:43 —-A—- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-14 23:08:42 —-A—- C:\Windows\SYSWOW64\schannel.dll
2014-05-14 23:08:42 —-A—- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-05-14 23:08:42 —-A—- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-14 23:08:42 —-A—- C:\Windows\SYSWOW64\cngprovider.dll
2014-05-14 23:08:42 —-A—- C:\Windows\SYSWOW64\capiprovider.dll
2014-05-14 23:08:42 —-A—- C:\Windows\SYSWOW64\adprovider.dll
2014-05-14 23:08:42 —-A—- C:\Windows\system32\schannel.dll
2014-05-14 23:08:42 —-A—- C:\Windows\system32\dpapiprovider.dll
2014-05-14 23:08:42 —-A—- C:\Windows\system32\dimsroam.dll
2014-05-14 23:08:42 —-A—- C:\Windows\system32\cngprovider.dll
2014-05-14 23:08:42 —-A—- C:\Windows\system32\capiprovider.dll
2014-05-14 23:08:42 —-A—- C:\Windows\system32\adprovider.dll
2014-05-14 23:08:41 —-A—- C:\Windows\system32\wincredprovider.dll
2014-05-14 23:08:41 —-A—- C:\Windows\system32\sspicli.dll
2014-05-14 23:08:41 —-A—- C:\Windows\system32\drivers\ksecdd.sys
2014-05-14 23:08:40 —-A—- C:\Windows\SYSWOW64\wincredprovider.dll
2014-05-14 23:08:40 —-A—- C:\Windows\system32\lsass.exe
2014-05-14 23:08:39 —-A—- C:\Windows\SYSWOW64\sspicli.dll
2014-05-14 23:08:39 —-A—- C:\Windows\SYSWOW64\secur32.dll
2014-05-14 23:08:39 —-A—- C:\Windows\SYSWOW64\credssp.dll
2014-05-14 23:08:39 —-A—- C:\Windows\system32\sspisrv.dll
2014-05-14 23:08:39 —-A—- C:\Windows\system32\secur32.dll
2014-05-14 23:08:39 —-A—- C:\Windows\system32\credssp.dll
2014-05-14 17:54:05 —-A—- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2014-05-10 15:06:13 —-D—- C:\Program Files (x86)\Mozilla Firefox
2014-05-09 14:42:16 —-D—- C:\Program Files (x86)\CleanUp!
2014-05-07 03:03:05 —-A—- C:\Windows\system32\ieui.dll
2014-05-07 03:03:04 —-A—- C:\Windows\SYSWOW64\ieui.dll
2014-05-07 03:02:59 —-A—- C:\Windows\system32\vbscript.dll
2014-05-07 03:02:58 —-A—- C:\Windows\SYSWOW64\vbscript.dll
2014-05-07 03:02:41 —-A—- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 03:02:41 —-A—- C:\Windows\system32\iernonce.dll
2014-05-07 03:02:41 —-A—- C:\Windows\system32\ie4uinit.exe
2014-05-07 03:02:40 —-A—- C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 03:02:37 —-A—- C:\Windows\system32\jscript9diag.dll
2014-05-07 03:02:36 —-A—- C:\Windows\SYSWOW64\dxtmsft.dll
2014-05-07 03:02:36 —-A—- C:\Windows\system32\dxtrans.dll
2014-05-07 03:02:36 —-A—- C:\Windows\system32\dxtmsft.dll
2014-05-07 03:02:35 —-A—- C:\Windows\SYSWOW64\msrating.dll
2014-05-07 03:02:35 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2014-05-07 03:02:35 —-A—- C:\Windows\SYSWOW64\dxtrans.dll
2014-05-07 03:02:35 —-A—- C:\Windows\system32\msrating.dll
2014-05-07 03:02:35 —-A—- C:\Windows\system32\jsproxy.dll
2014-05-07 03:02:34 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2014-05-07 03:02:34 —-A—- C:\Windows\system32\msfeeds.dll
2014-05-07 03:02:32 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe
2014-05-07 03:02:31 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2014-05-07 03:02:31 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2014-05-07 03:02:31 —-A—- C:\Windows\system32\ieUnatt.exe
2014-05-07 03:02:31 —-A—- C:\Windows\system32\iesetup.dll
2014-05-07 03:02:30 —-A—- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-05-07 03:02:25 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll
2014-05-07 03:02:25 —-A—- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-05-07 03:02:24 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll
2014-05-07 03:02:24 —-A—- C:\Windows\system32\ieapfltr.dll
2014-05-07 03:02:23 —-A—- C:\Windows\system32\ieetwproxystub.dll
2014-05-07 03:02:23 —-A—- C:\Windows\system32\ieetwcollector.exe
2014-05-07 03:02:21 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 03:02:18 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2014-05-07 03:02:17 —-A—- C:\Windows\SYSWOW64\wininet.dll
2014-05-07 03:02:17 —-A—- C:\Windows\system32\iertutil.dll
2014-05-07 03:02:16 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2014-05-07 03:02:16 —-A—- C:\Windows\system32\wininet.dll
2014-05-07 03:02:16 —-A—- C:\Windows\system32\urlmon.dll
2014-05-07 03:02:12 —-A—- C:\Windows\system32\ieframe.dll
2014-05-07 03:02:10 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2014-05-07 03:02:08 —-A—- C:\Windows\system32\jscript9.dll
2014-05-07 03:02:07 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2014-05-07 03:01:36 —-SD—- C:\Windows\system32\CompatTel
======List of files/folders modified in the last 1 month======
2014-06-05 18:18:35 —-D—- C:\Windows\Prefetch
2014-06-05 18:18:31 —-RD—- C:\Program Files
2014-06-05 18:18:16 —-D—- C:\Users\kersten\AppData\Roaming\uTorrent
2014-06-05 18:12:45 —-D—- C:\Windows\Temp
2014-06-05 17:40:57 —-D—- C:\Windows\system32\drivers
2014-06-05 17:40:12 —-RD—- C:\Program Files (x86)
2014-06-05 17:40:12 —-HD—- C:\ProgramData
2014-06-05 17:37:04 —-D—- C:\Windows\Panther
2014-06-05 17:37:04 —-D—- C:\Windows\Logs
2014-06-05 17:37:04 —-D—- C:\Windows\inf
2014-06-05 17:37:04 —-D—- C:\Windows\debug
2014-06-05 17:37:04 —-D—- C:\Windows
2014-06-05 17:34:20 —-D—- C:\Windows\system32\Tasks
2014-06-05 15:53:13 —-D—- C:\Windows\system32\config
2014-06-05 15:41:27 —-SHD—- C:\System Volume Information
2014-05-30 23:07:50 —-D—- C:\Users\kersten\AppData\Roaming\vlc
2014-05-30 22:53:33 —-D—- C:\Windows\System32
2014-05-30 22:53:33 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-05-30 22:48:42 —-D—- C:\Users\kersten\AppData\Roaming\dvdcss
2014-05-28 23:36:03 —-SD—- C:\Users\kersten\AppData\Roaming\Microsoft
2014-05-28 17:13:16 —-D—- C:\Windows\system32\LogFiles
2014-05-26 17:08:36 —-SHD—- C:\Windows\Installer
2014-05-25 16:16:50 —-D—- C:\Windows\Microsoft.NET
2014-05-25 16:16:47 —-RSD—- C:\Windows\assembly
2014-05-25 15:44:57 —-D—- C:\Windows\SysWOW64
2014-05-25 15:44:03 —-A—- C:\Windows\win.ini
2014-05-25 15:43:57 —-D—- C:\Program Files\Common Files\System
2014-05-25 15:40:30 —-D—- C:\Program Files\Common Files
2014-05-25 15:22:30 —-D—- C:\Windows\winsxs
2014-05-25 15:19:38 —-RSD—- C:\Windows\Fonts
2014-05-25 15:19:17 —-D—- C:\Windows\ShellNew
2014-05-25 15:19:15 —-D—- C:\Program Files\Common Files\Microsoft Shared
2014-05-25 15:17:24 —-D—- C:\Program Files (x86)\MSBuild
2014-05-25 15:16:45 —-SD—- C:\ProgramData\Microsoft
2014-05-25 15:16:45 —-D—- C:\Program Files (x86)\Microsoft.NET
2014-05-22 20:47:51 —-D—- C:\Program Files (x86)\Common Files
2014-05-17 12:58:34 —-D—- C:\Windows\rescache
2014-05-17 09:38:34 —-D—- C:\Windows\system32\nl-NL
2014-05-17 09:38:34 —-D—- C:\Windows\PolicyDefinitions
2014-05-14 23:42:18 —-D—- C:\Windows\system32\catroot2
2014-05-14 23:42:18 —-D—- C:\Windows\system32\catroot
2014-05-14 23:41:20 —-D—- C:\Windows\system32\MRT
2014-05-14 23:39:37 —-A—- C:\Windows\system32\MRT.exe
2014-05-14 17:54:38 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-05-11 22:42:38 —-D—- C:\Windows\system32\wdi
2014-05-11 12:19:33 —-D—- C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-07 03:21:00 —-D—- C:\Windows\SYSWOW64\nl-NL
2014-05-07 03:21:00 —-D—- C:\Windows\SYSWOW64\en-US
2014-05-07 03:21:00 —-D—- C:\Windows\system32\en-US
2014-05-07 03:21:00 —-D—- C:\Program Files\Internet Explorer
2014-05-07 03:20:59 —-D—- C:\Program Files (x86)\Internet Explorer
2014-05-06 00:55:27 —-D—- C:\Windows\system32\drivers\UMDF
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R3 NVENETFD;NVIDIA nForce-netwerkcontroller; C:\Windows\system32\DRIVERS\nvm62x64.sys
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys
S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys
S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
Ben

05-06-2014 19:49

Hallo,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
torpigcheck;
emptyfolderscheck;delete
chromelook;
C:\Windows\tasks\AppCloudUpdater.job;f
C:\Users\kersten\AppData\Roaming\APPCLO~1;fs
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
buuf

05-06-2014 21:18

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by kersten on do 05-06-2014 at 20:50:35,24.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\downloads\zoek.exe
==== System Restore Info ======================
5-6-2014 20:51:33 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\PROGRA~2\SiteFinder deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\kersten\AppData\Local\Adobe deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4013957942-683068003-3656966143-1000\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\kersten\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default
—- Lines mysearchdial removed from prefs.js —-
user_pref(“browser.search.order.1”, “Mysearchdial”);
user_pref(“extensions.mysearchdial.AL”, 2);
user_pref(“extensions.mysearchdial.aflt”, “wnzp_14_17_ff”);
user_pref(“extensions.mysearchdial.appId”, “{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}”);
user_pref(“extensions.mysearchdial.cd”, "2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1
user_pref(“extensions.mysearchdial.cntry”, “NL”);
user_pref(“extensions.mysearchdial.cr”, “760540685”);
user_pref(“extensions.mysearchdial.dfltLng”, “”);
user_pref(“extensions.mysearchdial.dfltSrch”, true);
user_pref(“extensions.mysearchdial.dnsErr”, true);
user_pref(“extensions.mysearchdial.dpkLst”, "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,304628180
user_pref(“extensions.mysearchdial.excTlbr”, false);
user_pref(“extensions.mysearchdial.hdrMd5”, “1DAFC3BC80B5A9DE63BAA095DAE53266”);
user_pref(“extensions.mysearchdial.hmpg”, true);
user_pref(“extensions.mysearchdial.hmpgUrl”, "http://start.mysearchdial.com/?f=1&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN
user_pref(“extensions.mysearchdial.id”, “001D72AFC53C30D0”);
user_pref(“extensions.mysearchdial.instlDay”, “16181”);
user_pref(“extensions.mysearchdial.instlRef”, “140305_a”);
user_pref(“extensions.mysearchdial.lastB”, "http://start.mysearchdial.com/?f=1&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtDtN0D
user_pref(“extensions.mysearchdial.lastVrsnTs”, “1.8.29.011:52:5”);
user_pref(“extensions.mysearchdial.newTabUrl”, "http://start.mysearchdial.com/?f=2&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtD
user_pref(“extensions.mysearchdial.pnu_base”, “{\”newVrsn\“:\”95\“,\”lastVrsn\“:\”95\“,\”vrsnLoad\“:\”\“,\”showMsg\“:\”false\“,\”showSilent\“:\”false\
user_pref(“extensions.mysearchdial.prdct”, “mysearchdial”);
user_pref(“extensions.mysearchdial.prtnrId”, “mysearchdial”);
user_pref(“extensions.mysearchdial.sg”, “none”);
user_pref(“extensions.mysearchdial.srchPrvdr”, “Mysearchdial”);
user_pref(“extensions.mysearchdial.tlbrId”, “base”);
user_pref(“extensions.mysearchdial.tlbrSrchUrl”, "http://start.mysearchdial.com/?f=3&a=wnzp_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0A0F0CyDtA0CtAtD0D
user_pref(“extensions.mysearchdial.vrsn”, “1.8.29.0”);
user_pref(“extensions.mysearchdial.vrsni”, “1.8.29.0”);
user_pref(“extensions.mysearchdial_i.newTab”, false);
user_pref(“extensions.mysearchdial_i.smplGrp”, “none”);
user_pref(“extensions.mysearchdial_i.vrsnTs”, “1.8.29.011:52:5”);
—- FireFox user.js and prefs.js backups —-
user_05-06-2014_2104_.backup
prefs_05-06-2014_2104_.backup
==== Deleting Files \ Folders ======================
C:\Users\kersten\AppData\Roaming\APPCLO~1 deleted
“C:\Windows\tasks\AppCloudUpdater.job” deleted
==== System Specs ======================
Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 1791 MB
CPU Info: AMD Athlon™ Processor 2650e
CPU Speed: 967,7 MHz
Sound Card: Luidsprekers (High Definition A |
Digitale audio (S/PDIF) (High D |
Display Adapters: NVIDIA GeForce 6150SE nForce 430 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen niet-PnP-beeldscherm |
Screen Resolution: 1024 X 768 - 16 bit
Network: Network Present
Network Adapters: NVIDIA nForce-netwerkcontroller
CD / DVD Drives: 1x (E: | ) E: ATAPI DVD A DH16A6S
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 50,0GB | D: 89,3GB
Hard Disks - Free: C: 21,9GB | D: 72,2GB
Manufacturer *: Phoenix Technologies, LTD
BIOS Info: AT/AT COMPATIBLE | 10/23/08 | ACRSYS - 42302e31
Time Zone: West-Europa (standaardtijd)
Motherboard *: eMachines WMCP61M
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Firefox 29.0.1
Internet Explorer Version: 11.0.9600.17107
Mozilla Firefox version: 29.0.1 (x86 nl)
Sun Java version: 1.7.0_55 (32-bit)
Flash Player version: 13.0.0.214
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\kersten\AppData\Local\Temp ====
====== Java Cache =====
2014-05-28 19:29:32 D41D8CD98F00B204E9800998ECF8427E 0 —-a-w- C:\Users\kersten\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-22123a01
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-06-05 15:40:57 8A50D5304E6AE48664CF5838EC32F647 122584 —-a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-06-05 15:40:12 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-06-05 15:40:12 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-06-05 15:40:12 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-05-14 21:08:43 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 —-a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-05-14 21:08:41 353009DEDF918B2A51414F330CF72DEC 95680 —-a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
2014-05-25 13:21:56 ——– d—–w- C:\Windows\Sysnative\Tasks\OfficeSoftwareProtectionPlatform
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-06-05 16:18:31 ——– d—–w- C:\Program Files\trend micro
2014-05-25 13:40:30 ——– d—–w- C:\Program Files\Common Files\DESIGNER
2014-05-25 13:17:45 ——– d—–w- C:\Program Files\Microsoft Synchronization Services
2014-05-25 13:16:45 ——– d—–w- C:\Program Files\Microsoft SQL Server Compact Edition
2014-05-25 13:12:31 ——– d—–w- C:\Program Files\Microsoft Analysis Services
2014-05-25 13:11:05 ——– d—–w- C:\Program Files\Microsoft Office
2014-05-25 12:45:23 ——– d—–w- C:\Program Files\WinRAR
======= C:\PROGRA~2 =====
2014-05-25 13:14:09 ——– d—–w- C:\PROGRA~2\Microsoft Visual Studio 8
2014-05-25 13:12:31 ——– d—–w- C:\PROGRA~2\Microsoft Analysis Services
2014-05-25 13:11:17 ——– d—–w- C:\PROGRA~2\Microsoft Office
2014-05-25 11:59:43 ——– d—–w- C:\PROGRA~2\MSECache
2014-05-22 18:47:51 ——– d—–w- C:\PROGRA~2\COMMON~1\Java
2014-05-22 18:46:56 ——– d—–w- C:\PROGRA~2\Java
2014-05-09 12:42:16 ——– d—–w- C:\PROGRA~2\CleanUp!
======= C: =====
====== C:\Users\kersten\AppData\Roaming ======
2014-05-25 13:11:22 ——– d—–w- C:\Users\kersten\AppData\Local\Microsoft Help
2014-05-25 12:47:01 ——– d—–w- C:\Users\kersten\AppData\Roaming\WinRAR
2014-05-25 12:45:41 ——– d—–w- C:\Users\kersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-22 18:48:24 ——– d—–w- C:\Users\kersten\AppData\Roaming\.minecraft
2014-05-22 18:44:51 ——– d—–w- C:\Users\kersten\AppData\Locallow\Sun
2014-05-21 21:04:38 ——– d-sh–w- C:\Users\kersten\AppData\Locallow\EmieUserList
2014-05-21 21:04:38 ——– d-sh–w- C:\Users\kersten\AppData\Locallow\EmieSiteList
2014-05-21 21:04:26 ——– d-sh–w- C:\Users\kersten\AppData\Local\EmieUserList
2014-05-21 21:04:26 ——– d-sh–w- C:\Users\kersten\AppData\Local\EmieSiteList
2014-05-09 16:34:18 ——– d—–w- C:\Users\kersten\AppData\Locallow\Temp
2014-05-09 12:42:21 ——– d—–w- C:\Users\kersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
====== C:\Users\kersten ======
2014-05-25 13:19:55 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-05-25 13:19:54 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-05-25 13:11:03 ——– d—–w- C:\ProgramData\Microsoft Help
2014-05-25 12:54:07 ——– d—–w- C:\ProgramData\Microsoft Toolkit
2014-05-25 12:45:41 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-22 18:47:52 ——– d—–w- C:\ProgramData\Sun
2014-05-22 18:47:28 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-11 12:04:30 ——– d—–r- C:\Windows\SysNative\config\systemprofile\Searches
2014-05-09 12:42:21 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
====== C: exe-files ==
2014-06-05 16:18:31 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\kersten.exe
=== C: other files ==
2014-06-05 15:40:57 8A50D5304E6AE48664CF5838EC32F647 122584 —-a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-05 15:40:12 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-05 15:40:12 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-05 15:40:12 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\System32\drivers\mwac.sys
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“uTorrent”=“C:\Users\kersten\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“uTorrent”=“C:\Users\kersten\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED”
==== Startup Registry Enabled x64 ======================
“MSC”=“C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“BCSSync”=“C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\AppCloudUpdater”
“C:\Windows\SysNative\tasks\CCleanerSkipUAC”
“C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask”
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
2014-04-13 22:17:54 ——– d-sh–we C:\PROGRA~3\Bureaublad
2014-04-13 22:17:54 ——– d-sh–we C:\PROGRA~3\Documenten
2014-04-13 22:17:54 ——– d-sh–we C:\PROGRA~3\Favorieten
2014-04-13 22:17:54 ——– d-sh–we C:\PROGRA~3\Menu Start
2014-04-13 22:17:54 ——– d-sh–we C:\PROGRA~3\Sjablonen
2014-04-14 12:10:58 ——– d—–w- C:\PROGRA~3\Mozilla
2014-04-14 13:20:21 ——– d—–w- C:\PROGRA~3\NVIDIA Corporation
2014-04-14 13:22:24 ——– d—–w- C:\PROGRA~3\NVIDIA
2014-05-05 21:17:07 ——– d–h–w- C:\PROGRA~3\CanonBJ
2014-05-22 18:47:52 ——– d—–w- C:\PROGRA~3\Sun
2014-05-25 12:54:07 ——– d—–w- C:\PROGRA~3\Microsoft Toolkit
2014-05-25 13:11:03 ——– d—–w- C:\PROGRA~3\Microsoft Help
2014-06-05 15:40:12 ——– d—–w- C:\PROGRA~3\Malwarebytes
==== Firefox Extensions ======================
ProfilePath: C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\kersten\AppData\Roaming\Mozilla\Firefox\Profiles\rsyvsfae.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
3914DFA00A2B8FAC8E14D2084BD456B4 - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll - PDF-XChange Viewer
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.msn.com/”
“Start Page”=“http://www.google.com”
“Start Page”=“http://www.google.com”
“DefaultScope”=“{77AA745B-F4F8-45DA-9B14-61D2D95054C8}”
not found
New Values:
“Start Page”=“http://www.msn.com/”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== shortcuts on Users Desktops ======================
C:\Users\kersten\Desktop\µTorrent.lnk -
C:\Users\kersten\Desktop\kpn\KPN Assistant.lnk - C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe
C:\Users\kersten\Desktop\kpn\KPN Installatie Assistent.lnk - C:\Program Files (x86)\KPN\KPN Installatie Assistent\KPN_IA.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\PDF-Viewer.lnk - C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
==== shortcuts in Users Start Menu ======================
C:\Users\kersten\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\kersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\kersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\kersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\kersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\kersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp (demo mode).lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp Web Site.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp\Uninstall.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\kersten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GetPose.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://plarium.com/play/en/stormfall/dragon04?adCampaign=22517&clickID=tDtDtC0DyBtB0A0F0CyDtA0CtAtD0DtD&publisherID=2_72
C:\Users\kersten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\kersten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\kersten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\kersten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\kersten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\kersten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CleanUp.lnk -
C:\Users\kersten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\kersten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GetPose.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Users\kersten\AppData\Roaming\uTorrent\uTorrent.exe” /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-21-4013957942-683068003-3656966143-1001\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-4013957942-683068003-3656966143-1001\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\kersten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\kersten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPV8L08J will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\kersten\AppData\Local\Mozilla\Firefox\Profiles\rsyvsfae.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=5 folders=2 16388 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\kersten\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\kersten\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\kersten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPV8L08J” not found
==== EOF on do 05-06-2014 at 21:16:13,94 ======================
Ben

05-06-2014 21:20

Hallo,
Hoe gaat het hierna?
buuf

05-06-2014 21:25

Hallo,
Ik had eerst last van een scherm die aan en uit ging maar dat is nu wel verholpen door alles wat er is gedaan op de computer.
Ik hoop dat het zo blijft.
Bedankt voor het kijken naar mijn logjes.
Groetjes Buuf
Ben

06-06-2014 10:41

Hallo,
Doe het volgende nog;
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Remove disinfection tools
Purge System Restore
Reset system settings[
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.
fazantje

21-06-2014 21:29

Omdat dit topic is opgelost word het gesloten.
Wilt U Uw topic als nog weer openen, stuur dan een privé bericht naar Ben of Huib (fazantje).
Zij zullen dan het “slotje” er van af halen en het topic is weer geopend
Het AV team.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Is mijn logje schoon??

buuf

Ben

buuf

buuf

Ben

buuf

Ben

buuf

Ben

fazantje