greybob
-
Items
41 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door greybob
-
Dank voor het nieuwe, te bewandelen pad. Ik had ondertussen een USB-stick klaargemaakt, maar onlangs heb ik dit programma al eens gedraaid vanop de Hirens Boot CD 15.2. Weliswaar maar een tiental minuten. Ben nieuwsgierig hoe de resultaten zullen zijn na een nachtje testen..
-
Hierbij de resultaten. De Error Scan gaf voor beide schijven OK aan over heel de lijn.
-
http://speccy.piriform.com/results/ESNRsEadu7ZetA2QnqkSHsl Ik ben zeer benieuwd. Nogmaals dank.
-
Juisterr, Kape, Dit is ook toeval. Ben net gaan grasduinen in de logboeken en onder Windows-logboeken/Toepassing vond ik het volgende: wuaueng.dll (612) SUS20ClientDataStore: Het schrijven naar bestand C:\Windows\SoftwareDistribution\DataStore\DataStore.edb bij offset 205029376 (0x000000000c388000) voor 32768 (0x00008000) bytes is voltooid, maar de verwerking door het besturingssysteem heeft uitzonderlijk lang geduurd (107 seconden). Ook de verwerking van 15 andere I/O-aanvragen naar dit bestand heeft uitzonderlijk lang geduurd, aangezien het laatste bericht over dit probleem 35 seconden geleden is doorgegeven. Dit probleem wordt waarschijnlijk veroorzaakt door beschadigde hardware. Neem contact op met de leverancier van uw hardware voor verdere hulp bij het vaststellen van de oorzaak van het probleem. Wordt mijn vrees dat er een hardware fout in het spel is dan toch bewaarheid? Ik ga nu Speccy installeren en post het resultaat. Dank en groeten,
-
Niet veel beter. Wel geen "reageert niet" meer gehad, maar kan helaas niet uitmaken of het door het script komt. Heb nl. ook geheugenlat verwijderd (zie verder) én Thunderbird gedeïnstlleerd. Maar PC blijft nog steeds hangen: soms onmiddellijk na het opstarten, soms tijdens het alledaagse gebruik. Minutenlang kan er niets geopend worden. Er gebeurt gewoon niets. En dan opeens schieten alle -tijdens de "pauze"- aangeklikte programma's of verwijzingen, in gang. Heb ondertussen Chrome geïnstalleerd, maar ook dat progamma werkt t e r g e n d langzaam. Het is echt niet aangenaam werken. Ik start ook regelmatig Taakbeheer/Prestaties om in het oog te houden of er iets enorm veel processor/geheugen vraagt, maar dat is nooit het geval. Bijkomende info. Toen de problemen met "reageert niet" zich een jaar geleden begonnen te manifesteren, heb ik Win7 Home Premium vervangen met een schone installatie van Win7 Professional. Helaas zonder gunstig resultaat. Was dan op eigen houtje gaan experimenteren met diagnostic programma's en kwam er zo achter dat één van de twee 2GB geheugenlatjes stuk was. Heb dit vervangen door een 4 Gb latje (totaal 6 dus), maar zonder resultaat. Anders was ik niet tot bij jullie gekomen. Heb vorige week wel het oude latje van 2 Gb weggenomen. Spijtig genoeg min of meer samen met het script dat u me toen liet uitvoeren. Kan m.i. dus aan beide ingrepen liggen dat die "reageert niet" nu wegblijft. Nogmaals dank voor al uw info en hulp.
-
Excuus voor mijn late reactie. Hierbij het gevraagde log. Zoek.exe Version 4.0.0.2 Updated 03-June-2013 Tool run by Bob on zo 09/06/2013 at 22:54:35,41. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Files \ Folders ====================== "C:\END" deleted "C:\Program Files (x86)\Vuze_Remote" deleted "C:\Program Files (x86)\Conduit" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader" deleted "C:\Users\Bob\AppData\Local\Conduit" deleted "C:\Users\Bob\AppData\LocalLow\Vuze_Remote" deleted "C:\Users\Bob\AppData\LocalLow\Conduit" deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\zvcxkmtw.default - Clickamp;Clean - %ProfilePath%\extensions\clickclean@hotcleaner.com - Vuze Remote Community Toolbar - %ProfilePath%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi - New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} ==== Firefox Plugins ====================== Profilepath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\zvcxkmtw.default 7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash ==== Deleting Files \ Folders ====================== "C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\zvcxkmtw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}" deleted ==== Chrome Look ====================== Google Docs - Bob - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Bob - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Bob - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Bob - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf New Tab Redirect - Bob - Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna Gmail - Bob - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{993963C0-802A-42B8-A5A4-1E12B537BAFB}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {993963C0-802A-42B8-A5A4-1E12B537BAFB} Yahoo//search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4016790167-2948697978-3886021624-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4016790167-2948697978-3886021624-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\internet explorer\urlsearchhooks\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\users\Bob\AppData\Local\Mozilla\Firefox\Profiles\zvcxkmtw.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\users\Bob\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Bob\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 09/06/2013 at 23:35:44,31 ======================
-
ComboFix 13-05-29.01 - Bob 29/05/2013 11:23:30.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.6135.4730 [GMT 2:00] Gestart vanuit: c:\users\Bob\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . R:\3320_355136_MVM_13.tmp R:\3320_355136_MVM_14.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2013-04-28 to 2013-05-29 )))))))))))))))))))))))))))))) . . 2013-05-29 09:28 . 2013-05-29 09:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-05-29 09:28 . 2013-05-29 09:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-28 10:08 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2FA1977-9CAF-440F-9F56-3102A673ADC1}\mpengine.dll 2013-05-27 10:08 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-24 09:56 . 2013-05-24 09:56 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-05-21 15:37 . 2013-05-21 15:36 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B61AB466-682C-4E36-AD02-B4F896B48F37}\gapaengine.dll 2013-05-21 10:10 . 2013-05-21 10:10 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes 2013-05-21 10:09 . 2013-05-21 10:09 -------- d-----w- c:\programdata\Malwarebytes 2013-05-21 10:09 . 2013-05-21 10:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-05-21 10:09 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-17 13:33 . 2013-05-17 14:48 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-05-17 13:27 . 2013-05-17 13:27 -------- d-----w- c:\users\Bob\AppData\Roaming\Adobe Mini Bridge CS5 2013-05-17 13:27 . 2013-05-17 13:27 -------- d-----w- c:\users\Bob\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2013-05-17 10:37 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-17 10:37 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-17 10:37 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-17 10:36 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-17 10:36 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-17 10:36 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-17 10:36 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-17 10:36 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-17 10:36 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-17 10:36 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-17 10:36 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-17 10:36 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-04-29 16:57 . 2013-05-29 09:28 -------- d-----w- c:\users\Bob\AppData\Local\Temp 2013-04-29 16:57 . 2013-04-29 16:47 24064 ----a-w- c:\windows\zoek-delete.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-17 11:31 . 2012-12-19 16:23 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-17 11:19 . 2012-12-19 12:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-17 11:19 . 2012-12-19 12:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-17 11:19 . 2013-03-24 11:19 9195912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-05-17 10:28 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-09 08:58 . 2013-02-21 13:34 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-02 15:29 . 2012-12-17 19:14 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-24 06:08 . 2013-03-24 11:24 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-04-19 08:32 . 2013-04-18 14:42 28352 ----a-w- c:\windows\SysWow64\drivers\MxlW2k.sys 2013-04-13 19:25 . 2013-01-23 10:49 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-04-13 19:25 . 2013-01-23 10:49 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-13 05:49 . 2013-05-17 10:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-17 10:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-17 10:37 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-17 10:37 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-17 10:37 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-17 10:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 09:46 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-04 03:35 . 2013-04-28 19:26 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-19 06:04 . 2013-04-10 18:38 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 18:38 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 18:38 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 18:38 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 18:38 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 18:38 112640 ----a-w- c:\windows\system32\smss.exe 2013-02-28 12:10 . 2013-02-28 12:10 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-02-28 12:10 . 2013-02-28 12:10 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-02-28 12:10 . 2013-02-28 12:10 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-02-28 12:10 . 2013-02-28 12:10 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-02-28 12:10 . 2013-02-28 12:10 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-02-28 12:10 . 2013-02-28 12:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-02-28 12:10 . 2013-02-28 12:10 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-02-28 12:10 . 2013-02-28 12:10 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-02-28 12:10 . 2013-02-28 12:10 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-02-28 12:10 . 2013-02-28 12:10 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-02-28 12:10 . 2013-02-28 12:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-02-28 12:10 . 2013-02-28 12:10 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-02-28 12:10 . 2013-02-28 12:10 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-02-28 12:10 . 2013-02-28 12:10 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-02-28 12:10 . 2013-02-28 12:10 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-02-28 12:10 . 2013-02-28 12:10 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-02-28 12:10 . 2013-02-28 12:10 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-02-28 12:10 . 2013-02-28 12:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-02-28 12:10 . 2013-02-28 12:10 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-02-28 12:10 . 2013-02-28 12:10 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-02-28 12:10 . 2013-02-28 12:10 81408 ----a-w- c:\windows\system32\icardie.dll 2013-02-28 12:10 . 2013-02-28 12:10 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-02-28 12:10 . 2013-02-28 12:10 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-02-28 12:10 . 2013-02-28 12:10 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-02-28 12:10 . 2013-02-28 12:10 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-02-28 12:10 . 2013-02-28 12:10 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-02-28 12:10 . 2013-02-28 12:10 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-02-28 12:10 . 2013-02-28 12:10 441856 ----a-w- c:\windows\system32\html.iec 2013-02-28 12:10 . 2013-02-28 12:10 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-02-28 12:10 . 2013-02-28 12:10 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-28 12:10 . 2013-02-28 12:10 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-02-28 12:10 . 2013-02-28 12:10 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-02-28 12:10 . 2013-02-28 12:10 235008 ----a-w- c:\windows\system32\url.dll 2013-02-28 12:10 . 2013-02-28 12:10 216064 ----a-w- c:\windows\system32\msls31.dll 2013-02-28 12:10 . 2013-02-28 12:10 197120 ----a-w- c:\windows\system32\msrating.dll 2013-02-28 12:10 . 2013-02-28 12:10 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-28 12:10 . 2013-02-28 12:10 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-02-28 12:10 . 2013-02-28 12:10 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-28 12:10 . 2013-02-28 12:10 149504 ----a-w- c:\windows\system32\occache.dll 2013-02-28 12:10 . 2013-02-28 12:10 144896 ----a-w- c:\windows\system32\wextract.exe 2013-02-28 12:10 . 2013-02-28 12:10 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-02-28 12:10 . 2013-02-28 12:10 13824 ----a-w- c:\windows\system32\mshta.exe 2013-02-28 12:10 . 2013-02-28 12:10 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-02-28 12:10 . 2013-02-28 12:10 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-02-28 12:10 . 2013-02-28 12:10 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-02-28 12:10 . 2013-02-28 12:10 102912 ----a-w- c:\windows\system32\inseng.dll 2013-02-28 12:10 . 2013-02-28 12:10 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-02-28 12:10 . 2013-02-28 12:10 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-02-28 12:10 . 2013-02-28 12:10 48640 ----a-w- c:\windows\system32\mshtmler.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "hpqSRMon"=c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys [2012-08-13 25704] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-08-20 19032] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-08-20 12384] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-17 1255736] S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2009-02-09 333864] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2012-06-22 386344] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-04-23 3574624] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-03-22 93072] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2009-10-20 114608] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 SPC630;Philips SPC630NC PC Camera;c:\windows\system32\drivers\SPC630.sys [2008-07-07 587264] S3 SPC630m;Philips SPC630NC PC Cameram;c:\windows\system32\drivers\SPC630m.sys [2008-07-07 8192] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 11:19] . 2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24 15:14] . 2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24 15:14] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: Interfaces\{141CD2B2-F149-48B2-8A3F-FDFF0A79C7D8}: NameServer = 193.174.208.135,193.121.171.135 FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\zvcxkmtw.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - ExtSQL: 2013-04-17 12:34; clickclean@hotcleaner.com; c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\zvcxkmtw.default\extensions\clickclean@hotcleaner.com FF - ExtSQL: !HIDDEN! 2012-12-18 15:50; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS VERWIJDERD - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-PokkiDownloadHelper - c:\users\Bob\AppData\Local\Pokki\Download Helper\PokkiDownloadHelper.exe . . "ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z [\]^_È\00\00È\00\00\00\00\03\00JKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~È\00\00È\00\00\00\00l\00\00\00\00\00\00\00\00‘’“" . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-05-29 11:29:58 ComboFix-quarantined-files.txt 2013-05-29 09:29 . Pre-Run: 894.563.033.088 bytes beschikbaar Post-Run: 894.464.827.392 bytes beschikbaar . - - End Of File - - DBBE2EBD864556CBE2A1EDC333FB8439
-
Had me voorgenomen om straks uw Combofix te runnen, maar PC kreeg weer kuren. Ben eens gaan kijken in taakbeheer in de hoop verdachte sporen te vinden, maar als leek is dat niet zo evident. Al vind ik een aantal dubbele vermeldingen toch eigenaardig: 2x csrss, 2x FlashPlayerPlugin, 2x GoogleCrashHandler,... Een printscreen vindt u hierna, maar eigenlijk is dit de tweede keer dat ik u DIT bericht probeer toe te sturen. Zonet drukte ik op de knop Meer Opties (tussen Snel reageren en Annuleren) en toen werd heel de printscreen vervangen door letters, cijfers en enkele groene smileys. Zoveel zelfs dat ik ze niet allemaal kon selecteren. Vandaar deze tweede poging. Strange, zou ik denken. Toch nog eens bedankt voor alle moeite tot nu toe. bOb PC Helpforum moderator bericht: rommel verwijderd - - - Updated - - - Oeps. Printscreen is weer vervangen door die rotzooi, zie ik. Ik voeg daarom een knipsel bij.
-
Ondanks het feit dat Avast niet actief was, dat Microsoft Security Essentials uitgeschakeld werd en ook Malwarebytes Anti Malware, meldt Combofix dat MSE nog steeds actief is. Via msconfig werd alles uitgeschakeld bij "Opstarten" en werd nogmaals nagekeken in taakbeheer of de vermelde processen wel degelijk stillagen. Toch blijft de boodschap komen: Kan ik veilig verderwerken?
-
Helaas niet. Ik heb zelfs de indruk dat dubbelklikken op een icoon om een prog op te starten, nu ook moeizamer gaat: het gehighlighte icoon "dooft" terug uit en pas een 5-tal seconden later start het gekozen prog ook echt op.
-
Emsisoft Emergency Kit - Versie 3.0 Laatste Update: 21/05/2013 13:42:17 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\, R:\, S:\, T:\, V:\ Detecteer riskware: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 21/05/2013 13:44:29 C:\RobsDocs\Mijn documenten Bob\Mijn ontvangen bestanden\Arcade Games\rmaa52.exe Ontdekt: Adware.Win32.BetterInternet.AMN (A) C:\RobsDocs\Mijn documenten Bob\Mijn ontvangen bestanden\FLV Converter\Setup_FreeFlvConverter.exe Ontdekt: Trojan.Downloader.Win32.Banload.brft.AMN (A) R:\Mijn documenten Bob\Mijn ontvangen bestanden\Arcade Games\rmaa52.exe Ontdekt: Adware.Win32.BetterInternet.AMN (A) R:\Mijn documenten Bob\Mijn ontvangen bestanden\FLV Converter\Setup_FreeFlvConverter.exe Ontdekt: Trojan.Downloader.Win32.Banload.brft.AMN (A) Gescand 638696 Gevonden 4 Scan geëindigd: 21/05/2013 17:03:17 Scantijd: 3:18:48 C:\RobsDocs\Mijn documenten Bob\Mijn ontvangen bestanden\FLV Converter\Setup_FreeFlvConverter.exe Verwijderd Trojan.Downloader.Win32.Banload.brft.AMN (A) R:\Mijn documenten Bob\Mijn ontvangen bestanden\FLV Converter\Setup_FreeFlvConverter.exe Verwijderd Trojan.Downloader.Win32.Banload.brft.AMN (A) C:\RobsDocs\Mijn documenten Bob\Mijn ontvangen bestanden\Arcade Games\rmaa52.exe Verwijderd Adware.Win32.BetterInternet.AMN (A) R:\Mijn documenten Bob\Mijn ontvangen bestanden\Arcade Games\rmaa52.exe Verwijderd Adware.Win32.BetterInternet.AMN (A) Verwijderd 4
-
Beste Juisterr, Kan ik zelf nog iets aanleveren om de oorzaak te helpen vinden? Dank en groeten, bOb
-
Was niet vertrouwd met dit prog. Hier de link: sample_20132904_1849.zip downloaden Grtz bOb
-
Juisterr, Ik moet ff de rol lossen. U vraagt om "dit" bestand te uploaden. Welk bestand bedoelt u precies? Grtz. bOb
-
Beste oude trol, Dank voor je snelle reactie. Het gevraagde logbestand vindt je hierna. In het vorige antwoord zag u niks verkeerds, maar als leek huiverde ik toch bij de regels die "file missing" vermeldden. Ondertussen speel ik met een vermoeden richting hardware, maar wellicht wacht ik best uw analyse af van de onderstaande log af. Vriendelijke groet, bOb Zoek.exe Version 4.0.0.2 Updated 23-04-2013 Tool run by Bob on ma 29/04/2013 at 18:47:03,02. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Creating Sample_20132904_1849.zip ====================== Copied file C:\Users\Bob\310.70-desktop-win8-win7-winvista-64bit-international-whql.exe to sample sample\310.70-desktop-win8-win7-winvista-64bit-international-whql.exe renamed to 2C37845F5CBD848AC6F4672CE622490F C:\Users\Public\Desktop\sample_20132904_1849.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4016790167-2948697978-3886021624-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\zvcxkmtw.default user.js not found ---- Lines WebSearch removed from prefs.js ---- user_pref("extensions.toolbar.mindspark._39Members_.homepage", "http://home.mywebsearch.com/index.jhtml?ptb=86BCDD03-988F-4471-AC1E-6FA90036E313&n=77fc4226&p2=^UX^xdm170^YY^be&si=MDFIG11"); ---- Lines WebSearch modified from prefs.js ---- ---- Lines search.com removed from prefs.js ---- ---- Lines search.com modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_20132904_1854_.backup ==== Deleting Files \ Folders ====================== "C:\END" deleted "C:\Users\Public\Desktop\YTD Video Downloader.lnk" deleted "C:\Users\Bob\310.70-desktop-win8-win7-winvista-64bit-international-whql.exe" deleted "C:\Users\Bob\AppData\Roaming\Lite" deleted "C:\Users\Bob\AppData\Local\PackageAware" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Bob\AppData\Local\Temp ==== 2013-04-29 07:48:00 5C8BF1592A4582BC4B4ADA1803646ADA 7672792 ----a-w- C:\Users\Bob\AppData\Local\Temp\Foxit Reader Updater.exe ====== C:\Windows\SysWOW64 ===== 2013-04-28 19:26:40 8255AD29A44B2E14B2DD99319F92A0AB 95648 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ====== C:\Windows\SysWOW64\drivers ===== 2013-04-18 14:42:31 88F57A15B786BF2AF9458F7903768085 28352 ----a-w- C:\Windows\SysWOW64\drivers\MxlW2k.sys ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2013-04-24 09:46:18 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys 2013-04-13 19:05:53 7E44C2684A6CA779B9D07CB4BD3F649D 178624 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys 2013-04-13 19:05:49 DE6759B8D8E62BF0FFF2B05F05AFCEE6 65336 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys 2013-04-10 18:38:23 8F6322049018354F45F05A2FD2D4E5E0 223752 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys ====== C:\Windows\Tasks ====== 2013-04-24 15:14:42 28F983D2A7EEAD8E529D588B46157B52 1050 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-24 15:14:41 73E04AD0921E47E5756FC451A49186B8 1046 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-04-05 01:01:07 -------- d-----w- C:\Program Files\Microsoft Silverlight 2013-04-03 10:47:15 -------- d-----w- C:\Program Files\CyberLink ======= C:\Program Files (x86) ===== 2013-04-24 15:14:38 -------- d-----w- C:\Program Files (x86)\Google 2013-04-18 15:58:43 -------- d-----w- C:\Program Files (x86)\MP3Gain 2013-04-18 15:26:27 -------- d-----w- C:\Program Files (x86)\Lame For Audacity 2013-04-18 15:02:07 -------- d-----w- C:\Program Files (x86)\Audacity 2013-04-13 19:11:29 -------- d-----w- C:\Program Files (x86)\Common Files\Skype 2013-04-10 22:28:43 -------- d-----w- C:\Program Files (x86)\Microsoft.NET 2013-04-07 20:13:48 -------- d-----w- C:\Program Files (x86)\TagScanner 2013-04-05 01:01:07 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight 2013-04-04 10:34:09 -------- d-----w- C:\Program Files (x86)\Mozilla Thunderbird 2013-04-03 10:50:27 -------- d-----w- C:\Program Files (x86)\Cyberlink ======= C: ===== 2013-04-12 16:46:02 7FBA17F06BC60A3988F41F4C56A4142F 8294454 ----a-w- C:\Zumba.bmp ====== C:\Users\Bob\AppData\Roaming ====== 2013-04-24 15:19:48 -------- d-----w- C:\users\Bob\AppData\Locallow\Google 2013-04-24 15:14:38 -------- d-----w- C:\users\Bob\AppData\Local\Google 2013-04-20 18:45:30 -------- d-----w- C:\users\Bob\AppData\Local\GHISLER 2013-04-18 15:58:44 -------- d-----w- C:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain 2013-04-18 15:00:29 -------- d-----w- C:\users\Bob\AppData\Roaming\Audacity 2013-04-07 20:21:34 -------- d-----w- C:\users\Bob\AppData\Roaming\Mp3tag 2013-04-03 10:53:25 -------- d-----w- C:\users\Bob\AppData\Roaming\CyberLink ====== C:\Users\Bob ====== 2013-04-29 10:33:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2013-04-27 19:21:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2013-04-26 21:01:26 -------- d-s---w- C:\Users\Bob\Google Drive 2013-04-26 20:56:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2013-04-24 15:19:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2013-04-20 19:40:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2013-04-18 15:58:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain 2013-04-13 19:05:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus 2013-04-07 20:13:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner 2013-04-05 01:06:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2013-04-03 10:53:28 -------- d-----w- C:\Users\Public\CyberLink 2013-04-03 10:52:11 -------- d-----w- C:\ProgramData\CyberLink 2013-04-03 10:50:34 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 2013-04-03 10:46:30 -------- d-----w- C:\ProgramData\CLSK ====== C: exe-files == 2013-04-29 07:48:00 5C8BF1592A4582BC4B4ADA1803646ADA 7672792 ----a-w- C:\Users\Bob\AppData\Local\Temp\Foxit Reader Updater.exe 2013-04-27 19:21:52 C17DA0BE97FC9F3C05FDE7BF3C5618D1 96216 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe 2013-04-27 19:21:48 5C8BF1592A4582BC4B4ADA1803646ADA 7672792 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Updater.exe 2013-04-27 19:21:46 0E4F7E2437FC70F9703A424B9DBF163C 33846744 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe 2013-04-27 19:21:45 7FC062F566DBEE26A6DF69119C93B7B9 755672 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\UninstallPrint.exe 2013-04-27 19:21:45 0813008B0924F69873BF2F2B1BEFC9CC 60376 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\FXC_ProxyProcess.exe 2013-04-27 19:21:42 1F34C47823497A3538D51F2FEC555B58 1904088 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe 2013-04-24 15:18:34 55A65D7370AD0EADCAC97181539A8F08 25406864 ----a-w- C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.1.1.1580.exe 2013-04-24 15:14:39 74E337FFEB2B34043F8499D2F3DE03A8 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe 2013-04-24 15:14:39 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 2013-04-24 15:14:39 43F58F0A466D23A92CE59E24E5DD146D 774600 ----a-w- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleUpdateSetup.exe 2013-04-24 15:14:39 376ECCCE33C2C232112DE830E3C81763 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleUpdateBroker.exe 2013-04-24 15:14:38 BECDDA0990DEBD72A30096533521AD73 213384 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe 2013-04-24 15:14:38 B676429E44F2F8ACC3BAE7C89F46B212 281480 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe 2013-04-24 15:14:38 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleUpdate.exe 2013-04-24 08:17:28 08998554F2DBE7084AB9C9B21DBC4447 1286039 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe === C: other files == 2013-04-29 16:53:20 A58C71820BB9ECCEB9C2854DB173CA64 220176366 ----a-w- C:\Users\Public\Desktop\sample_20132904_1849.zip 2013-04-29 10:10:48 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Bob\AppData\Local\Temp\_MEI39722\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2013-04-29 08:55:02 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Bob\AppData\Local\Temp\_MEI40002\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2013-04-24 09:46:18 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-4016790167-2948697978-3886021624-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "hpqSRMon"="C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqSRMon.exe" "AdobeCS5ServiceManager"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5ServiceManager\\CS5ServiceManager.exe\" -launchedbylogin" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeBridge] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeBridge" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Adobe\\Adobe Bridge CS5\\Bridge.exe\" -stealth" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Akamai NetSession Interface" "hkey"="HKCU" "command"="\"C:\\Users\\Bob\\AppData\\Local\\Akamai\\netsession_win.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avast] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avast" "hkey"="HKLM" "command"="\"C:\\Program Files\\AVAST Software\\Avast\\avastUI.exe\" /nogui" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\beid] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="beid" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Belgium Identity Card\\beid35gui.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpqSRMon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpqSRMon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqSRMon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaSuite.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NokiaSuite.exe" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Nokia\\Nokia Suite\\NokiaSuite.exe -tray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSDMonitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SSDMonitor" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\PC Tools\\sMonitor\\SSDMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TomTomHOME.exe" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WinampAgent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\"" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "AdobeAAMUpdater-1.0"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/04/2013 14:18] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/04/2013 17:14] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/04/2013 17:14] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\zvcxkmtw.default - avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF - Clickamp;Clean - %ProfilePath%\extensions\clickclean@hotcleaner.com - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi - New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\zvcxkmtw.default F7E72D3A281F922BACEC1A71A826D4C2 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll - Shockwave Flash ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{993963C0-802A-42B8-A5A4-1E12B537BAFB}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {993963C0-802A-42B8-A5A4-1E12B537BAFB} Yahoo//search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Bob\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe C:\Users\Bob\Desktop\Downloads.lnk - R:\Mijn documenten Bob\Mijn ontvangen bestanden C:\Users\Bob\Desktop\Google Drive.lnk - C:\Users\Bob\Google Drive C:\Users\Bob\Desktop\Photoshop CS5 (64 Bit).lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe C:\Users\Bob\Desktop\TagScanner.lnk - C:\Program Files (x86)\TagScanner\Tagscan.exe C:\Users\Bob\Desktop\WakeMeOnLan.exe - Snelkoppeling.lnk - R:\Mijn documenten Bob\Mijn ontvangen bestanden\Wake-sleep on lan\wakemeonlan\WakeMeOnLan.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\avast Free Antivirus.lnk - C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\CyberLink PowerDirector.lnk - C:\Program Files (x86)\CyberLink\PowerDirector\PDR9.exe C:\Users\Public\Desktop\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Users\Public\Desktop\TeamViewer 8.lnk - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk - C:\Windows\System32\fsquirt.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast Free Antivirus.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility\Bulk Rename Utility.lnk - C:\Program Files (x86)\Bulk Rename Utility\Bulk Rename Utility.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector\PowerDirector.lnk - C:\Program Files (x86)\CyberLink\PowerDirector\PDR9.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in DirectX-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in OpenGL-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setOGL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth verwijderen.lnk - C:\Windows\SysWOW64\msiexec.exe /x {0A844D8F-A965-11E2-9E77-B8AC6F98CCE3} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain\MP3Gain Help.lnk - C:\Program Files (x86)\MP3Gain\MP3Gain.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain\MP3Gain.lnk - C:\Program Files (x86)\MP3Gain\MP3GainGUI.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain\Uninstall MP3Gain.lnk - C:\Program Files (x86)\MP3Gain\uninst-mp3gain.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Verwijder Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner\TagScanner on the Web.lnk - C:\Program Files (x86)\TagScanner\Tagscan.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner\TagScanner.lnk - C:\Program Files (x86)\TagScanner\Tagscan.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner\Uninstall TagScanner.lnk - C:\Program Files (x86)\TagScanner\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\TomTom HOME 2.lnk - C:\Windows\Installer\{EC5F4C1B-F838-4CB7-8561-8F809296428B}\NewShortcut1_BB5D96B1D05B428EBAD4A437B7244768.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\Verwijder TomTom HOME 2.lnk - C:\Windows\SysWOW64\msiexec.exe /x {EC5F4C1B-F838-4CB7-8561-8F809296428B} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in Quick Launch ====================== C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\users\Bob\AppData\Local\Mozilla\Firefox\Profiles\zvcxkmtw.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Bob\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied
-
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:24:32, on 29/04/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe R:\Mijn documenten Bob\Mijn ontvangen bestanden\Hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{141CD2B2-F149-48B2-8A3F-FDFF0A79C7D8}: NameServer = 193.174.208.135,193.121.171.135 O17 - HKLM\System\CS1\Services\Tcpip\..\{141CD2B2-F149-48B2-8A3F-FDFF0A79C7D8}: NameServer = 193.174.208.135,193.121.171.135 O17 - HKLM\System\CS2\Services\Tcpip\..\{141CD2B2-F149-48B2-8A3F-FDFF0A79C7D8}: NameServer = 193.174.208.135,193.121.171.135 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10532 bytes
