chrisv

Zoek.exe v5.0.0.0 Updated 20-Januari-2014 Tool run by C on ma 20-01-2014 at 6:38:13,48. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\C\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-01-19-180242.log 33573 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Hosts_Anti_Adwares_PUPs deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman" [28-10-2013 21:41] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default 2557FBC582910A71CDEB0F22886D118D - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash BAD62EC082FBC9BF6D54FAB91E53A35A - C:\Program Files\Bitdefender\Bitdefender\Antispam32\npcomm.dll - BitDefender 16 ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx[18-12-2013 22:16] omaonpoimgkmbllpdihbnmgphjoipdhf - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx[01-05-2012 21:45] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.seniorweb.nl/" "Search Bar"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.seniorweb.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {99103325-58A0-4DB9-A9C4-CA5474A3A9D3} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB" ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\C\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\C\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\C\AppData\Local\Mozilla\Firefox\Profiles\ayqcbdhb.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=108 folders=27 40835652 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\C\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\C\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 20-01-2014 at 7:04:22,23 ======================

Bij deze het logje groet, chrisv Zoek.exe v5.0.0.0 Updated 18-Januari-2014 Tool run by C on zo 19-01-2014 at 18:50:30,43. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\C\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 19-1-2014 18:54:47 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\Users\C\AppData\Roaming\QuickScan deleted successfully ==== Installed Programs ====================== 7-Zip 9.20 (x64 edition) Acronis True Image 2014 Adobe Flash Player 12 Plugin Apple Application Support Apple Mobile Device Support Apple Software Update Ashampoo AppLauncher (Medion) v.1.0.0 Bitdefender Total Security CCleaner Classic Shell CyberLink Home Cinema 10 CyberLink LabelPrint 2.5 CyberLink MediaEspresso 6.5 CyberLink PhotoDirector 3 CyberLink Power2Go 8 CyberLink PowerDirector 11 CyberLink PowerDVD 10 CyberLink PowerDVD Copy 1.5 CyberLink PowerRecover CyberLink YouCam 5 D3DX10 Dolby Digital Plus Home Theater Fotogalerie Fotogalerija Fot¢t r Foxit Reader FWdriver_v 1.01 Galerie de photos Google Desktop Harmony Browser Plug-in HitmanPro 3.7 Intel® Management Engine Components Intel® PRO/Wireless Driver Intel® PROSet/Wireless for Bluetooth® + High Speed Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1335.5) Intel® Rapid Storage Technology Intel© PROSet/Wireless WiFi Software Intel© Trusted Connect Service Client iTunes Kobo Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker Mozilla Firefox 26.0 (x86 nl) Mozilla Maintenance Service MSVCRT MSVCRT110 MSVCRT110_amd64 Photo Common Photo Gallery PhotoFiltre 7 Raccolta foto Realtek Card Reader Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Secunia PSI (3.0.0.7009) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Wipe ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\SysWOW64\crytsrv10.exe C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe C:\Program Files (x86)\FWdriver_v\POSHXMain.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Users\C\Desktop\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2014-01-12 10:11:20 D9F551D51350364EBF9D235F50FAD5A2 392727407 ----a-w- C:\WINDOWS\MEMORY.DMP ====== C:\Users\C\AppData\Local\Temp ==== 2014-01-18 19:37:34 FBC207AD85D053D4FD9DD93C595D1A1D 285455 ----a-w- C:\Users\C\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe 2014-01-18 17:19:45 A3F2FA2017E978BEA7AE7261CE578A40 17888136 ----a-w- C:\Users\C\AppData\Local\Temp\fp_pl_pfs_installer.exe 2014-01-18 13:07:19 76874123C258B0FE7A5E7E8F71555D52 10264904 ----a-w- C:\Users\C\AppData\Local\Temp\HitmanPro_x64.exe 2014-01-18 13:01:27 76874123C258B0FE7A5E7E8F71555D52 10264904 ----a-w- C:\Users\C\AppData\Local\Temp\HitmanPro.exe ====== C:\WINDOWS\SysWOW64 ===== 2014-01-16 18:33:17 7FA3046AC2751A408899EFD331FE1980 479744 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2014-01-16 18:33:16 6A7D239E3A3B90818B9BFE7B7CCD4BFC 584192 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2014-01-16 18:33:10 9EA661DB9B393F46046D6181A3DDC4AD 2804528 ----a-w- C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2014-01-16 18:33:07 BEFC9EE0724E53E004A6316C20931F99 2142936 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2014-01-16 18:33:06 A6A82DE8976069DBA0256AE5327110B5 1371312 ----a-w- C:\WINDOWS\SysWOW64\combase.dll 2014-01-16 18:33:06 2E6C68B92DFB0A95771F6DD7A4179FFE 13925888 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-01-16 18:33:04 E0C156E4380CE5C64CFBF2650895038D 18642504 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2014-01-16 18:33:03 72B3380DA5EA53028501F3B94E421FBB 2295808 ----a-w- C:\WINDOWS\SysWOW64\authui.dll 2014-01-16 18:33:02 D11A05032C28EE7588C135ECF7B49E81 1204968 ----a-w- C:\WINDOWS\SysWOW64\winmde.dll 2014-01-16 18:33:02 15DF7EF29273464E6112E7A131537BCD 669344 ----a-w- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-01-16 18:33:01 FF73CDC3F09904D82B0CCC1CA750CD02 218112 ----a-w- C:\WINDOWS\SysWOW64\Windows.Graphics.dll 2014-01-16 18:33:01 CF4C3815E577C7DC32BB8DB90F0B34C1 552624 ----a-w- C:\WINDOWS\SysWOW64\oleaut32.dll 2014-01-16 18:33:01 C85EA737B20BEDC46CBA748DCE115184 433664 ----a-w- C:\WINDOWS\SysWOW64\mfds.dll 2014-01-16 18:33:01 92124EF7B1BF5492EFCA17B3A208E4F4 663680 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2014-01-16 18:33:00 ECD4A3F754224C954D3D19B6ECBFE5AA 513536 ----a-w- C:\WINDOWS\SysWOW64\rastls.dll 2014-01-16 18:33:00 4E556E5490191ED9B771576D9221A461 273920 ----a-w- C:\WINDOWS\SysWOW64\msieftp.dll 2014-01-16 18:33:00 48B8013201B1846F893A83606248A8CC 336384 ----a-w- C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-01-16 18:33:00 06730D9C233B01E2F99C1BE2461629F7 980480 ----a-w- C:\WINDOWS\SysWOW64\mispace.dll 2014-01-16 10:33:12 22D6B8C3DAA687E32363A69E82CAC2C9 105464 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-16 09:00:01 14F0A1D5E7E73F43B92FD75725A3C202 693240 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-01-15 09:14:22 ED8ED1CE6CAB56103230E2097763DC2B 695808 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll 2014-01-15 09:14:21 B6D28E8DC13F9EAF8B74BDB4F3DD9781 174592 ----a-w- C:\WINDOWS\SysWOW64\WSClient.dll 2014-01-15 09:14:19 73D0837E97CD7368BCA7DE4E373B8503 103936 ----a-w- C:\WINDOWS\SysWOW64\OEMLicense.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-01-16 18:33:27 2B76F592B005FE7CF89B87643FDAB47E 115712 ----a-w- C:\WINDOWS\Sysnative\winbici.dll 2014-01-16 18:33:18 0E0796E3413D38A396B1C1591CE2B72E 4191232 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2014-01-16 18:33:16 F242938F69AA25B8ECD0D9E342799802 637952 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe 2014-01-16 18:33:16 5905265F56C14E67D193DB4D53451154 4106240 ----a-w- C:\WINDOWS\Sysnative\SyncEngine.dll 2014-01-16 18:33:16 2EAF0A1F9E4DF34862CC5A2B5437E450 744448 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll 2014-01-16 18:33:15 5F9799975EAB95431BF78428B26B4FF6 21196664 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2014-01-16 18:33:10 32370AF583EC8B24D790E1B9201D6811 3210528 ----a-w- C:\WINDOWS\Sysnative\msmpeg2vdec.dll 2014-01-16 18:33:10 013BB1B12833CD646175312307768F93 18577920 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2014-01-16 18:33:07 CA336E6ABF539A6D14DA3C49DDD24696 2131120 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2014-01-16 18:33:07 3E7B2C9026986C821E507A3319EA1D80 1928144 ----a-w- C:\WINDOWS\Sysnative\combase.dll 2014-01-16 18:33:06 9FF95D589B5626852CECA2444C5C5A58 2617344 ----a-w- C:\WINDOWS\Sysnative\authui.dll 2014-01-16 18:33:04 D33E2A482C47ABFDD80185DD9C8C06F1 1399176 ----a-w- C:\WINDOWS\Sysnative\winmde.dll 2014-01-16 18:33:04 728D3349FAB251B0265EFA55C67DCA2D 1503232 ----a-w- C:\WINDOWS\Sysnative\wlansvc.dll 2014-01-16 18:33:02 FCB3BD54917D36FE79DFDF0ED7ACBEBB 764856 ----a-w- C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll 2014-01-16 18:33:02 EF276593AD1BDF5A99032F62D6272848 834048 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll 2014-01-16 18:33:02 D65B1C952AEB864C2BAC7A770B17ECCE 282112 ----a-w- C:\WINDOWS\Sysnative\SystemEventsBrokerServer.dll 2014-01-16 18:33:02 A6207A88B596F726DE558425F3B7E592 263168 ----a-w- C:\WINDOWS\Sysnative\bisrv.dll 2014-01-16 18:33:02 40B228D05DB02F4A5F2452600999F53F 809872 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll 2014-01-16 18:33:02 39435F4007F1CEDEF04356892B18D174 202240 ----a-w- C:\WINDOWS\Sysnative\ubpm.dll 2014-01-16 18:33:02 1A1B60D269F745C021F69564B5906AD0 1374384 ----a-w- C:\WINDOWS\Sysnative\wmpmde.dll 2014-01-16 18:33:01 FF9F658A51CAD74C25AF83038DBD735D 306688 ----a-w- C:\WINDOWS\Sysnative\msieftp.dll 2014-01-16 18:33:01 E18E9C9EBCFCA456B74BB6A80B1DB226 1415680 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2014-01-16 18:33:01 B9FC41CEC711DC0E1BFE927EEDC49176 745336 ----a-w- C:\WINDOWS\Sysnative\oleaut32.dll 2014-01-16 18:33:01 B818F6F3CA67E4BD278EDE5600BDD65E 461824 ----a-w- C:\WINDOWS\Sysnative\XpsGdiConverter.dll 2014-01-16 18:33:01 91433B44B1EF301E7DD696EB5281BC20 589824 ----a-w- C:\WINDOWS\Sysnative\rastls.dll 2014-01-16 18:33:01 78AB9F5DC27E317F0B34C45D54ABB6B2 32088 ----a-w- C:\WINDOWS\Sysnative\ploptin.dll 2014-01-16 18:33:01 660891FFB1B22FF39AADB3F45CE15D45 470016 ----a-w- C:\WINDOWS\Sysnative\mfds.dll 2014-01-16 18:33:01 54A9F4AC86F2A4E7C3ADE47CAE5DE8E0 136704 ----a-w- C:\WINDOWS\Sysnative\psmsrv.dll 2014-01-16 18:33:01 34F8F7A0B782798F6A9511157BCC3E32 273408 ----a-w- C:\WINDOWS\Sysnative\Windows.Graphics.dll 2014-01-16 18:33:00 CD45E3FE736150D45EFDC9145DA53757 24064 ----a-w- C:\WINDOWS\Sysnative\bi.dll 2014-01-16 18:33:00 BDE4ABD3AB4171CECADFD38F392E656C 1227264 ----a-w- C:\WINDOWS\Sysnative\mispace.dll 2014-01-16 18:33:00 AD95F86C8D1843BE653F89FDE213F9E7 207872 ----a-w- C:\WINDOWS\Sysnative\deviceregistration.dll 2014-01-16 18:33:00 4B916278E1487A5CD5F8F9A521980026 385614 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml 2014-01-15 09:14:23 D8E3A4701376CCFD0BE542D745FA4809 3395920 ----a-w- C:\WINDOWS\Sysnative\WSService.dll 2014-01-15 09:14:22 E3E168E733B0E8383BA5635542FDB96F 848384 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll 2014-01-15 09:14:22 294AAE73D0D7BDAACC5224BC7334077B 206336 ----a-w- C:\WINDOWS\Sysnative\WSClient.dll 2014-01-15 09:14:21 3E245CCA42D78B9626A79FE77E111D7B 84480 ----a-w- C:\WINDOWS\Sysnative\WSCollect.exe 2014-01-15 09:14:20 30AE1D2A418A6C128CF3BD6EA37354DB 138240 ----a-w- C:\WINDOWS\Sysnative\OEMLicense.dll 2014-01-15 09:14:16 EF5A9D7523E4530D2030D4EA2D90FEC3 787968 ----a-w- C:\WINDOWS\Sysnative\uDWM.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2014-01-16 18:33:07 3D9A5AC880D7AA2305812D665D24ED23 2551128 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-01-16 18:33:02 ED39D676080A1AEA755F1DEC1A8DF1A4 1119064 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys 2014-01-16 18:33:02 79B6F3DF7CDFD12159871FF71464F0CE 403456 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2014-01-16 18:33:01 B7342B3C58E91107F6E946A93D9D4EFD 142848 ----a-w- C:\WINDOWS\Sysnative\drivers\ipnat.sys 2014-01-16 18:33:01 4628B415A84EA9D4D396A56F1D0CB6C6 142680 ----a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS 2014-01-16 18:33:00 1C89EF529DB7DCA98E801EFDCC8437DE 19456 ----a-w- C:\WINDOWS\Sysnative\drivers\BtaMPM.sys 2014-01-09 21:42:18 38CB343BBE9586306A7CC01E6793727B 9122384 ----a-w- C:\WINDOWS\Sysnative\drivers\Netwfw02.dat 2014-01-09 21:42:16 B1ED085EC13B68EFC006D609EC705D8C 3607520 ----a-w- C:\WINDOWS\Sysnative\drivers\NETwbw02.sys 2013-12-28 16:04:34 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2013-12-28 16:02:05 8E98D21EE06192492A5671A6144D092F 33240 ----a-w- C:\WINDOWS\Sysnative\drivers\GEARAspiWDM.sys 2013-12-24 13:37:50 370A6907DDF79532A39319492B1FA38A 231376 ----a-w- C:\WINDOWS\Sysnative\drivers\truecrypt.sys ====== C:\WINDOWS\Tasks ====== 2014-01-15 21:00:47 018C164568007461A6C472A64B589521 3576 ----a-w- C:\WINDOWS\Sysnative\Tasks\Bitdefender Autoscan 2013-12-28 20:14:51 222A8A7BFD8EE88E3ECB4216D42B9412 3828 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player Updater 2013-12-28 20:14:51 12B585A653B1C5D8B86D16D3C343AB75 940 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-12-28 16:00:22 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Apple ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-01-18 13:07:49 -------- d-----w- C:\Program Files\HitmanPro 2014-01-12 16:07:30 -------- d-----w- C:\Program Files\trend micro 2013-12-28 16:01:34 -------- d-----w- C:\Program Files\iPod 2013-12-28 16:01:33 -------- d-----w- C:\Program Files\iTunes 2013-12-28 15:59:50 -------- d-----w- C:\Program Files\Common Files\Apple ======= C:\PROGRA~2 ===== 2014-01-18 19:37:35 -------- d-----w- C:\PROGRA~2\Hosts_Anti_Adwares_PUPs 2014-01-17 07:26:43 -------- d-----w- C:\PROGRA~2\ESET 2014-01-16 20:25:27 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2014-01-12 09:07:43 -------- d-----w- C:\PROGRA~2\SciLor's grooveshark.com Downloader 2013-12-28 16:01:33 -------- d-----w- C:\PROGRA~2\iTunes 2013-12-28 16:00:14 -------- d-----w- C:\PROGRA~2\Apple Software Update 2013-12-28 15:59:18 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple 2013-12-26 11:30:05 -------- d-----w- C:\PROGRA~2\Kobo ======= C: ===== ====== C:\Users\C\AppData\Roaming ====== 2014-01-18 17:20:56 -------- d-----w- C:\Users\C\AppData\Local\Adobe 2014-01-16 17:09:26 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp 2014-01-16 17:09:26 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp 2014-01-16 17:09:26 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-01-16 17:09:26 -------- d-----w- C:\Users\C\AppData\Local\Temp 2014-01-16 17:09:26 -------- d-----w- C:\Users\Administrator\AppData\Local\Temp 2014-01-01 16:30:37 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\PnrpSqm 2013-12-28 16:02:22 -------- d-----w- C:\Users\C\AppData\Roaming\Apple Computer 2013-12-28 16:02:22 -------- d-----w- C:\Users\C\AppData\Local\Apple Computer 2013-12-28 16:00:18 -------- d-----w- C:\Users\C\AppData\Local\Apple 2013-12-28 16:00:02 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Apple Computer 2013-12-26 17:11:02 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking 2013-12-26 17:10:52 -------- d-----w- C:\Users\C\AppData\Roaming\CyberLink 2013-12-26 11:30:36 -------- d-----w- C:\Users\C\AppData\Local\Kobo 2013-12-24 13:38:30 -------- d-----w- C:\Users\C\AppData\Roaming\TrueCrypt ====== C:\Users\C ====== 2014-01-18 19:31:34 246FE58EFFD357B2078842708155E46C 1236282 ----a-w- C:\Users\C\Downloads\AdwCleaner.exe 2014-01-18 13:07:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-01-18 13:05:07 1393FBD6435180ABCD55AA93C56579E4 1830768 ----a-w- C:\Users\C\Downloads\hmpalert(1).exe 2014-01-18 13:03:23 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2014-01-17 07:26:25 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\C\Downloads\esetsmartinstaller_enu.exe 2014-01-16 20:30:06 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\C\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-16 20:24:06 FD3E66E1EAD5DA5EC23174D29B8376D6 283128 ----a-w- C:\Users\C\Downloads\Firefox Setup Stub 26.0 (1).exe 2014-01-15 21:00:21 -------- d-----w- C:\ProgramData\ClassicShell 2014-01-14 10:02:26 FD3E66E1EAD5DA5EC23174D29B8376D6 283128 ----a-w- C:\Users\C\Downloads\Firefox Setup Stub 26.0.exe 2014-01-12 09:07:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SciLor's grooveshark™.com Downloader 2014-01-06 18:01:49 47C203471B017D84C38836653E793FE5 11863248 ----a-w- C:\Users\C\Downloads\HarmonyBrowserPlug-in.exe 2013-12-28 16:02:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2013-12-28 16:01:33 -------- d-----w- C:\ProgramData\Apple Computer 2013-12-28 15:59:18 -------- d-----w- C:\ProgramData\Apple 2013-12-26 11:30:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo ====== C: exe-files == 2014-01-18 19:37:41 C1DB9BDF885C2F1ADC15264FBEA2788F 302961 ----a-w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe 2014-01-18 19:37:40 C1DB9BDF885C2F1ADC15264FBEA2788F 302961 ----a-w- C:\Users\C\AppData\Local\Microsoft\Windows\INetCache\IE\12AT2N3E\HOSTS_Anti-Adware_main[1].exe 2014-01-18 19:37:39 59538D76EA7D0FE8283D72265833E0E4 285795 ----a-w- C:\Users\C\AppData\Local\Microsoft\Windows\INetCache\IE\3B1J97HV\HOSTS_Anti-Adware[1].exe 2014-01-18 19:37:34 FBC207AD85D053D4FD9DD93C595D1A1D 285455 ----a-w- C:\Users\C\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe 2014-01-18 19:37:34 FBC207AD85D053D4FD9DD93C595D1A1D 285455 ----a-w- C:\Users\C\AppData\Local\Microsoft\Windows\INetCache\IE\EV4AKVFP\Install_HOSTS_Anti-Adware[1].exe 2014-01-18 19:31:34 246FE58EFFD357B2078842708155E46C 1236282 ----a-w- C:\Users\C\Downloads\AdwCleaner.exe 2014-01-18 17:19:45 A3F2FA2017E978BEA7AE7261CE578A40 17888136 ----a-w- C:\Users\C\AppData\Local\Temp\fp_pl_pfs_installer.exe 2014-01-18 13:07:50 AACD31D9B4129F05ECDE27DE98E6D96A 109352 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe 2014-01-18 13:07:49 76874123C258B0FE7A5E7E8F71555D52 10264904 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe 2014-01-18 13:07:19 76874123C258B0FE7A5E7E8F71555D52 10264904 ----a-w- C:\Users\C\AppData\Local\Temp\HitmanPro_x64.exe 2014-01-18 13:07:19 76874123C258B0FE7A5E7E8F71555D52 10264904 ----a-w- C:\Users\C\AppData\Local\Microsoft\Windows\INetCache\IE\12AT2N3E\HitmanPro_x64[1].exe 2014-01-18 13:05:07 1393FBD6435180ABCD55AA93C56579E4 1830768 ----a-w- C:\Users\C\Downloads\hmpalert(1).exe 2014-01-18 13:01:27 76874123C258B0FE7A5E7E8F71555D52 10264904 ----a-w- C:\Users\C\AppData\Local\Temp\HitmanPro.exe 2014-01-18 12:07:16 04EFD47F2F2846A57E09227E4F2C714C 2476632 ----a-w- C:\Windows\LastGood.Tmp\system32\IntelWiDiVAD64.exe 2014-01-18 12:06:57 7E1ED9DCFB39E36E1192574A75CD9224 397784 ----a-w- C:\Windows\LastGood.Tmp\system32\igfxext.exe 2014-01-18 12:06:56 D35D88DBD57ED367107DDAF4A70E695F 396760 ----a-w- C:\Windows\LastGood.Tmp\system32\CustomModeApp.exe 2014-01-18 12:06:56 D0DC666D5FE83C9822AFBD1F4141D923 755160 ----a-w- C:\Windows\LastGood.Tmp\system32\GfxUIHotKeyMenu.exe 2014-01-18 12:06:55 563F74B0BCB4E51E64A3BF260DDF9A15 7596504 ----a-w- C:\Windows\LastGood.Tmp\system32\GfxUIEx.exe 2014-01-18 12:06:55 47189B3FB35A23FD5A491A79EDBEDA0D 770520 ----a-w- C:\Windows\LastGood.Tmp\system32\igfxpers.exe 2014-01-18 12:06:54 A608F8BDF259CB3C323247CC1A533A10 771544 ----a-w- C:\Windows\LastGood.Tmp\system32\hkcmd.exe 2014-01-18 12:06:53 D5F868A46AED8E7CAD6C30E0599DD100 279000 ----a-w- C:\Windows\LastGood.Tmp\SysWow64\IntelCpHeciSvc.exe 2014-01-18 12:06:53 CB0CAECF7EE7C34A07066BE69C71198D 153048 ----a-w- C:\Windows\LastGood.Tmp\system32\difx64.exe 2014-01-18 11:48:45 A2029E77352010E1779DBBB87ADFADB8 4069888 ----a-w- C:\Users\C\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Solitaire\bdf4a2bf169f30dc166d67b363cdba1d\Solitaire.ni.exe 2014-01-17 07:26:49 CE0D0B11986FD2C0247AE88A59B36A6E 579904 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 2014-01-17 07:26:49 BDB7D97012F9B3102DB72AA76A24942A 546944 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe 2014-01-17 07:26:49 7C9EEC809FB9CDA26EFC245C001EA980 2347384 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe 2014-01-17 07:26:49 7ABF8849E76732C357F419B1AF5668F2 546944 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe 2014-01-17 07:26:49 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe 2014-01-17 07:26:25 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\C\Downloads\esetsmartinstaller_enu.exe 2014-01-16 20:30:06 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\C\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-16 20:25:27 99F20CB58E61DAAD19935122AEE8B376 106212 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe 2014-01-16 20:25:27 3B9398E0146855B1DC0E3D9769C80F01 119408 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 2014-01-16 20:24:06 FD3E66E1EAD5DA5EC23174D29B8376D6 283128 ----a-w- C:\Users\C\Downloads\Firefox Setup Stub 26.0 (1).exe 2014-01-16 18:33:17 7FA3046AC2751A408899EFD331FE1980 479744 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe 2014-01-16 18:33:16 F242938F69AA25B8ECD0D9E342799802 637952 ----a-w- C:\Windows\System32\SettingSyncHost.exe 2014-01-16 18:25:23 FF63857E9C1C948393346A86CAD39112 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2816235752-810234289-1669953389-1001\$IJQOFBV.exe 2014-01-16 09:00:01 14F0A1D5E7E73F43B92FD75725A3C202 693240 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-15 09:14:21 F8309DE5A45867745C7AA835DF50AA29 25304 ----a-w- C:\Windows\WinStore\WSHost.exe 2014-01-15 09:14:21 3E245CCA42D78B9626A79FE77E111D7B 84480 ----a-w- C:\Windows\System32\WSCollect.exe 2014-01-14 10:02:26 FD3E66E1EAD5DA5EC23174D29B8376D6 283128 ----a-w- C:\Users\C\Downloads\Firefox Setup Stub 26.0.exe 2014-01-14 09:55:26 49E549A01BB5FF6E82E386176E4D7305 96320 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe 2014-01-14 09:54:56 22152100B2D32BE9DAF13591096DE58D 2084416 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\SendCrashReport.exe 2014-01-14 09:54:54 B8B811C4655490676C2DED04E531F106 9577536 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Updater.exe 2014-01-14 09:54:49 15D2200C10CA3506C2AD566FBAE1E13B 36229696 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe 2014-01-14 09:54:47 B2A596DCEE491DF39DBDC13A8A7CB05A 60480 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\FXC_ProxyProcess.exe 2014-01-14 09:54:46 7FC062F566DBEE26A6DF69119C93B7B9 755672 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\UninstallPrint.exe 2014-01-14 09:54:36 D4945107DF8F56CC4DC858C0694C13E2 26688 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Checkupdate\Checkupdate.exe 2014-01-14 09:54:35 5C7CD5168055514AB1722E4F926DCEF5 1904192 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe 2014-01-13 06:54:58 084BE4D9B1C2B51F423C97285B89E558 1281536 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2816235752-810234289-1669953389-1001\$RJQOFBV.exe === C: other files == 2014-01-18 12:06:49 4F6363C26B4A3DDBC9FAFCBA68602B01 4216320 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\igdkmd64.sys 2014-01-16 18:33:18 0E0796E3413D38A396B1C1591CE2B72E 4191232 ----a-w- C:\Windows\System32\win32k.sys 2014-01-16 18:33:07 3D9A5AC880D7AA2305812D665D24ED23 2551128 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-01-16 18:33:02 ED39D676080A1AEA755F1DEC1A8DF1A4 1119064 ----a-w- C:\Windows\System32\drivers\ndis.sys 2014-01-16 18:33:02 79B6F3DF7CDFD12159871FF71464F0CE 403456 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2014-01-16 18:33:01 B7342B3C58E91107F6E946A93D9D4EFD 142848 ----a-w- C:\Windows\System32\drivers\ipnat.sys 2014-01-16 18:33:01 4628B415A84EA9D4D396A56F1D0CB6C6 142680 ----a-w- C:\Windows\System32\drivers\USBSTOR.SYS 2014-01-16 18:33:00 1C89EF529DB7DCA98E801EFDCC8437DE 19456 ----a-w- C:\Windows\System32\drivers\BtaMPM.sys 2014-01-16 18:25:11 B9EF470582184E213F54962F58E493E5 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2816235752-810234289-1669953389-1001\$IV1P27H.com 2014-01-12 23:20:14 0EABC923312CEFC45484D2F7D28A9C7A 1410166 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2816235752-810234289-1669953389-1001\$RV1P27H.com ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [HKEY_USERS\S-1-5-21-2816235752-810234289-1669953389-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" "Wipe Maintance"="C:\Program Files\net1-wipe\net1.exe windowsStartup" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s" "Google Desktop Search"="C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe /startup" "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" "AcronisTibMounterMonitor"="C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" "Wipe Maintance"="C:\Program Files\net1-wipe\net1.exe windowsStartup" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp" "POSHX"="C:\Program Files (x86)\FWdriver_v\POSHX.exe /start" "Bdagent"="C:\Program Files\Bitdefender\Bitdefender\bdagent.exe" "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2013-11-12 17:42:57 1870 ----a-w- C:\Users\C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk 2013-11-23 17:57:24 1126 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [18-01-2014 18:21] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\Bitdefender Autoscan" [C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\Dolby Selector" [C:\Program Files\Dolby Digital Plus\ddp.exe] "C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman" [28-10-2013 21:41] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default 2557FBC582910A71CDEB0F22886D118D - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash BAD62EC082FBC9BF6D54FAB91E53A35A - C:\Program Files\Bitdefender\Bitdefender\Antispam32\npcomm.dll - BitDefender 16 ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx[18-12-2013 22:16] omaonpoimgkmbllpdihbnmgphjoipdhf - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx[01-05-2012 21:45] ==== C:\zoek_backup content ====================== C:\zoek_backup (files=107 folders=26 40532529 bytes) ==== EOF on zo 19-01-2014 at 19:02:42,10 ======================

Hallo, Ook met internet explorer krijg ik deze melding! Chrisv

Hallo, Deze zoekactie had ik net vorige week bij een ander probleem gedaan. Hierbij was malware opgespoord. Dit is verwijderd. Direct daarna begonnen de meldingen waar ik het nu over heb. het vreemde is dat ik deze melding ook kreeg op een andere pc, die ik bijna nooit gebruik en, dat hoorde ik gisteren, ook bij 2 kennissen van mij die allemaal ongeveer op dezelfde dag HitmanPro.alert hadden geïnstalleerd. Ongeveer een maand na installatie van deze software kregen wij deze melding, met het verzoek de computer met HitmanPro te scannen. Kan het misschien hiermee te maken hebben? Het is maar een gedachte! Als ik HitmanPro.alert verwijder, maar alle andere beveiligingssoftware (bitdefender, HitmanPro) laat staan is de melding verdwenen! Mogelijk heb je hier wat aan. Ik zal bij de volgende reactie voor de zekerheid toch het resultaat van de zoekactie opsturen. Alvast dank. chrisv

Hallo, het probleem is niet opgelost. Ik heb gemerkt dat ik deze melding ook op mijn andere pc heb!! ik heb bij min weten geen thuisgroep of netwerk. Geen idee dus hoe dit ontstaan is. Zit dus niet in deze pc op zich, maar waar dan?? Hier bij het logbestand en nogmaals de melding (bijlage) Alvast dank. chrisv log.txt firefox indringer e.docx

Hallo, Net nadat het vorige probleem was opgelost, kreeg ik de volgende melding (zie bijlage). Een scan met hitman pro loste niets op. Weet niet goed wat ik hier mee moet. Alvast dank. chrisv melding.docx

Hallo, Probleem opgelost. Heel erg dank. chrisv

bij deze. Zoek.exe v5.0.0.0 Updated 15-Januari-2014 Tool run by C on do 16-01-2014 at 17:25:43,21. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\C\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-01-13-090036.log 958 bytes C:\zoek-results2014-01-16-102827.log 18495 bytes C:\zoek-results2014-01-16-114911.log 397 bytes C:\zoek-results2014-01-16-143625.log 445 bytes C:\zoek-results2014-01-16-150723.log 493 bytes ==== Creating Sample_16-01-2014_1758.zip ====================== Copied file C:\Users\C\AppData\Local\omesuperv.exe to sample\omesuperv.exe sample\omesuperv.exe renamed to B64C0A5200B396641205598D271ACD9F C:\Users\Public\Desktop\sample_16-01-2014_1758.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2816235752-810234289-1669953389-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-2816235752-810234289-1669953389-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6F001371-B95B-44DD-80AF-E3B9109FA974} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default ---- Lines OfferMosquito removed from prefs.js ---- user_pref("om.pingUrl", "http://api.offermosquito.com/ping.php?ch=35"); user_pref("plugin.state.npoffermosquitoiehelper", 0); ---- Lines OfferMosquito modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"ffpwdman@bitdefender.com\":{\"descriptor\":\"C:\\\\Program Files\ ---- Lines Softonic removed from prefs.js ---- user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.aflt", "SD"); user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.dfltLng", "nl"); user_pref("extensions.Softonic.dfltSrch", true); user_pref("extensions.Softonic.dnsErr", true); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.ffxUnstlRst", false); user_pref("extensions.Softonic.hmpg", true); user_pref("extensions.Softonic.hmpgUrl", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=&mi=b472050d0000000000005c514f392ea3"); user_pref("extensions.Softonic.hpOld0", ""); user_pref("extensions.Softonic.id", "b472050d0000000000005c514f392ea3"); user_pref("extensions.Softonic.instlDay", "16019"); user_pref("extensions.Softonic.instlRef", "MOY00011"); user_pref("extensions.Softonic.kw_url", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc=&mi=b472050d0000000000005c514f392ea3&q="); user_pref("extensions.Softonic.newTab", true); user_pref("extensions.Softonic.newTabUrl", "http://search.softonic.com/MOY00011/tb_v1/?SearchSource=15&cc=&mi=b472050d0000000000005c514f392ea3"); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.rvrt", "false"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); user_pref("extensions.Softonic.tlbrId", "2013desingbrand"); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=1&cc=&mi=b472050d0000000000005c514f392ea3&q="); user_pref("extensions.Softonic.vrsn", "1.8.19.3"); user_pref("extensions.Softonic.vrsni", "1.8.19.3"); user_pref("extensions.Softonic.vrsnTs", "1.8.19.314:43:51"); ---- Lines Softonic removed from user.js ---- user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=1&cc=&mi=b472050d0000000000005c514f392ea3&q="); user_pref("extensions.Softonic.id", "b472050d0000000000005c514f392ea3"); user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}"); user_pref("extensions.Softonic.instlDay", "16019"); user_pref("extensions.Softonic.vrsn", "1.8.19.3"); user_pref("extensions.Softonic.vrsni", "1.8.19.3"); user_pref("extensions.Softonic.vrsnTs", "1.8.19.314:43:51"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.aflt", "SD"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.tlbrId", "2013desingbrand"); user_pref("extensions.Softonic.instlRef", "MOY00011"); user_pref("extensions.Softonic.dfltLng", "nl"); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.ffxUnstlRst", false); user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.rvrt", "false"); user_pref("extensions.Softonic.hmpg", true); user_pref("extensions.Softonic.hmpgUrl", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=&mi=b472050d0000000000005c514f392ea3"); user_pref("extensions.Softonic.hpOld0", ""); user_pref("extensions.Softonic.dfltSrch", true); user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); user_pref("extensions.Softonic.kw_url", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc=&mi=b472050d0000000000005c514f392ea3&q="); user_pref("extensions.Softonic.dnsErr", true); user_pref("extensions.Softonic.newTab", true); user_pref("extensions.Softonic.newTabUrl", "http://search.softonic.com/MOY00011/tb_v1/?SearchSource=15&cc=&mi=b472050d0000000000005c514f392ea3"); ---- Lines conduit removed from prefs.js ---- user_pref("browser.search.defaultenginename", "Conduit Search"); user_pref("browser.search.selectedEngine", "Conduit Search"); user_pref("browser.startup.homepage", "http://search.conduit.com/?ctid=CT3322168&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP4891B649-86E2-4 ---- FireFox user.js and prefs.js backups ---- user_16-01-2014_1800_.backup prefs_16-01-2014_1800_.backup ==== Deleting Files \ Folders ====================== C:\Users\Public\Desktop\SciLor's grooveshark™.com Downloader.lnk not found C:\Users\C\AppData\Roaming\Intermediate deleted C:\Users\C\AppData\Roaming\SSync deleted C:\Users\C\AppData\Roaming\Common deleted C:\ProgramData\Package Cache deleted C:\Users\C\Downloads\SoftonicDownloader_voor_google-desktop.exe deleted C:\Users\C\Downloads\SoftonicDownloader_voor_photofiltre.exe deleted C:\Users\C\Downloads\SoftonicDownloader_voor_product-key-finder.exe deleted C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default\searchplugins\conduit-search.xml deleted C:\Users\C\AppData\Local\omesuperv.exe deleted "C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default\extensions\om@offermosquito.com.xpi" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman" [28-10-2013 21:41] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default BAD62EC082FBC9BF6D54FAB91E53A35A - C:\Program Files\Bitdefender\Bitdefender\Antispam32\npcomm.dll - BitDefender 16 ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx[18-12-2013 22:16] omaonpoimgkmbllpdihbnmgphjoipdhf - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx[01-05-2012 21:45] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions gbmdkmlcnbapgegninelmjbfibaghdmk - C:\Users\C\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\ext_offermosquito\ext_offermosquito.crx[] Softonic Chrome Toolbar - C\AppData\Local\Google\Chrome\User Data\default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf ==== Chrome Fix ====================== C:\Users\C\AppData\Local\Google\Chrome\User Data\default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=qycoPU_BOdyIvwyraMIEDqjOf7M?q={searchTerms}" {99103325-58A0-4DB9-A9C4-CA5474A3A9D3} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB" ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\C\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\C\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\C\AppData\Local\Mozilla\Firefox\Profiles\ayqcbdhb.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=110 folders=26 41735761 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\C\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\C\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 16-01-2014 at 18:12:17,95 ======================

hallo, Bij deze denk ik het goede logbestand alvast dank. chrisv Zoek.exe v5.0.0.0 Updated 15-Januari-2014 Tool run by C on do 16-01-2014 at 11:17:08,33. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\C\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-01-13-090036.log 958 bytes ==== Empty Folders Check ====================== C:\Users\C\AppData\Roaming\QuickScan deleted successfully C:\Users\C\AppData\Local\Secunia PSI deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2816235752-810234289-1669953389-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82B16A3D-F03E-4565-A532-666B219C9A53} deleted successfully HKEY_USERS\S-1-5-21-2816235752-810234289-1669953389-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82B16A3D-F03E-4565-A532-666B219C9A53} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DataMgr"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Users\C\AppData\Roaming\Systweak not found C:\Users\C\AppData\Local\ext_offermosquito deleted C:\Users\C\AppData\Roaming\DataMgr deleted C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 deleted "C:\windows\SysNative\roboot64.exe" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2014-01-12 10:11:20 D9F551D51350364EBF9D235F50FAD5A2 392727407 ----a-w- C:\WINDOWS\MEMORY.DMP ====== C:\Users\C\AppData\Local\Temp ==== 2014-01-14 09:52:08 B8B811C4655490676C2DED04E531F106 9577536 ----a-w- C:\Users\C\AppData\Local\Temp\Foxit Updater.exe ====== C:\WINDOWS\SysWOW64 ===== 2014-01-16 09:00:01 815747A331941F3DA5F4BAF78016D333 693240 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-01-15 09:14:22 ED8ED1CE6CAB56103230E2097763DC2B 695808 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll 2014-01-15 09:14:21 B6D28E8DC13F9EAF8B74BDB4F3DD9781 174592 ----a-w- C:\WINDOWS\SysWOW64\WSClient.dll 2014-01-15 09:14:19 73D0837E97CD7368BCA7DE4E373B8503 103936 ----a-w- C:\WINDOWS\SysWOW64\OEMLicense.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-01-15 09:14:23 D8E3A4701376CCFD0BE542D745FA4809 3395920 ----a-w- C:\WINDOWS\Sysnative\WSService.dll 2014-01-15 09:14:22 E3E168E733B0E8383BA5635542FDB96F 848384 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll 2014-01-15 09:14:22 294AAE73D0D7BDAACC5224BC7334077B 206336 ----a-w- C:\WINDOWS\Sysnative\WSClient.dll 2014-01-15 09:14:21 3E245CCA42D78B9626A79FE77E111D7B 84480 ----a-w- C:\WINDOWS\Sysnative\WSCollect.exe 2014-01-15 09:14:20 30AE1D2A418A6C128CF3BD6EA37354DB 138240 ----a-w- C:\WINDOWS\Sysnative\OEMLicense.dll 2014-01-15 09:14:16 EF5A9D7523E4530D2030D4EA2D90FEC3 787968 ----a-w- C:\WINDOWS\Sysnative\uDWM.dll 2014-01-12 09:35:29 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\WINDOWS\Sysnative\bootdelete.exe ====== C:\WINDOWS\Sysnative\drivers ===== 2013-12-28 16:04:34 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2013-12-28 16:02:05 8E98D21EE06192492A5671A6144D092F 33240 ----a-w- C:\WINDOWS\Sysnative\drivers\GEARAspiWDM.sys 2013-12-24 13:37:50 370A6907DDF79532A39319492B1FA38A 231376 ----a-w- C:\WINDOWS\Sysnative\drivers\truecrypt.sys ====== C:\WINDOWS\Tasks ====== 2014-01-15 21:00:47 018C164568007461A6C472A64B589521 3576 ----a-w- C:\WINDOWS\Sysnative\Tasks\Bitdefender Autoscan 2013-12-28 20:14:51 735D6BEACD734C489AD46098E35C348E 940 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-12-28 20:14:51 222A8A7BFD8EE88E3ECB4216D42B9412 3828 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player Updater 2013-12-28 16:00:22 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Apple ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-01-12 16:07:30 -------- d-----w- C:\Program Files\trend micro 2013-12-28 16:01:34 -------- d-----w- C:\Program Files\iPod 2013-12-28 16:01:33 -------- d-----w- C:\Program Files\iTunes 2013-12-28 15:59:50 -------- d-----w- C:\Program Files\Common Files\Apple ======= C:\PROGRA~2 ===== 2014-01-14 10:03:29 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2014-01-12 09:07:43 -------- d-----w- C:\PROGRA~2\SciLor's grooveshark.com Downloader 2013-12-28 16:01:33 -------- d-----w- C:\PROGRA~2\iTunes 2013-12-28 16:00:14 -------- d-----w- C:\PROGRA~2\Apple Software Update 2013-12-28 15:59:18 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple 2013-12-26 11:30:05 -------- d-----w- C:\PROGRA~2\Kobo ======= C: ===== ====== C:\Users\C\AppData\Roaming ====== 2014-01-01 16:30:37 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\PnrpSqm 2013-12-28 16:02:22 -------- d-----w- C:\Users\C\AppData\Roaming\Apple Computer 2013-12-28 16:02:22 -------- d-----w- C:\Users\C\AppData\Local\Apple Computer 2013-12-28 16:00:18 -------- d-----w- C:\Users\C\AppData\Local\Apple 2013-12-28 16:00:02 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Apple Computer 2013-12-26 17:11:02 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking 2013-12-26 17:10:52 -------- d-----w- C:\Users\C\AppData\Roaming\CyberLink 2013-12-26 11:30:36 -------- d-----w- C:\Users\C\AppData\Local\Kobo 2013-12-24 13:38:30 -------- d-----w- C:\Users\C\AppData\Roaming\TrueCrypt ====== C:\Users\C ====== 2014-01-16 10:12:45 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2014-01-15 21:00:21 -------- d-----w- C:\ProgramData\ClassicShell 2014-01-14 10:02:26 FD3E66E1EAD5DA5EC23174D29B8376D6 283128 ----a-w- C:\Users\C\Downloads\Firefox Setup Stub 26.0.exe 2014-01-12 16:06:24 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\C\Downloads\RSITx64.exe 2014-01-12 09:07:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SciLor's grooveshark™.com Downloader 2014-01-12 08:58:06 861433F3302DFD69B59282A84A1208A8 340688 ----a-w- C:\Users\C\Downloads\scilors-grooveshark-downloader-windows-downloader.exe 2014-01-06 18:01:49 47C203471B017D84C38836653E793FE5 11863248 ----a-w- C:\Users\C\Downloads\HarmonyBrowserPlug-in.exe 2014-01-05 16:05:42 6B26D2940BD9B7C75EF8556940CA5159 23915754 ----a-w- C:\Users\C\Downloads\torbrowser-install-3.5_en-US.exe 2013-12-28 16:02:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2013-12-28 16:01:33 -------- d-----w- C:\ProgramData\Apple Computer 2013-12-28 15:59:18 -------- d-----w- C:\ProgramData\Apple 2013-12-26 11:30:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo ====== C: exe-files == 2014-01-16 09:00:01 815747A331941F3DA5F4BAF78016D333 693240 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-15 09:14:21 F8309DE5A45867745C7AA835DF50AA29 25304 ----a-w- C:\Windows\WinStore\WSHost.exe 2014-01-15 09:14:21 3E245CCA42D78B9626A79FE77E111D7B 84480 ----a-w- C:\Windows\System32\WSCollect.exe 2014-01-14 10:03:30 99F20CB58E61DAAD19935122AEE8B376 106212 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe 2014-01-14 10:03:29 3B9398E0146855B1DC0E3D9769C80F01 119408 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 2014-01-14 10:02:26 FD3E66E1EAD5DA5EC23174D29B8376D6 283128 ----a-w- C:\Users\C\Downloads\Firefox Setup Stub 26.0.exe 2014-01-14 09:55:48 656E932667A49E2A49658DE755D8A8F0 1437248 ----a-w- C:\Users\C\AppData\Roaming\Foxit Software\Foxit Cloud\Reader\unins000.exe 2014-01-14 09:55:26 49E549A01BB5FF6E82E386176E4D7305 96320 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe 2014-01-14 09:54:56 22152100B2D32BE9DAF13591096DE58D 2084416 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\SendCrashReport.exe 2014-01-14 09:54:54 B8B811C4655490676C2DED04E531F106 9577536 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Updater.exe 2014-01-14 09:54:49 15D2200C10CA3506C2AD566FBAE1E13B 36229696 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe 2014-01-14 09:54:47 B2A596DCEE491DF39DBDC13A8A7CB05A 60480 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\FXC_ProxyProcess.exe 2014-01-14 09:54:46 7FC062F566DBEE26A6DF69119C93B7B9 755672 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\UninstallPrint.exe 2014-01-14 09:54:36 D4945107DF8F56CC4DC858C0694C13E2 26688 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Checkupdate\Checkupdate.exe 2014-01-14 09:54:35 5C7CD5168055514AB1722E4F926DCEF5 1904192 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe 2014-01-14 09:52:08 B8B811C4655490676C2DED04E531F106 9577536 ----a-w- C:\Users\C\AppData\Local\Temp\Foxit Updater.exe 2014-01-13 18:12:50 A3CE1DC73BCC95D7812D593381346681 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$IYDMJXO.exe 2014-01-13 06:54:58 084BE4D9B1C2B51F423C97285B89E558 1281536 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$RYDMJXO.exe 2014-01-12 16:07:34 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\C.exe 2014-01-12 16:06:24 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\C\Downloads\RSITx64.exe 2014-01-12 09:35:29 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2014-01-12 09:07:47 0B84A6BBD496026CA534666A58DF9CF0 5407850 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\Tor\vidalia.exe 2014-01-12 09:07:46 C10EB5C2B17B822FDC66D70CF4680695 3938086 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\Tor\tor.exe 2014-01-12 09:07:46 35EA0113A5FF5D1608D1A80CA006E8F0 374786 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\Tor\tor-resolve.exe 2014-01-12 09:07:44 0780178E6001509C855F0149F8B97135 178176 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\Tor\polipo.exe 2014-01-12 09:07:43 38FBFABDCE44FD844CBCD7BA6BC91584 808904 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\unins000.exe 2014-01-12 09:07:43 1047510FB6C40F4E88F5E922785835E5 122992 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\Mp3Gain\mp3gain.exe 2014-01-12 09:07:43 008006426163026C522F35361D23B067 376320 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\SciLors GrooveDownloader.exe 2014-01-12 08:58:06 861433F3302DFD69B59282A84A1208A8 340688 ----a-w- C:\Users\C\Downloads\scilors-grooveshark-downloader-windows-downloader.exe === C: other files == 2014-01-15 09:14:39 4D6461193AE1BBC708194C295C7EA71A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$IRBGS16.zip 2014-01-15 09:14:29 C03D586167072E6565BFA7F79281D69A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$IKVPVG3.zip 2014-01-13 18:12:55 DD82198180C71CF7D27D3557FC6C45C6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$IZCEZB4.com 2014-01-13 18:01:28 00379788C7C696104BD1C09306BF90B1 4082624 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$RKVPVG3.zip 2014-01-13 18:00:32 00379788C7C696104BD1C09306BF90B1 4082624 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$RRBGS16.zip 2014-01-13 16:18:27 7303562B96B994B544902C5E703D3276 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$ICGOWEF.com 2014-01-12 23:20:14 0EABC923312CEFC45484D2F7D28A9C7A 1410166 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$RZCEZB4.com 2014-01-12 23:20:14 0EABC923312CEFC45484D2F7D28A9C7A 1410166 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$RCGOWEF.com 2014-01-12 09:07:43 B8E429F3225CC298C5D13D31AFD050B6 128436 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\Mp3Gain\mp3gain-1_5_2_r2-src.zip 2014-01-12 09:07:43 12CE68E7308A83645825B4AD0C459F5E 61 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\SciLors GrooveDownloader WithTor.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [HKEY_USERS\S-1-5-21-2816235752-810234289-1669953389-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" "SSync"="C:\Users\C\AppData\Roaming\SSync\SSync.exe" "Intermediate"="C:\Users\C\AppData\Roaming\Intermediate\Intermediate.exe" "OMESupervisor"="C:\Users\C\AppData\Local\omesuperv.exe" "Wipe Maintance"="C:\Program Files\net1-wipe\net1.exe windowsStartup" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s" "Google Desktop Search"="C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe /startup" "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" "AcronisTibMounterMonitor"="C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" "SSync"="C:\Users\C\AppData\Roaming\SSync\SSync.exe" "Intermediate"="C:\Users\C\AppData\Roaming\Intermediate\Intermediate.exe" "OMESupervisor"="C:\Users\C\AppData\Local\omesuperv.exe" "Wipe Maintance"="C:\Program Files\net1-wipe\net1.exe windowsStartup" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp" "POSHX"="C:\Program Files (x86)\FWdriver_v\POSHX.exe /start" "Bdagent"="C:\Program Files\Bitdefender\Bitdefender\bdagent.exe" "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2013-11-12 17:42:57 1870 ----a-w- C:\Users\C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk 2013-11-23 17:57:24 1126 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\Bitdefender Autoscan" [C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\Dolby Selector" [C:\Program Files\Dolby Digital Plus\ddp.exe] "C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman" [28-10-2013 21:41] ==== Firefox Extensions ====================== ProfilePath: C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default - OfferMosquito - %ProfilePath%\extensions\om@offermosquito.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default BAD62EC082FBC9BF6D54FAB91E53A35A - C:\Program Files\Bitdefender\Bitdefender\Antispam32\npcomm.dll - BitDefender 16 ==== C:\zoek_backup content ====================== C:\zoek_backup (files=17 folders=5 9019848 bytes) ==== EOF on do 16-01-2014 at 11:28:27,36 ======================

Dit is wat ik een dag eerder had gevonden. Het programma was toen nog steeds aan het draaien. heb het na 12 uur handmatig afgesloten. Misschien geeft het nuttige info! Zoek.exe v5.0.0.0 Updated 12-Januari-2014 Tool run by C on ma 13-01-2014 at 9:12:32,42. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\C\Desktop\zoek.scr [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 13-1-2014 09:20:32 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\ProgramData\Dumps deleted successfully C:\Users\C\AppData\Roaming\Logitech deleted successfully C:\Users\C\AppData\Roaming\OfferMosquito deleted successfully C:\Users\C\AppData\Roaming\QuickScan deleted successfully C:\Users\C\AppData\Roaming\Systweak deleted successfully C:\Users\C\AppData\Local\Adobe deleted successfully C:\Users\C\AppData\Local\MigWiz deleted successfully C:\Users\C\AppData\Local\PackageStaging deleted successfully C:\Users\C\AppData\Local\Secunia PSI deleted successfully

Draai nu al meer dan 12 uur. Nog geen enkel teken van leven. Bij aanklikken de melding dat hij nog loopt. Lijkt me onwaarschijnlijk!

Hallo, ik heb momenteel zoek.exe draaien (denk ik). Als ik nogmaals op 'run scripts' klik, krijg ik de melding dat het reeds loopt. Maar kan het zijn dat dit proces uren duurt? Anders zit ik voor niets te wachten, want ogenschijnlijk gebeurt er niets!

Hallo, Hallo, het lukt me niet om zoek.exe langs bitdefender te krijgen. Hoewel ik alle opties heb uitgeschakeld blijft hij het programma toch blokkeren(!?) Hoe dat kan weet ik niet. graag advies. Alvast dank. chrisv

hallo, bij deze het gevraagde logfileltje. Als bijlage, want in dit bericht geplakt liep telkens vast. Alvast dank. log.txt

Hallo, Nadat ik grooveshark downloader had geïnstalleerd, waarbij de nodige troep meekwam die ik via configuratiescherm heb verwijderd, krijg ik bij het openen van mijn internet browser (zowel bij firefox alsook bij explorer) de volgende melding (zie bijlage. knipsel.jpg 46.9)). Uiteraard vertrouw ik deze melding niet, maar hoe haal ik het weg? alvast dank, groet, chrisv

Hallo, Krijg geen melding meer. Probleem dus opgelost. Dank hiervoor. Een vraagje dat hier nog betrekking op heeft. Kan HitmanPro draaien naast een andere virusbescherming, in mijn geval Bitdefender? groet, Chrisv

# AdwCleaner v3.001 - Report created 28/08/2013 at 09:39:02 # Updated 24/08/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Chris - CHRIS-PC # Running from : C:\Users\Chris\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\DealPlyLive Folder Deleted : C:\Program Files (x86)\DealPlyLive Folder Deleted : C:\Program Files (x86)\MyPC Backup Folder Deleted : C:\Users\Chris\AppData\Local\DealPlyLive Folder Deleted : C:\Users\Chris\AppData\Roaming\DSite Folder Deleted : C:\Users\Chris\AppData\Roaming\Systweak File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rzvqaa8a.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi File Deleted : C:\Windows\System32\roboot64.exe File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rzvqaa8a.default\searchplugins\Askcom.xml File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rzvqaa8a.default\searchplugins\SweetIm.xml File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rzvqaa8a.default\\invalidprefs.js File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rzvqaa8a.default\user.js File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA File Deleted : C:\Windows\Tasks\DSite.job File Deleted : C:\Windows\System32\Tasks\DSite File Deleted : C:\Windows\Tasks\RegClean Pro_DEFAULT.job File Deleted : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}] Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\dealplylive Key Deleted : HKCU\Software\dsiteproducts Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\WNLT Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\systweak ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v23.0.1 (nl) [ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rzvqaa8a.default\prefs.js ] Line Deleted : user_pref("extensions.Softonic.admin", false); Line Deleted : user_pref("extensions.Softonic.aflt", "SD"); Line Deleted : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}"); Line Deleted : user_pref("extensions.Softonic.autoRvrt", "false"); Line Deleted : user_pref("extensions.Softonic.dfltLng", "nl"); Line Deleted : user_pref("extensions.Softonic.dfltSrch", true); Line Deleted : user_pref("extensions.Softonic.dnsErr", true); Line Deleted : user_pref("extensions.Softonic.excTlbr", false); Line Deleted : user_pref("extensions.Softonic.ffxUnstlRst", false); Line Deleted : user_pref("extensions.Softonic.hmpg", true); Line Deleted : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=&mi=44cbae7c00000000000020cf30c44a94"); Line Deleted : user_pref("extensions.Softonic.hpOld0", "about:home"); Line Deleted : user_pref("extensions.Softonic.id", "44cbae7c00000000000020cf30c44a94"); Line Deleted : user_pref("extensions.Softonic.instlDay", "15882"); Line Deleted : user_pref("extensions.Softonic.instlRef", "MOY00011"); Line Deleted : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc=&mi=44cbae7c00000000000020cf30c44a94&q="); Line Deleted : user_pref("extensions.Softonic.newTab", true); Line Deleted : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00011/tb_v1/?SearchSource=15&cc=&mi=44cbae7c00000000000020cf30c44a94"); Line Deleted : user_pref("extensions.Softonic.prdct", "Softonic"); Line Deleted : user_pref("extensions.Softonic.prtnrId", "softonic"); Line Deleted : user_pref("extensions.Softonic.rvrt", "false"); Line Deleted : user_pref("extensions.Softonic.smplGrp", "none"); Line Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Line Deleted : user_pref("extensions.Softonic.tlbrId", "BASEirobinhoodActive"); Line Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=1&cc=&mi=44cbae7c00000000000020cf30c44a94&q="); Line Deleted : user_pref("extensions.Softonic.vrsn", "1.8.19.3"); Line Deleted : user_pref("extensions.Softonic.vrsnTs", "1.8.19.314:55:39"); Line Deleted : user_pref("extensions.Softonic.vrsni", "1.8.19.3"); Line Deleted : user_pref("extensions.delta.admin", false); Line Deleted : user_pref("extensions.delta.aflt", "babsst"); Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Line Deleted : user_pref("extensions.delta.autoRvrt", "false"); Line Deleted : user_pref("extensions.delta.dfltLng", "nl"); Line Deleted : user_pref("extensions.delta.excTlbr", false); Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true); Line Deleted : user_pref("extensions.delta.id", "44cbae7c00000000000020cf30c44a94"); Line Deleted : user_pref("extensions.delta.instlDay", "15940"); Line Deleted : user_pref("extensions.delta.instlRef", "sst"); Line Deleted : user_pref("extensions.delta.newTab", false); Line Deleted : user_pref("extensions.delta.prdct", "delta"); Line Deleted : user_pref("extensions.delta.prtnrId", "delta"); Line Deleted : user_pref("extensions.delta.rvrt", "false"); Line Deleted : user_pref("extensions.delta.smplGrp", "none"); Line Deleted : user_pref("extensions.delta.tlbrId", "base"); Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", ""); Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6"); Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.618:48:28"); Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6"); Line Deleted : user_pref("extensions.delta_i.babExt", ""); Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4983"); Line Deleted : user_pref("extensions.delta_i.srcExt", "ss"); Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false); Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false); Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Line Deleted : user_pref("extensions.helperbar.Visibility", true); Line Deleted : user_pref("extensions.helperbar.countryiso", "nl"); Line Deleted : user_pref("extensions.helperbar.downloadprovider", "snapdoocyb"); Line Deleted : user_pref("extensions.helperbar.installationid", "860a02c4-75fe-4557-a677-ddebd129da4c"); Line Deleted : user_pref("extensions.helperbar.installdate", "27/07/2013"); Line Deleted : user_pref("extensions.helperbar.publisher", "snapdoocyb"); Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "about:home"); Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10061&barid={4F09F2D2-09A4-11E3-B069-20CF30C44A94}"); ************************* AdwCleaner[R0].txt - [10971 octets] - [26/08/2013 08:51:30] AdwCleaner[R1].txt - [11032 octets] - [28/08/2013 09:38:25] AdwCleaner[s0].txt - [10316 octets] - [28/08/2013 09:39:02] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10377 octets] ##########

# AdwCleaner v3.001 - Report created 26/08/2013 at 08:51:30 # Updated 24/08/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Chris - CHRIS-PC # Running from : C:\Users\Chris\Downloads\adwcleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rzvqaa8a.default\\invalidprefs.js File Found : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rzvqaa8a.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi File Found : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rzvqaa8a.default\searchplugins\Askcom.xml File Found : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rzvqaa8a.default\searchplugins\SweetIm.xml File Found : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rzvqaa8a.default\user.js File Found : C:\Windows\System32\roboot64.exe File Found : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore File Found : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA File Found : C:\Windows\System32\Tasks\DSite File Found : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT File Found : C:\Windows\System32\Tasks\RegClean Pro_UPDATES File Found : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job File Found : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job File Found : C:\Windows\Tasks\DSite.job File Found : C:\Windows\Tasks\RegClean Pro_DEFAULT.job File Found : C:\Windows\Tasks\RegClean Pro_UPDATES.job Folder Found C:\Program Files (x86)\DealPlyLive Folder Found C:\Program Files (x86)\MyPC Backup Folder Found C:\Program Files (x86)\MyPC Backup Folder Found C:\ProgramData\Ask Folder Found C:\ProgramData\DealPlyLive Folder Found C:\Users\Chris\AppData\Local\DealPlyLive Folder Found C:\Users\Chris\AppData\Roaming\DSite Folder Found C:\Users\Chris\AppData\Roaming\Systweak ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\BabSolution Key Found : HKCU\Software\dealplylive Key Found : HKCU\Software\dsiteproducts Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\WNLT Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\BabSolution Key Found : [x64] HKCU\Software\dealplylive Key Found : [x64] HKCU\Software\dsiteproducts Key Found : [x64] HKCU\Software\IM Key Found : [x64] HKCU\Software\ImInstaller Key Found : [x64] HKCU\Software\InstallCore Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Found : [x64] HKCU\Software\WNLT Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\Software\PIP Key Found : HKLM\Software\systweak Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}] Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v23.0.1 (nl) [ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rzvqaa8a.default\prefs.js ] Line Found : user_pref("extensions.Softonic.admin", false); Line Found : user_pref("extensions.Softonic.aflt", "SD"); Line Found : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}"); Line Found : user_pref("extensions.Softonic.autoRvrt", "false"); Line Found : user_pref("extensions.Softonic.dfltLng", "nl"); Line Found : user_pref("extensions.Softonic.dfltSrch", true); Line Found : user_pref("extensions.Softonic.dnsErr", true); Line Found : user_pref("extensions.Softonic.excTlbr", false); Line Found : user_pref("extensions.Softonic.ffxUnstlRst", false); Line Found : user_pref("extensions.Softonic.hmpg", true); Line Found : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=&mi=44cbae7c00000000000020cf30c44a94"); Line Found : user_pref("extensions.Softonic.hpOld0", "about:home"); Line Found : user_pref("extensions.Softonic.id", "44cbae7c00000000000020cf30c44a94"); Line Found : user_pref("extensions.Softonic.instlDay", "15882"); Line Found : user_pref("extensions.Softonic.instlRef", "MOY00011"); Line Found : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc=&mi=44cbae7c00000000000020cf30c44a94&q="); Line Found : user_pref("extensions.Softonic.newTab", true); Line Found : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00011/tb_v1/?SearchSource=15&cc=&mi=44cbae7c00000000000020cf30c44a94"); Line Found : user_pref("extensions.Softonic.prdct", "Softonic"); Line Found : user_pref("extensions.Softonic.prtnrId", "softonic"); Line Found : user_pref("extensions.Softonic.rvrt", "false"); Line Found : user_pref("extensions.Softonic.smplGrp", "none"); Line Found : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Line Found : user_pref("extensions.Softonic.tlbrId", "BASEirobinhoodActive"); Line Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=1&cc=&mi=44cbae7c00000000000020cf30c44a94&q="); Line Found : user_pref("extensions.Softonic.vrsn", "1.8.19.3"); Line Found : user_pref("extensions.Softonic.vrsnTs", "1.8.19.314:55:39"); Line Found : user_pref("extensions.Softonic.vrsni", "1.8.19.3"); Line Found : user_pref("extensions.delta.admin", false); Line Found : user_pref("extensions.delta.aflt", "babsst"); Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Line Found : user_pref("extensions.delta.autoRvrt", "false"); Line Found : user_pref("extensions.delta.dfltLng", "nl"); Line Found : user_pref("extensions.delta.excTlbr", false); Line Found : user_pref("extensions.delta.ffxUnstlRst", true); Line Found : user_pref("extensions.delta.id", "44cbae7c00000000000020cf30c44a94"); Line Found : user_pref("extensions.delta.instlDay", "15940"); Line Found : user_pref("extensions.delta.instlRef", "sst"); Line Found : user_pref("extensions.delta.newTab", false); Line Found : user_pref("extensions.delta.prdct", "delta"); Line Found : user_pref("extensions.delta.prtnrId", "delta"); Line Found : user_pref("extensions.delta.rvrt", "false"); Line Found : user_pref("extensions.delta.smplGrp", "none"); Line Found : user_pref("extensions.delta.tlbrId", "base"); Line Found : user_pref("extensions.delta.tlbrSrchUrl", ""); Line Found : user_pref("extensions.delta.vrsn", "1.8.24.6"); Line Found : user_pref("extensions.delta.vrsnTs", "1.8.24.618:48:28"); Line Found : user_pref("extensions.delta.vrsni", "1.8.24.6"); Line Found : user_pref("extensions.delta_i.babExt", ""); Line Found : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4983"); Line Found : user_pref("extensions.delta_i.srcExt", "ss"); Line Found : user_pref("extensions.helperbar.DockingPositionDown", false); Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false); Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Line Found : user_pref("extensions.helperbar.Visibility", true); Line Found : user_pref("extensions.helperbar.countryiso", "nl"); Line Found : user_pref("extensions.helperbar.downloadprovider", "snapdoocyb"); Line Found : user_pref("extensions.helperbar.installationid", "860a02c4-75fe-4557-a677-ddebd129da4c"); Line Found : user_pref("extensions.helperbar.installdate", "27/07/2013"); Line Found : user_pref("extensions.helperbar.publisher", "snapdoocyb"); Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "about:home"); Line Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10061&barid={4F09F2D2-09A4-11E3-B069-20CF30C44A94}"); ************************* AdwCleaner[R0].txt - [10773 octets] - [26/08/2013 08:51:30] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10834 octets] ##########

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:41:24, on 23-8-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16660) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files (x86)\Logitech\Vid HD\Vid.exe C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe C:\Program Files (x86)\Workrave\lib\Workrave.exe C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\Logitech\LWS\LU\***nchr.exe C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=860a02c4-75fe-4557-a677-ddebd129da4c&searchtype=ds&q={searchTerms}&installDate=27/07/2013 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=860a02c4-75fe-4557-a677-ddebd129da4c&searchtype=ds&q={searchTerms}&installDate=27/07/2013 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10061&barid={4F09F2D2-09A4-11E3-B069-20CF30C44A94} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10061&barid={4F09F2D2-09A4-11E3-B069-20CF30C44A94} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=860a02c4-75fe-4557-a677-ddebd129da4c&searchtype=ds&q={searchTerms}&installDate=27/07/2013 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=860a02c4-75fe-4557-a677-ddebd129da4c&searchtype=ds&q={searchTerms}&installDate=27/07/2013 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\SMINST\Launcher.exe O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode O4 - HKCU\..\Run: [iE New Window Maximizer] C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe O4 - HKCU\..\Run: [Workrave] C:\Program Files (x86)\Workrave\lib\workrave.exe O4 - HKCU\..\Run: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" O4 - HKCU\..\Run: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard O4 - HKCU\..\Run: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" O4 - HKUS\S-1-5-18\..\Run: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user') O4 - Startup: Logitech . Productregistratie.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Acronis Nonstop Backup-service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13165 bytes

Hallo, bij open internet (Firefox) krijg ik de volgende melding (zie bijlage). Mijn schijven zijn absoluut nog niet vol dus vertrouw ik het niet. Wat moet ik hier mee! Alvast dank. Chrisv

Hallo, Als ik bestanden op wil slaan op bepaalde plaatsen, krijg ik de soms melding dat ik dat niet mag omdat ik geen beheerders rechten heb (!). Zie afbeelding in bijlage. Hoe kan ik dat aanpassen? alvast dank. chrisv

Hallo, Ik probeer mijn wachtwoorden voor veelgebruikte sites te laten onthouden in Firefox. Ik heb allerlei instellingen geprobeerd, maar ik kom niet verder. Ik kan het veld 'wachtwoorden onthouden' niet aanvinken (is grijs), zie afbeelding in bijlage. Wie kan me helpen. alvast dank!

Helaas, had ik al gedaan, maar op ik moet nu telkens mijnwachtwoord ingeven! chrisv

Hallo, Ben inderdaad oude wachtwoord kwijt. Dank hiervoor. Een nieuw probleem is dat mijn nieuwe wachtwoord juist NIET onthouden wordt. Ik moet dus telkens mijn wachtwoord intyepn; Hoe stel ik dat in? Alvast dank. chrisv

Had ik al geprobeerd, maar werkt niet. Bedankt, maar helaas! chrisv