malware

[anke marquetecken]

Zoek.exe Version 4.0.0.4 Updated 26-08-2013

Tool run by Anke on do 29/08/2013 at 18:04:04,80.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86

Running in: Safe Mode NETWORK Internet Access Detected

Launched: C:\Users\Anke\Desktop\zoek.scr [script inserted]

==== Creating Sample_20132908_1806.zip ======================

Copied file C:\Windows\System32\BroomData.bit to sample\BroomData.bit

sample\BroomData.bit renamed to 6C59BBD6B87C73DDEDA11486BE4A1C65

C:\Users\Public\Desktop\sample_20132908_1806.zip created successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Utility Chest Search Scope Monitor"=-

"UtilityChest_49 Browser Plugin Loader"=-

"FromDocToPDF Search Scope Monitor"=-

"FromDocToPDF_65 Browser Plugin Loader"=-

"VideoDownloadConverter Search Scope Monitor"=-

"VideoDownloadConverter_4z Browser Plugin Loader"=-

"ApnTBMon"=-

==== Deleting Files \ Folders ======================

"C:\PROGRA~1\UTILIT~2" not found

"C:\PROGRA~1\FROMDO~2" not found

"C:\PROGRA~1\VIDEOD~2" not found

"C:\Program Files\AskPartnerNetwork" not found

"C:\users\Anke\AppData\Local\UtilityChest_49" deleted

"C:\ProgramData\1E3BC" deleted

"C:\ProgramData\25192" deleted

"C:\ProgramData\332E5" deleted

"C:\ProgramData\YTD Video Downloader" deleted

"C:\ProgramData\TEMP" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-08-11 11:45:34 05D59FA456E407BBEB59C8590E6B27B0 19822 ----a-w- C:\Windows\prodsett_copy.ini

====== C:\Users\Anke\AppData\Local\Temp ====

====== C:\Windows\system32 =====

2013-08-28 05:14:59 6C59BBD6B87C73DDEDA11486BE4A1C65 424 ----a-w- C:\Windows\System32\BroomData.bit

====== C:\Windows\system32\drivers =====

2013-08-26 19:26:38 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-14 06:19:20 4E8B9BE71B807B3BAEDB7F4243F85E3C 1293760 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-08-14 06:18:16 B37B08F2E5EEB1A37E448E09BACE1101 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-08-11 11:46:42 18DA737DD5122A475DA4948ED4643675 44240 ----a-w- C:\Windows\System32\drivers\fsbts.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-08-28 19:01:52 -------- d-----w- C:\Program Files\WinRAR

2013-08-27 14:05:05 -------- d-----w- C:\Program Files\7-Zip

2013-08-27 12:05:08 -------- d-----w- C:\Program Files\Trend Micro

2013-08-26 15:46:31 -------- d-----w- C:\Program Files\Common Files\Common Toolkit Suite

2013-08-26 15:46:30 -------- d-----w- C:\Program Files\Fighters

2013-08-11 11:40:58 -------- d-----w- C:\Program Files\F-Secure

2013-08-02 10:43:16 -------- d-----w- C:\Program Files\WinZip

2013-08-02 10:42:14 -------- d-----w- C:\Program Files\GreenTree Applications

======= C: =====

====== C:\Users\Anke\AppData\Roaming ======

2013-08-29 10:54:25 -------- d-----w- C:\users\Anke\AppData\Local\Temp

2013-08-28 19:01:56 -------- d-----w- C:\users\Anke\AppData\Roaming\WinRAR

2013-08-28 19:01:56 -------- d-----w- C:\users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-08-28 16:35:00 -------- d-----w- C:\users\Anke\AppData\Local\ElevatedDiagnostics

2013-08-26 15:46:50 -------- d-----w- C:\users\Anke\AppData\Roaming\Fighters

2013-08-13 05:12:17 -------- d-----w- C:\users\Anke\AppData\Local\F-Secure

2013-08-05 10:59:10 -------- d-----w- C:\users\Anke\AppData\Roaming\Google

2013-08-02 10:43:35 -------- d-----w- C:\users\Anke\AppData\Local\WinZip

2013-08-01 15:51:06 -------- d-----w- C:\users\Anke\AppData\Local\Programs

====== C:\Users\Anke ======

2013-08-29 07:03:11 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920 (1).exe

2013-08-28 19:01:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-08-28 19:01:47 7784ACAC132C27E20B7A59688D6114FA 1886165 ----a-w- C:\Users\Anke\Downloads\wrar420nl.exe

2013-08-28 19:01:34 8B265CCA436DF81B113B9A43A215E4D9 2023116 ----a-w- C:\Users\Anke\Downloads\winrar-x64-420nl.exe

2013-08-27 20:31:29 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner (1).exe

2013-08-27 20:30:44 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner.exe

2013-08-27 14:05:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

2013-08-27 14:03:27 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920.exe

2013-08-26 19:25:43 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anke\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-26 15:47:11 -------- d-----w- C:\ProgramData\clp

2013-08-26 15:46:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters

2013-08-26 15:46:29 -------- d-----w- C:\ProgramData\Common Toolkit Suite

2013-08-26 15:45:25 -------- d-----w- C:\ProgramData\Fighters

2013-08-26 15:44:34 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter (1).exe

2013-08-26 15:44:29 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter.exe

2013-08-11 11:41:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure

2013-08-11 11:39:19 -------- d-----w- C:\ProgramData\F-Secure

2013-08-02 10:43:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

2013-08-02 10:43:17 -------- d-----w- C:\ProgramData\WinZip

====== C: exe-files ==

2013-08-29 07:03:11 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920 (1).exe

2013-08-28 19:01:52 9A31F7D5248712D6725234C6B16CEC18 270336 ----a-w- C:\Program Files\WinRAR\UnRAR.exe

2013-08-28 19:01:52 8BABC98395F0D8FC0968982237B1BC8F 404992 ----a-w- C:\Program Files\WinRAR\Rar.exe

2013-08-28 19:01:52 4C2298BF181AE43A2864AC8B53A119E3 123904 ----a-w- C:\Program Files\WinRAR\Uninstall.exe

2013-08-28 19:01:52 31EF2CA5D8E806F3B03450DD18FBBB3F 1159168 ----a-w- C:\Program Files\WinRAR\WinRAR.exe

2013-08-28 19:01:47 7784ACAC132C27E20B7A59688D6114FA 1886165 ----a-w- C:\Users\Anke\Downloads\wrar420nl.exe

2013-08-28 19:01:34 8B265CCA436DF81B113B9A43A215E4D9 2023116 ----a-w- C:\Users\Anke\Downloads\winrar-x64-420nl.exe

2013-08-27 20:31:29 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner (1).exe

2013-08-27 20:30:44 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner.exe

2013-08-27 19:16:10 A58B53D5CD6EEC9A7C3A9DFB37D65563 273344 ----a-w- C:\ProgramData\F-Secure\FSAUA\guts.sp.f-secure.com\content\CS_12_83_104_WIN32\4\upgrade\setup\setup.exe

2013-08-27 14:05:12 78E662D435A8E1F5B9CED236FD331856 58641 ----a-w- C:\Program Files\7-Zip\Uninstall.exe

2013-08-27 14:03:27 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920.exe

2013-08-26 19:25:43 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anke\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-26 15:44:34 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter (1).exe

2013-08-26 15:44:29 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter.exe

=== C: other files ==

2013-08-29 16:06:39 546546C035EE6F240F10F87BBAC219E1 955 ----a-w- C:\Users\Public\Desktop\sample_20132908_1806.zip

2013-08-26 19:26:38 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-26 15:47:15 D797DEDB640403160DAA5AAF5A28AF7E 18789 ----a-w- C:\ProgramData\Common Toolkit Suite\AVEngine\Defs\ide\index.zip

2013-08-26 15:47:15 0883F8A64966204667BE74FC0A75908B 3790 ----a-w- C:\ProgramData\Common Toolkit Suite\AVEngine\Defs\vdb\index.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-766547166-3330058944-3535508039-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe --lightmode"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"F-Secure Hoster (666)"="C:\Program Files\F-Secure\fshoster32.exe -app -hosterid:1"

"F-Secure Manager"="C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE /splash"

"CommonToolkitTray"="C:\Program Files\Fighters\Tray\FightersTray.exe"

"SWPROguard"="C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe --lightmode"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==== Startup Folders ======================

2013-04-02 17:44:49 2004 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16/07/2013 14:06]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/03/2013 22:31]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/03/2013 22:31]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\ad6ajl7f.default

- FromDocToPDF - %ProfilePath%\extensions\65ffxtbr@FromDocToPDF_65.com

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Deleting Files \ Folders ======================

"C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\ad6ajl7f.default\extensions\65ffxtbr@FromDocToPDF_65.com" deleted

==== Chrome Look ======================

Google Docs - Anke - Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Anke - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Anke - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Anke - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Profile Visitors for Facebook - Anke - Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk

Web Video Solution - Anke - Default\Extensions\lehjhdjciofcglicaidnlfleggadgfpk

Helper extension - Anke - Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla

Secure Downloader - Anke - Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol

Card number - Anke - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Anke - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Users\Anke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\Anke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Anke\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on do 29/08/2013 at 18:13:04,06 ======================

[Mako]

Hallo,

Kan je nu al opnieuw opstarten in Normale modus?

Indien dit lukt doe dan nog even volgende aub (je hoeft dit enkel te doen als opstarten in Normale modus lukt):

• 
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
  • Running processes
    
  • Recently Created
    
  • Startup Information
    
  • Installed Programs
    
  • Firefox Look
    
  • Chrome Look
    
  • Silent Runners
    
  • System Restore Point
    
  • Shortcut Fix
    
  • Auto Clean

  [*] Klik nu op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Op je bureaublad zie je normaal nu volgend bestand staan: sample_20132908_1806.zip.

Kan je dit even uploaden naar Gratis bestanden delen en uploaden via Mijn Bestand! en in je volgende bericht de link meegeven aub. Zo kunnen we dit verder analyseren.

[anke marquetecken]

nee, ik sta nog op veilige modus, als ik opstart, blijf ik op zwart scherm staan. ik kan wel een pijltje bewegen:dong:

[anke marquetecken]

ik ben net op gewone modus geraakt, heel traag. ga zo logje sturen

[anke marquetecken]

Zoek.exe Version 4.0.0.4 Updated 26-08-2013

Tool run by Anke on do 29/08/2013 at 19:29:51,04.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Anke\Desktop\zoek.scr [Checkboxes used]

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe

C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe

C:\Program Files\F-Secure\fshoster32.exe

C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Fighters\FighterSuiteService.exe

C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE

C:\Windows\system32\sppsvc.exe

C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\F-Secure\fshoster32.exe

C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE

C:\Program Files\Fighters\Tray\FightersTray.exe

C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe

C:\Program Files\BearShare Applications\BearShare\BearShare.exe

C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Anke\Desktop\zoek.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

==== System Restore Info ======================

29/08/2013 19:34:42 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

7-Zip 9.20

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.03) - Nederlands

Ask Toolbar

BearShare

Computer Security 12.83.104.0 (release)

Debut Video Capture Software

DownLite

F-Secure

F-Secure CCF Reputation

F-Secure CCF Scanning 1.23.124.8831 (release)

F-Secure Network CCF 1.02.128

Fighters

FromDocToPDF Toolbar

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

HiJackThis

iLivid

Java 7 Update 25

Java Auto Updater

Malwarebytes Anti-Malware versie 1.75.0.1300

McAfee Security Scan Plus

Microsoft .NET Framework 4 Client Profile

Microsoft Silverlight

Mozilla Firefox 19.0.2 (x86 nl)

Mozilla Maintenance Service

Online Safety 2.83.1329.952

Panda Cloud Cleaner

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

SPYWAREfighter

SweetIM Bundle by SweetPacks

SweetPacks Updater Service

TornTV

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Utility Chest Toolbar

VideoDownloadConverter Toolbar

VideoPad Video Editor

Windows Movie Maker 2.6

WinRAR 4.20 (32-bit)

WinZip 17.5

YTD Video Downloader 4.4

==== Deleting Services ======================

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-08-11 11:45:34 05D59FA456E407BBEB59C8590E6B27B0 19822 ----a-w- C:\Windows\prodsett_copy.ini

====== C:\Users\Anke\AppData\Local\Temp ====

====== C:\Windows\system32 =====

2013-08-28 05:14:59 6C59BBD6B87C73DDEDA11486BE4A1C65 424 ----a-w- C:\Windows\System32\BroomData.bit

====== C:\Windows\system32\drivers =====

2013-08-26 19:26:38 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-14 06:19:20 4E8B9BE71B807B3BAEDB7F4243F85E3C 1293760 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-08-14 06:18:16 B37B08F2E5EEB1A37E448E09BACE1101 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-08-11 11:46:42 18DA737DD5122A475DA4948ED4643675 44240 ----a-w- C:\Windows\System32\drivers\fsbts.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-08-28 19:01:52 -------- d-----w- C:\Program Files\WinRAR

2013-08-27 14:05:05 -------- d-----w- C:\Program Files\7-Zip

2013-08-27 12:05:08 -------- d-----w- C:\Program Files\Trend Micro

2013-08-26 15:46:31 -------- d-----w- C:\Program Files\Common Files\Common Toolkit Suite

2013-08-26 15:46:30 -------- d-----w- C:\Program Files\Fighters

2013-08-11 11:40:58 -------- d-----w- C:\Program Files\F-Secure

2013-08-02 10:43:16 -------- d-----w- C:\Program Files\WinZip

2013-08-02 10:42:14 -------- d-----w- C:\Program Files\GreenTree Applications

======= C: =====

====== C:\Users\Anke\AppData\Roaming ======

2013-08-29 16:10:12 -------- d-----w- C:\users\Anke\AppData\Local\Temp

2013-08-28 19:01:56 -------- d-----w- C:\users\Anke\AppData\Roaming\WinRAR

2013-08-28 19:01:56 -------- d-----w- C:\users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-08-28 16:35:00 -------- d-----w- C:\users\Anke\AppData\Local\ElevatedDiagnostics

2013-08-26 15:46:50 -------- d-----w- C:\users\Anke\AppData\Roaming\Fighters

2013-08-13 05:12:17 -------- d-----w- C:\users\Anke\AppData\Local\F-Secure

2013-08-05 10:59:10 -------- d-----w- C:\users\Anke\AppData\Roaming\Google

2013-08-02 10:43:35 -------- d-----w- C:\users\Anke\AppData\Local\WinZip

2013-08-01 15:51:06 -------- d-----w- C:\users\Anke\AppData\Local\Programs

====== C:\Users\Anke ======

2013-08-29 17:25:04 -------- d-----w- C:\ProgramData\41FD

2013-08-29 07:03:11 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920 (1).exe

2013-08-28 19:01:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-08-28 19:01:47 7784ACAC132C27E20B7A59688D6114FA 1886165 ----a-w- C:\Users\Anke\Downloads\wrar420nl.exe

2013-08-28 19:01:34 8B265CCA436DF81B113B9A43A215E4D9 2023116 ----a-w- C:\Users\Anke\Downloads\winrar-x64-420nl.exe

2013-08-27 20:31:29 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner (1).exe

2013-08-27 20:30:44 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner.exe

2013-08-27 14:05:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

2013-08-27 14:03:27 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920.exe

2013-08-26 19:25:43 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anke\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-26 15:47:11 -------- d-----w- C:\ProgramData\clp

2013-08-26 15:46:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters

2013-08-26 15:46:29 -------- d-----w- C:\ProgramData\Common Toolkit Suite

2013-08-26 15:45:25 -------- d-----w- C:\ProgramData\Fighters

2013-08-26 15:44:34 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter (1).exe

2013-08-26 15:44:29 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter.exe

2013-08-11 11:41:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure

2013-08-11 11:39:19 -------- d-----w- C:\ProgramData\F-Secure

2013-08-02 10:43:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

2013-08-02 10:43:17 -------- d-----w- C:\ProgramData\WinZip

====== C: exe-files ==

2013-08-28 19:01:52 9A31F7D5248712D6725234C6B16CEC18 270336 ----a-w- C:\Program Files\WinRAR\UnRAR.exe

2013-08-28 19:01:52 8BABC98395F0D8FC0968982237B1BC8F 404992 ----a-w- C:\Program Files\WinRAR\Rar.exe

2013-08-28 19:01:52 4C2298BF181AE43A2864AC8B53A119E3 123904 ----a-w- C:\Program Files\WinRAR\Uninstall.exe

2013-08-28 19:01:52 31EF2CA5D8E806F3B03450DD18FBBB3F 1159168 ----a-w- C:\Program Files\WinRAR\WinRAR.exe

2013-08-27 19:16:10 A58B53D5CD6EEC9A7C3A9DFB37D65563 273344 ----a-w- C:\ProgramData\F-Secure\FSAUA\guts.sp.f-secure.com\content\CS_12_83_104_WIN32\4\upgrade\setup\setup.exe

2013-08-27 14:05:12 78E662D435A8E1F5B9CED236FD331856 58641 ----a-w- C:\Program Files\7-Zip\Uninstall.exe

=== C: other files ==

2013-08-29 16:06:39 546546C035EE6F240F10F87BBAC219E1 955 ----a-w- C:\Users\Public\Desktop\sample_20132908_1806.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-766547166-3330058944-3535508039-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe --lightmode"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"F-Secure Hoster (666)"="C:\Program Files\F-Secure\fshoster32.exe -app -hosterid:1"

"F-Secure Manager"="C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE /splash"

"CommonToolkitTray"="C:\Program Files\Fighters\Tray\FightersTray.exe"

"SWPROguard"="C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe --lightmode"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==== Startup Folders ======================

2013-04-02 17:44:49 2004 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16/07/2013 14:06]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/03/2013 22:31]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/03/2013 22:31]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Chrome Look ======================

Google Docs - Anke - Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Anke - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Anke - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Anke - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Profile Visitors for Facebook - Anke - Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk

Web Video Solution - Anke - Default\Extensions\lehjhdjciofcglicaidnlfleggadgfpk

Helper extension - Anke - Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla

Secure Downloader - Anke - Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol

Card number - Anke - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Anke - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== shortcuts on Users Desktops ======================

C:\Users\Anke\Desktop\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe

C:\Users\Anke\Desktop\BearShare.lnk - C:\Program Files\BearShare Applications\BearShare\BearShare.exe

C:\Users\Anke\Desktop\Doorgaan Revo Uninstaller Installatie.lnk - C:\Users\Anke\AppData\Local\Temp\ICReinstall_revo-uninstaller.exe /RR

C:\Users\Anke\Desktop\HiJackThis.lnk - C:\Users\Anke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Users\Public\Desktop\Browser Choice.lnk - C:\Windows\System32\browserchoice.exe /launch

C:\Users\Public\Desktop\Debut Video Capture Software.lnk - C:\Program Files\NCH Software\Debut\debut.exe

C:\Users\Public\Desktop\F-Secure.lnk - C:\Program Files\F-Secure\trigger.exe --open-launchpad --operator-id 666

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.318\mcuicnt.exe SecurityScanner.dll

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk - C:\Program Files\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe

C:\Users\Public\Desktop\SPYWAREfighter.lnk - C:\Program Files\Fighters\FighterLauncher.exe SWPRO

C:\Users\Public\Desktop\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe

C:\Users\Public\Desktop\WinZip.lnk - C:\Program Files\WinZip\WINZIP32.EXE

==== shortcuts in Users Start Menu ======================

C:\Users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BearShare.lnk - C:\Program Files\BearShare Applications\BearShare\BearShare.exe

C:\Users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Anke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR-handleiding.lnk - C:\Program Files\WinRAR\Rar.txt

C:\Users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\WinRAR.chm

C:\Users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk - C:\Program Files\WinZip\WINZIP32.EXE

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk - C:\Program Files\7-Zip\7-zip.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure\F-Secure.lnk - C:\Program Files\F-Secure\trigger.exe --open-launchpad --operator-id 666

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure\Support Tool.lnk - C:\Program Files\F-Secure\diagnostics\fsdiag.exe /OPERATORID:666

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Deïnstalleren.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Repareren.lnk - C:\Program Files\Fighters\SPYWAREfighter\Uninstall.exe Reinstall

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\SPYWAREfighter.lnk - C:\Program Files\Fighters\FighterLauncher.exe SWPRO

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Tools voor Ondersteuning\Logbestanden.lnk - C:\ProgramData\Common Toolkit Suite\AVEngine\Logs

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Tools voor Ondersteuning\Verzamel logbestanden.lnk - C:\Program Files\Fighters\LogFilesCollector.exe /product:SWPRO

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Tools voor Ondersteuning\Vraag Ondersteuning aan.lnk - C:\Program Files\Fighters\ShortcutLauncher.exe "C:\Program Files\Fighters\FighterLauncher.exe" "/goto=Support /pcode=SWPRO"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Veelgestelde vragen en Licentieovereenkomst\Licentieovereenkomst.lnk - C:\Program Files\Fighters\SPYWAREfighter\Documents\EULA.rtf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Veelgestelde vragen en Licentieovereenkomst\Privacy.lnk - C:\Program Files\Fighters\ShortcutLauncher.exe "C:\Program Files\Fighters\FighterLauncher.exe" "/goto=Privacy /pcode=SWPRO"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Veelgestelde vragen en Licentieovereenkomst\Veelgestelde Vragen.lnk - C:\Program Files\Fighters\ShortcutLauncher.exe "C:\Program Files\Fighters\FighterLauncher.exe" "/goto=Help /pcode=SWPRO"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda Cloud Cleaner\Panda Cloud Cleaner.lnk - C:\Program Files\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda Cloud Cleaner\Uninstall Panda Cloud Cleaner.lnk - C:\Program Files\Panda Security\Panda Cloud Cleaner\unins001.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR-handleiding.lnk - C:\Program Files\WinRAR\Rar.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\WinRAR.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 17.5.lnk - C:\Program Files\WinZip\WINZIP32.EXE

==== shortcuts in Quick Launch ======================

C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk - C:\Program Files\BearShare Applications\BearShare\BearShare.exe

C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BearShare.lnk - C:\Program Files\BearShare Applications\BearShare\BearShare.exe

C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, Silent Runners - Adware? Disinfect, don't reformat!

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

BearShare = "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" --lightmode [MusicLab, LLC]

swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]

SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]

F-Secure Hoster (666) = "C:\Program Files\F-Secure\fshoster32.exe" -app -hosterid:1 [F-Secure Corporation]

F-Secure Manager = "C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash [F-Secure Corporation]

CommonToolkitTray = C:\Program Files\Fighters\Tray\FightersTray.exe [sPAMfighter ApS]

SWPROguard = C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe [sPAMfighter]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\(Default) = MSS+ Identifier

-> {HKLM...CLSID} = MSS+ Identifier

\InProcServer32\(Default) = C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [McAfee, Inc.]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = Java Plug-In SSV Helper

\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = Google Toolbar Helper

\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = Java Plug-In 2 SSV Helper

\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{E0D79304-84BE-11CE-9641-444553540000} = WinZip

-> {HKLM...CLSID} = WinZip

\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

{E0D79305-84BE-11CE-9641-444553540000} = WinZip

-> {HKLM...CLSID} = WinZip

\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

{E0D79307-84BE-11CE-9641-444553540000} = WinZip

-> {HKLM...CLSID} = WinZip

\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

{E0D79306-84BE-11CE-9641-444553540000} = WinZip

-> {HKLM...CLSID} = WinZip

\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension

-> {HKLM...CLSID} = 7-Zip Shell Extension

\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension

-> {HKLM...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> BootExecute = autocheck autochk *|PCloudBroom.exe \systemroot\system32\BroomData.bit [file not found]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}

-> {HKLM...CLSID} = 7-Zip Shell Extension

\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000}

-> {HKLM...CLSID} = WinZip

\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

{23814B80-52A2-11d0-BC1A-004095606CB9}\(Default) = F-Secure

-> {HKLM...CLSID} = FSAV Shell Extension

\InProcServer32\(Default) = C:\Program Files\F-Secure\apps\ComputerSecurity\Common\fpshx.dll [F-Secure Corporation]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM...CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}

-> {HKLM...CLSID} = 7-Zip Shell Extension

\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]

WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000}

-> {HKLM...CLSID} = WinZip

\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}

-> {HKLM...CLSID} = 7-Zip Shell Extension

\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]

WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000}

-> {HKLM...CLSID} = WinZip

\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info

-> {HKLM...CLSID} = PDF Shell Extension

\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM...CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000}

-> {HKLM...CLSID} = WinZip

\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

{23814B80-52A2-11d0-BC1A-004095606CB9}\(Default) = F-Secure

-> {HKLM...CLSID} = FSAV Shell Extension

\InProcServer32\(Default) = C:\Program Files\F-Secure\apps\ComputerSecurity\Common\fpshx.dll [F-Secure Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000}

-> {HKLM...CLSID} = WinZip

\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

SCRNSAVE.EXE = C:\Users\Anke\Desktop\zoek.scr [smeenk]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BSMediaPlayerOnArrival\

Provider = BearShare

ProgID = BearShare.LauncherEventHandler

HKLM\SOFTWARE\Classes\BearShare.LauncherEventHandler\CLSID\(Default) = {A7A4A19A-00AC-473c-8225-1B97D1FDD43E}

-> {HKLM...CLSID} = CLauncherEventHandler Object

\LocalServer32\(Default) = "C:\Program Files\BearShare Applications\BearShare\Launcher.exe" [MusicLab, LLC]

BSShowCDAudioOnArrival\

Provider = BearShare

InvokeProgID = BearShare.Device

InvokeVerb = show

HKLM\SOFTWARE\Classes\BearShare.Device\shell\show\Command\(Default) = C:\Program Files\BearShare Applications\BearShare\BearShare.exe --showportable = 1 %L [MusicLab, LLC]

BSShowVolumeOnArrival\

Provider = BearShare

InvokeProgID = BearShare.Device

InvokeVerb = show

HKLM\SOFTWARE\Classes\BearShare.Device\shell\show\Command\(Default) = C:\Program Files\BearShare Applications\BearShare\BearShare.exe --showportable = 1 %L [MusicLab, LLC]

WIA_{A9881427-0855-447F-8526-CA8CEF5AFFFB}\

Provider = WinZip

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files\WinZip\WINZIP32.EXE /wia;

-> {HKLM...CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

Startup items in "Anke" & "All Users" startup folders:

------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}

McAfee Security Scan Plus -> shortcut to: C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [McAfee, Inc.]

Non-disabled Scheduled Tasks: {++}

-----------------------------

C:\Windows\System32\Tasks

Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]

CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS]

GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.]

GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]

{DC59F82F-B959-4CFC-9375-92CEC31EF5BF} -> launches: C:\Windows\system32\pcalua.exe -a D:\DirectX\DIRECTX.EXE -d D:\DirectX [MS]

{DFE546B5-1E08-4982-A05A-36BD0E91BE3F} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Anke\Documents\gezinsbond\gezinsbond\Gezinsbond.exe -d C:\Users\Anke\Documents\gezinsbond\gezinsbond [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}

-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience

AitAgent -> launches: aitagent [MS]

ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk

Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]

KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}

-> {HKLM...CLSID} = KernelCeipCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]

UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}

-> {HKLM...CLSID} = UsbCeip

\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis

Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}

-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location

Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance

WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}

-> {HKLM...CLSID} = WinSAT Task Manger Task

\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]

ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]

DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]

ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]

InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]

mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]

mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]

MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]

ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]

OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]

OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]

PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]

PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]

PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]

PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]

PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]

RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]

ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]

SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]

StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]

UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic

CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}

-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}

-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}

-> {HKLM...CLSID} = HotStart User Agent

\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}

-> {HKLM...CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace

GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics

AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}

-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler

\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras

MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}

-> {HKLM...CLSID} = RasMobilityManager

\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry

RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}

-> {HKLM...CLSID} = RegistryIdleBackupHandler

\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}

-> {HKLM...CLSID} = GadgetsManager Class

\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager

Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}

-> {HKLM...CLSID} = RunTask

\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]

IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}

-> {HKLM...CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization

SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}

-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies

ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]

ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform

BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing

UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup

ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet

CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}

-> {HKLM...CLSID} = Wininet Cache task object

\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\NCH Software

DebutReminder -> launches: C:\Program Files\NCH Software\Debut\Debut.exe -shakeicon [NCH Software]

VideoPadDowngrade -> launches: C:\Program Files\NCH Software\VideoPad\videopad.exe -downgrade [NCH Software]

C:\Windows\System32\Tasks\WPD

SqmUpload_S-1-5-21-766547166-3330058944-3535508039-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]

000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]

000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 20

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

-> {HKLM...CLSID} = Google Toolbar

\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)

-> {HKLM...CLSID} = Google Toolbar

\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]

AV Engine Scanning Service, AV Engine Scanning Service, C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe [Preventon Technologies Limited]

AV Watch Service, AV Watch Service, C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe [Preventon Technologies Limited]

F-Secure Dll Hoster, fshoster, "C:\Program Files\F-Secure\fshoster32.exe" -hosterid:0 [F-Secure Corporation]

F-Secure ORSP Client, FSORSPClient, "C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe" [F-Secure Corporation]

FSMA, FSMA, "C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE" [F-Secure Corporation]

MBAMScheduler, MBAMScheduler, "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]

MBAMService, MBAMService, "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [Malwarebytes Corporation]

Suite Service, Suite Service, C:\Program Files\Fighters\FighterSuiteService.exe [sPAMfighter ApS]

Safe Mode Drivers & Services (subkey name, subkey default value):

-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> PEVSystemStart, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> PEVSystemStart, Service

==== Empty IE Cache ======================

C:\Users\Anke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\Anke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Anke\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on do 29/08/2013 at 20:04:19,29 ======================

- - - Updated - - -

http://www.mijnbestand.nl/Bestand-RZA4OMLYDWAE.zip

[Mako]

Hallo,

1. Start Zoek.exe nogmaals met het onderstaande script.
   Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
   (hier of hier) kan je lezen hoe je dat doet.
   
   • 
     
   • Dubbelklik op Zoek.exe om de tool te starten.
     
   • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
     
   • Kopieer nu onderstaande code en plak die in het grote invulvenster:
     
   • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
     

      
     Ask Toolbar;u
     FromDocToPDF Toolbar;u
     SweetIM Bundle by SweetPacks;u
     SweetPacks Updater Service;u
     TornTV;u
     Utility Chest Toolbar;u
     VideoDownloadConverter Toolbar;u
     YTD Video Downloader 4.4;u
     ihjbpjahiibmjdlcgodcnmpelpmilamk;chr
     

     
     

   • Klik nu op de knop "Run script".
     
   • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
     
   • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
     
   • Post het geopende logje in het volgende bericht als bijlage.

[*]Download de 32 of 64 bit versie van HitmanPro naar het bureaublad.

• HitmanPro (32bit)
  
• HitmanPro (64bit)

Klik hier voor een uitgebreide handleiding van HitmanPro.

• Dubbelklik op "HitmanPro.exe" en klik op "volgende"
  
• Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
  
• Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
  
• Als de scan klaar is klik je op "volgende"
  
• Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
  
• Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
  
• Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
  Post dit logje.
  
• Klik nu op de knop "Herstarten".

[anke marquetecken]

Zoek.exe Version 4.0.0.4 Updated 30-08-2013

Tool run by Anke on vr 30/08/2013 at 22:09:05,80.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86

Running in: Safe Mode NETWORK Internet Access Detected

Launched: C:\Users\Anke\Desktop\zoek.scr [script inserted]

==== Deleting Files \ Folders ======================

"C:\Windows\Installer\3be7ac.msi" deleted

==== Chrome Look ======================

Google Docs - Anke - Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Anke - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Anke - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Anke - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Profile Visitors for Facebook - Anke - Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk

Web Video Solution - Anke - Default\Extensions\lehjhdjciofcglicaidnlfleggadgfpk

Helper extension - Anke - Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla

Secure Downloader - Anke - Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol

Card number - Anke - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Anke - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Anke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D24574357365A600677A7A857BC03000 deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5347542D-5637-006A-76A7-A758B70C0300} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\UtilityChest_49bar Uninstall deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D24574357365A600677A7A857BC03000 deleted successfully

==== EOF on vr 30/08/2013 at 22:10:02,02 ======================

- - - Updated - - -

HitmanPro_20130830_2214.log

[Mako]

Hoi,

Download AdwCleaner by Xplode naar je bureaublad.

• 
  
• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op Scan.
  
• Klik vervolgens op Clean als er items zijn gevonden.
  
• Klik bij Herstarten Noodzakelijk op OK
  

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[R1].txt.

Post aansluitend de inhoud van dit log in je volgende bericht.

[anke marquetecken]

AdwCleaner[S0].txt

AdwCleaner[R0].txt

[Mako]

Hallo,

Hoe staat het nu met de problemen, nog steeds problemen om op te starten in Normale Modus?