Ga naar inhoud

nzien log


Aanbevolen berichten

Is het mogelijk om deze log na te zien ;-)

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kurt at 2013-12-06 23:25:44
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 189 GB (78%) free of 244 GB
Total RAM: 8183 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:25:47, on 6/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\SysWOW64\wscript.exe
C:\Program Files (x86)\Common Files\Lenovo\dmw.exe
C:\Program Files\trend micro\Kurt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.startpage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Kurt\AppData\Roaming\Speckie\bin32\Speckie32.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\cf57cb29-0b6d-47cb-b654-9fd2ff57f04d.exe /check
O4 - HKLM\..\Run: [TaskMngr] wscript.exe "C:\Program Files (x86)\Common Files\Lenovo\data.js"
O4 - HKCU\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKLM\..\Policies\Explorer\Run: [bootRacer] "C:\Program Files (x86)\BootRacer\Bootrace.exe" /2
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {E6846530-6088-4AA3-932F-C6245CE59A4C} - C:\Users\Kurt\AppData\Roaming\Speckie\bin32\Speckie32.dll
O9 - Extra 'Tools' menuitem: Speckie Instellingen - {E6846530-6088-4AA3-932F-C6245CE59A4C} - C:\Users\Kurt\AppData\Roaming\Speckie\bin32\Speckie32.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BootRacerServ - Greatis Software, LLC - C:\Program Files (x86)\BootRacer\BootRacerServ.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9419 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files (x86)\BootRacer\BootRacerServ.exe"
"C:\Program Files\Sandboxie\SbieSvc.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe"
"C:\Program Files\Sandboxie\SbieCtrl.exe" 
"C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2056
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9876c74a-c436-4e0e-830a-64cda068a603 -SystemEventPortName:HostProcess-74b87c84-c937-4f20-ab2a-9de91a4e31a2 -IoCancelEventPortName:HostProcess-b58d4af4-6123-42f5-a8ec-c0ec47624dcd -NonStateChangingEventPortName:HostProcess-c21c4318-5ecb-4ec4-af46-d0d05919a1a5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e028583d-8d20-4268-b92c-7412108af974 -DeviceGroupId:WpdFsGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\ehome\ehRecvr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"wscript.exe"  "C:\Program Files (x86)\Common Files\Lenovo\data.js"
"C:\Program Files (x86)\Common Files\Lenovo\dmw.exe" about:robots
"C:\Nieuwe map\RSITx64.exe" 
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\EpicUpdateTaskUserS-1-5-21-1628241372-307550257-756114980-1000Core.job
C:\Windows\tasks\EpicUpdateTaskUserS-1-5-21-1628241372-307550257-756114980-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Kurt\AppData\Roaming\Mozilla\Firefox\Profiles\h8veg4sg.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "https://www.google.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.152 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon My Image Garden
"Path"=C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.152 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


C:\Users\Kurt\AppData\Roaming\Mozilla\Firefox\Profiles\h8veg4sg.default\extensions\
donottrackplus@abine.com
facebookBlocker@webgraph.com
idme@abine.com
isreaditlater@ideashower.com
youtubeunblocker@unblocker.yt
{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
{3d7eb24f-2740-49df-8937-200b1cc08f8a}
{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2013-11-24 2486592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-07 545264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CE7F568-67FA-4432-BA39-F5AFD68E7B8B}]
Speckie - C:\Users\Kurt\AppData\Roaming\Speckie\bin64\Speckie64.dll [2013-09-27 472728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2012-08-02 2001984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-07 193520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14 175776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-30 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CE7F568-67FA-4432-BA39-F5AFD68E7B8B}]
Speckie - C:\Users\Kurt\AppData\Roaming\Speckie\bin32\Speckie32.dll [2013-09-27 427160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02 1542720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-30 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2012-08-02 2001984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02 1542720]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14 4372120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BootRacer"=C:\Program Files (x86)\BootRacer\Bootrace.exe [2012-10-18 6357264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2013-10-16 759496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserPlugInHelper]
C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2012-04-03 1273448]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-10-30 3567800]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-10-08 766208]
"20131121"=C:\Program Files\AVAST Software\Avast\setup\emupdate\cf57cb29-0b6d-47cb-b654-9fd2ff57f04d.exe [2013-11-23 180184]
"TaskMngr"=wscript.exe C:\Program Files (x86)\Common Files\Lenovo\data.js []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BootRacer"=C:\Program Files (x86)\BootRacer\Bootrace.exe [2012-10-18 6357264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SynchronousUserGroupPolicy"=0
"SynchronousMachineGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutorun"=0
"NoInstrumentation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=181

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FICV"=ficvdec_x64.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec64.dll
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"msacm.l3codecp"=l3codecp.acm
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-12-06 23:25:44 ----D---- C:\rsit
2013-12-06 23:25:44 ----D---- C:\Program Files\trend micro
2013-12-06 23:25:23 ----D---- C:\Nieuwe map
2013-12-06 21:09:40 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2013-12-06 21:05:35 ----D---- C:\Users\Kurt\AppData\Roaming\AMozilla
2013-11-29 01:47:36 ----D---- C:\Program Files (x86)\Foolish IT
2013-11-29 01:04:54 ----D---- C:\Program Files (x86)\Balabolka
2013-11-28 14:23:48 ----D---- C:\Users\Kurt\AppData\Roaming\Foxit Software
2013-11-28 12:49:07 ----A---- C:\Windows\SYSWOW64\msvcr71.dll
2013-11-28 12:49:07 ----A---- C:\Windows\SYSWOW64\msvcp71.dll
2013-11-28 12:49:06 ----A---- C:\Windows\SYSWOW64\xvidvfw.dll
2013-11-28 12:49:06 ----A---- C:\Windows\SYSWOW64\xvidcore.dll
2013-11-28 12:49:06 ----A---- C:\Windows\SYSWOW64\vp6vfw.dll
2013-11-28 12:49:06 ----A---- C:\Windows\SYSWOW64\msxml3a.dll
2013-11-28 12:49:06 ----A---- C:\Windows\SYSWOW64\mpg4c32.dll
2013-11-28 12:49:06 ----A---- C:\Windows\SYSWOW64\mcdvd_32.dll
2013-11-28 12:49:06 ----A---- C:\Windows\SYSWOW64\GdiPlus.dll
2013-11-28 12:49:06 ----A---- C:\Windows\SYSWOW64\divx.dll
2013-11-27 14:43:49 ----D---- C:\ProgramData\LightScribe
2013-11-21 10:47:07 ----A---- C:\Windows\SYSWOW64\CSVer.dll
2013-11-21 10:47:06 ----D---- C:\Program Files (x86)\Intel
2013-11-21 10:46:50 ----D---- C:\Intel
2013-11-21 10:35:14 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2013-11-19 19:27:15 ----D---- C:\ProgramData\ATI
2013-11-19 19:27:12 ----D---- C:\Program Files (x86)\AMD AVT
2013-11-19 19:26:23 ----D---- C:\Program Files (x86)\ATI Technologies
2013-11-19 19:22:31 ----D---- C:\Program Files\ATI Technologies
2013-11-15 22:14:58 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-11-14 16:00:44 ----D---- C:\Program Files\DiskFresh
2013-11-14 16:00:44 ----A---- C:\Windows\system32\drivers\PuranRefreshDriver.sys
2013-11-14 09:55:32 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-11-14 09:55:32 ----A---- C:\Windows\system32\crypt32.dll
2013-11-14 09:55:31 ----A---- C:\Windows\system32\drivers\afd.sys
2013-11-14 09:55:30 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll
2013-11-14 09:55:30 ----A---- C:\Windows\SYSWOW64\credui.dll
2013-11-14 09:55:30 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-11-14 09:55:30 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 09:55:30 ----A---- C:\Windows\system32\credui.dll
2013-11-14 09:55:30 ----A---- C:\Windows\system32\authui.dll
2013-11-14 09:55:28 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2013-11-14 09:55:28 ----A---- C:\Windows\SYSWOW64\secur32.dll
2013-11-14 09:55:28 ----A---- C:\Windows\SYSWOW64\schannel.dll
2013-11-14 09:55:28 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-11-14 09:55:28 ----A---- C:\Windows\system32\sspisrv.dll
2013-11-14 09:55:28 ----A---- C:\Windows\system32\sspicli.dll
2013-11-14 09:55:28 ----A---- C:\Windows\system32\secur32.dll
2013-11-14 09:55:28 ----A---- C:\Windows\system32\schannel.dll
2013-11-14 09:55:28 ----A---- C:\Windows\system32\ncrypt.dll
2013-11-14 09:55:28 ----A---- C:\Windows\system32\lsass.exe
2013-11-14 09:55:28 ----A---- C:\Windows\system32\lsasrv.dll
2013-11-14 09:55:28 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-11-14 09:55:28 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2013-11-14 09:55:28 ----A---- C:\Windows\system32\drivers\cng.sys
2013-11-14 09:55:27 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2013-11-14 09:55:27 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2013-11-14 09:55:27 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2013-11-14 09:55:27 ----A---- C:\Windows\system32\nshwfp.dll
2013-11-14 09:55:27 ----A---- C:\Windows\system32\IKEEXT.DLL
2013-11-14 09:55:27 ----A---- C:\Windows\system32\gdi32.dll
2013-11-14 09:55:27 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 15:25:21 ----D---- C:\Program Files (x86)\UpWay2Late.com Software
2013-11-13 15:02:35 ----D---- C:\AdwCleaner
2013-11-13 14:02:16 ----SHD---- C:\Windows\SYSWOW64\AI_RecycleBin
2013-11-13 14:02:16 ----D---- C:\Users\Kurt\AppData\Roaming\Speckie
2013-11-13 13:31:02 ----A---- C:\Windows\Sandboxie.ini
2013-11-13 12:19:59 ----D---- C:\ProgramData\Auslogics
2013-11-13 12:17:38 ----D---- C:\Program Files (x86)\Auslogics
2013-11-13 12:11:10 ----D---- C:\Program Files (x86)\Mobogenie
2013-11-10 14:57:37 ----D---- C:\Users\Kurt\AppData\Roaming\stickies
2013-11-09 01:18:20 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2013-11-09 01:18:20 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\wextract.exe
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\url.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\occache.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\msrating.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\msls31.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\mshta.exe
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\jsIntl.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\inseng.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\icardie.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2013-11-09 01:18:18 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\wininet.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\wextract.exe
2013-11-09 01:18:18 ----A---- C:\Windows\system32\webcheck.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\vbscript.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\urlmon.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\url.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-11-09 01:18:18 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-09 01:18:18 ----A---- C:\Windows\system32\pngfilt.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\occache.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\msrating.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\msls31.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\mshtmlmedia.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\mshtmler.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\mshtmled.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\MshtmlDac.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\mshtml.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\mshta.exe
2013-11-09 01:18:18 ----A---- C:\Windows\system32\msfeedssync.exe
2013-11-09 01:18:18 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\msfeeds.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\licmgr10.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\jsproxy.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\jsIntl.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\jscript9diag.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\jscript9.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\jscript.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\inseng.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\imgutil.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\iexpress.exe
2013-11-09 01:18:18 ----A---- C:\Windows\system32\ieUnatt.exe
2013-11-09 01:18:18 ----A---- C:\Windows\system32\ieui.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\iesysprep.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\iesetup.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\iertutil.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\iernonce.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\iepeers.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\ieframe.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\ieetwproxystub.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\ieetwcollector.exe
2013-11-09 01:18:18 ----A---- C:\Windows\system32\iedkcs32.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\ieapfltr.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\ieapfltr.dat
2013-11-09 01:18:18 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\ie4uinit.exe
2013-11-09 01:18:18 ----A---- C:\Windows\system32\icardie.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\elshyph.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\dxtrans.dll
2013-11-09 01:18:18 ----A---- C:\Windows\system32\dxtmsft.dll

======List of files/folders modified in the last 1 month======

2013-12-06 23:25:47 ----D---- C:\Windows\Temp
2013-12-06 23:25:44 ----RD---- C:\Program Files
2013-12-06 23:14:55 ----D---- C:\Users\Kurt\AppData\Roaming\vlc
2013-12-06 22:09:37 ----SD---- C:\Users\Kurt\AppData\Roaming\Microsoft
2013-12-06 21:09:43 ----D---- C:\Windows\System32
2013-12-06 21:09:40 ----RD---- C:\Program Files (x86)
2013-12-06 21:05:34 ----D---- C:\Program Files (x86)\Common Files
2013-12-06 17:52:48 ----D---- C:\Windows\system32\config
2013-12-06 10:12:45 ----D---- C:\Windows\inf
2013-12-06 10:12:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-12-06 10:10:26 ----SHD---- C:\System Volume Information
2013-12-06 10:08:25 ----D---- C:\Windows\system32\Tasks
2013-12-06 10:08:10 ----D---- C:\Program Files (x86)\BootRacer
2013-12-05 21:12:24 ----D---- C:\Windows\SoftwareDistribution
2013-12-05 21:12:10 ----D---- C:\Windows\system32\catroot2
2013-12-05 21:12:03 ----D---- C:\Windows
2013-12-05 21:12:02 ----D---- C:\Windows\debug
2013-12-03 11:53:54 ----D---- C:\Windows\system32\FxsTmp
2013-12-03 10:15:00 ----SHD---- C:\Windows\Installer
2013-11-28 19:25:29 ----HD---- C:\ProgramData
2013-11-28 12:49:09 ----D---- C:\Windows\SysWOW64
2013-11-28 12:42:11 ----D---- C:\Windows\Tasks
2013-11-28 12:38:30 ----D---- C:\Windows\system32\DriverStore
2013-11-28 12:38:30 ----D---- C:\Windows\system32\catroot
2013-11-28 11:11:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-11-27 14:41:22 ----D---- C:\Windows\Cursors
2013-11-24 22:34:58 ----D---- C:\Windows\Panther
2013-11-24 22:34:58 ----D---- C:\Windows\Logs
2013-11-24 22:24:10 ----D---- C:\Users\Kurt\AppData\Roaming\Apple Computer
2013-11-23 19:29:37 ----D---- C:\Program Files\Java
2013-11-22 13:34:30 ----D---- C:\Windows\SYSWOW64\directx
2013-11-21 13:08:03 ----D---- C:\Windows\Microsoft.NET
2013-11-21 10:45:53 ----D---- C:\Windows\Downloaded Program Files
2013-11-21 03:09:09 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-11-19 19:27:13 ----D---- C:\ProgramData\AMD
2013-11-19 19:26:46 ----D---- C:\Windows\system32\drivers
2013-11-19 19:26:20 ----D---- C:\ProgramData\Package Cache
2013-11-19 19:25:01 ----RSD---- C:\Windows\assembly
2013-11-19 19:24:06 ----D---- C:\Windows\SYSWOW64\en-US
2013-11-19 19:24:06 ----D---- C:\Windows\system32\en-US
2013-11-19 19:21:19 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 16:09:27 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-11-15 11:38:00 ----D---- C:\Windows\rescache
2013-11-14 16:26:44 ----D---- C:\Program Files\Common Files
2013-11-14 14:15:27 ----D---- C:\Windows\winsxs
2013-11-14 14:14:05 ----D---- C:\Windows\SYSWOW64\nl-NL
2013-11-14 14:14:05 ----D---- C:\Windows\system32\nl-NL
2013-11-14 12:33:31 ----D---- C:\ProgramData\Microsoft Help
2013-11-14 12:33:04 ----D---- C:\Windows\system32\MRT
2013-11-14 12:32:15 ----A---- C:\Windows\system32\MRT.exe
2013-11-13 15:44:24 ----D---- C:\Users\Kurt\AppData\Roaming\MAGIX
2013-11-13 15:44:22 ----A---- C:\Windows\SYSWOW64\DLLDEV32i.dll
2013-11-13 15:44:20 ----RSD---- C:\Windows\Fonts
2013-11-13 13:30:53 ----D---- C:\Program Files\Sandboxie
2013-11-12 15:20:26 ----HD---- C:\ProgramData\CanonIJMIG
2013-11-11 05:50:16 ----N---- C:\Windows\system32\MpSigStub.exe
2013-11-09 04:12:55 ----D---- C:\Windows\SYSWOW64\migration
2013-11-09 04:12:55 ----D---- C:\Windows\system32\migration
2013-11-09 04:12:55 ----D---- C:\Windows\PolicyDefinitions
2013-11-09 04:12:55 ----D---- C:\Program Files\Internet Explorer
2013-11-09 04:12:55 ----D---- C:\Program Files (x86)\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-10-30 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-10-30 205320]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-10-30 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-10-30 1032416]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-11-09 409832]
R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-10-30 65264]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [2013-09-17 30752]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2013-07-22 126872]
R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-10-30 38984]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-10-30 84328]
R2 hmip;hmip; \??\C:\Windows\system32\Drivers\hmip64.sys [2013-06-19 30056]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-10-08 12534784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-10-08 619008]
R3 anvsnddrv;AnvSoft Virtual Sound Device; C:\Windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-07-05 96256]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service; C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 17920]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-08-27 883928]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2013-10-16 200552]
S2 ASInsHelp;ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys []
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [2013-06-02 31920]
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
S3 NPF;WinPcap Packet Driver (NPF); C:\Windows\system32\drivers\NPF.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-01-05 37888]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService7;Advanced SystemCare Service 7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-10-25 878368]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-10-08 239616]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-30 50344]
R2 BootRacerServ;BootRacerServ; C:\Program Files (x86)\BootRacer\BootRacerServ.exe [2012-05-31 65296]
R2 FreemakeVideoCapture;FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-08-26 9216]
R2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-10-25 2151200]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2013-10-16 186056]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-28 257416]
S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-09 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-18 119920]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 UPnPService;UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-08-03 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------


Link naar reactie
Delen op andere sites

Iets met een java(script?) frame virus. Ik had reeds de recentste java versie. De melding van avast is niet meer teruggekomen. Even afwachten.

Combofix is misschien overbodig omdat het logje clean is?

aangepast door Kurtt
Link naar reactie
Delen op andere sites

Iets met een java(script?) frame virus. Ik had reeds de recentste java versie. De melding van avast is niet meer teruggekomen. Even afwachten. Combofix is misschien overbodig omdat het logje clean is?
Zou nu Combofix zeker nog niet inzetten ... bekijk eerst even of de melding nog terugkeert ?
Link naar reactie
Delen op andere sites

Beste Kurtt,

zojuist trof ik dezelfde malware aan die ook uw computer getroffen lijkt te hebben. Een zoektocht op Google leverde weinig correcte matches op. Omdat ik over het algemeen redelijk thuis ben in het beveiligen van computers en altijd browse met de nodige Firefox addons zoals no-script vroeg ook ik me af hoe dit op mijn computer terecht kwam.

De schuldige is te vinden in de C:\Program Files (x86)\Lenovo map. Hierin staat een soort aangepaste Firefox build die op de achtergrond URL's opvraagt (en god mag weten wat het verder doet) waar uw (en mijn) virusscanner op reageert/reageerde. Sneaky truc, want omdat de executable digitaal gesigneerd is door Mozilla lijkt het minder verdacht.

Ik heb het dmw.exe proces beëindigt (niet te verwarren met dwm.exe) alsook wscript.exe. Vervolgens de hele Lenovo map verwijderd (ik heb immers geen Lenovo PC of software) en met behulp van Ccleaner het Windows startup item verwijderd ([TaskMngr] wscript.exe "C:\Program Files (x86)\Common Files\Lenovo\data.js"). Voor zover ik kan zien lijkt het probleem zo verholpen, als ik meer meemaak laat ik het weten.

Mvg.

aangepast door random142037
Link naar reactie
Delen op andere sites

Ik heb bij msconfig/opstarten het vinkje weggehaald bij "wscript.exe "C:\Program Files (x86)\Common Files\Lenovo\data.js", zodat dit niet meer opstart bij het opstarten van windows

Bij mij staat de Lenovo map in : C:\Program Files (x86)\Common Files\Lenovo. (met daarin een versie van Firefox onder de naam dmw.exe in plaats van firefox.exe) Ik heb ook geen Lenovo. Moet ik die map verwijderen of wachten op een uninstall tooltje van dit virus?

Als ik het vinkje heb weggehaald bij msconfig is ook de service dmw.exe verdwenen.Dat is dus een goed teken.

Ik ga nu de regel verwijderen via ccleaner.

Firefox zit nu niet meer constant websites op te vragen, dus mijn avast is niet meer constant aan het scannen en virussen te melden.

Ik heb nu geen probleem meer, maar moet ik misschien nog dingen doen om zeker te zijn dat het virus weg is? Ik vond het ook al raar dat ik het proces dmw.exe (verwar niet met dwm.exe, want die is wel goed) bij de processen vond, want dat proces ken ik niet, en het verwees naar firefox.exe.

Wat kan ik nu doen om er zeker van te zijn dat alle restjes van het virus verdwenen zijn? Combofix misschien of zijn er geschiktere tooltjes/procedures. Ik hoop geen format, want dit is een ssd en het beste is om windows dan opnieuw te installeren ipv image terug te zetten.

aangepast door Kurtt
Link naar reactie
Delen op andere sites

Download TDSSKiller en plaats het op je bureaublad.

  • Voordat je TDSSKiller uitvoert is het raadzaam om de onderstaande handleiding van TDSSKiller te raadplegen.

    [*] Dubbelklik op TDSSKiller.exe om de tool te starten. (Indien je TDSSKiller als ZIP bestand hebt gedownload dien je deze eerst uit te pakken).

    [*] Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"

    [*] Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.

    [*] Start nu TDSSkiller opnieuw.

    [*] Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.

    51c8a229933ed-tdsskiller.PNG

    [*] Klik op de knop "Start Scan" en volg de instructies.

    • Gebruik nooit de "Delete" of "Quarantaine" optie bij een "Fail signature" melding.
    • Wanneer er een herstart nodig was, vind je de logfile in C:\\TDSSKiller.[Version]_[Date]_[Time]_log.txt
    • Voeg dit log-bestand als bijlage toe aan het volgende bericht.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.