Virus advertenties

[robertl]

Goedemorgen

Sedert enige tijd staan op websites willekeurige woorden onderlijnd die naar advertenties doorverwijzen. Bij het openen van een nieuwe pagina na doorklikken op een correcte link verschijnen ook ongewenste websites.

Via Hijackthis en RSIT volgende logs:

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 11:14:13, on 3/02/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

CHROME: 32.0.1700.102

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe

C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe

C:\Program Files\Mobogenie\DaemonProcess.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Users\Robert\AppData\Local\Lollipop\lollipop_01300815.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\explorer.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Robert\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ViewPassword - {949b3815-2809-4571-9ed9-ce9a1df53914} - C:\Program Files\ViewPassword\150.dll

O2 - BHO: Search Assistant BHO - {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Toolbar BHO - {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbar.dll

O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Allin1Convert - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Allin1Convert EPM Support] "C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hmedint.exe" T8EPMSUP.DLL,S

O4 - HKLM\..\Run: [Allin1Convert Home Page Guard 32 bit] "C:\PROGRA~1\ALLIN1~2\bar\1.bin\AppIntegrator.exe"

O4 - HKLM\..\Run: [Allin1Convert Search Scope Monitor] "C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hsrchmn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [Allin1Convert_8h Browser Plugin Loader] C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe

O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [CAHeadless] C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe -rem

O4 - HKCU\..\Run: [NextLive] C:\Windows\system32\rundll32.exe "C:\Users\Robert\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

O4 - HKCU\..\Run: [lollipop_01300815] "c:\users\robert\appdata\local\lollipop\lollipop_01300815.exe" lollipop_01300815

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2" /build:7601 (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110929130035

O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs:

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll

O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll

O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Allin1ConvertService (Allin1Convert_8hService) - COMPANYVERS_NAME - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbarsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--

End of file - 9178 bytes

Logfile of random's system information tool 1.09 (written by random/random)

Run by Robert at 2014-02-03 11:25:34

Microsoft Windows 7 Professional Service Pack 1

System drive C: has 61 GB (44%) free of 138 GB

Total RAM: 2038 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:25:39, on 3/02/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe

C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe

C:\Program Files\Mobogenie\DaemonProcess.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Users\Robert\AppData\Local\Lollipop\lollipop_01300815.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\DllHost.exe

C:\Users\Robert\AppData\Local\Temp\~nsu.tmp\Au_.exe

C:\Windows\explorer.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\System32\MsSpellCheckingFacility.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Robert\Downloads\RSIT.exe

C:\Program Files\trend micro\Robert.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ViewPassword - {949b3815-2809-4571-9ed9-ce9a1df53914} - C:\Program Files\ViewPassword\150.dll

O2 - BHO: Search Assistant BHO - {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Toolbar BHO - {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbar.dll

O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Allin1Convert - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Allin1Convert EPM Support] "C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hmedint.exe" T8EPMSUP.DLL,S

O4 - HKLM\..\Run: [Allin1Convert Home Page Guard 32 bit] "C:\PROGRA~1\ALLIN1~2\bar\1.bin\AppIntegrator.exe"

O4 - HKLM\..\Run: [Allin1Convert Search Scope Monitor] "C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hsrchmn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [Allin1Convert_8h Browser Plugin Loader] C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe

O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [CAHeadless] C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe -rem

O4 - HKCU\..\Run: [NextLive] C:\Windows\system32\rundll32.exe "C:\Users\Robert\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

O4 - HKCU\..\Run: [lollipop_01300815] "c:\users\robert\appdata\local\lollipop\lollipop_01300815.exe" lollipop_01300815

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2" /build:7601 (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110929130035

O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs:

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll

O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll

O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Allin1ConvertService (Allin1Convert_8hService) - COMPANYVERS_NAME - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbarsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--

End of file - 9864 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\AmiUpdXp.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3071215331-3974172817-2085052823-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3071215331-3974172817-2085052823-1000UA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3071215331-3974172817-2085052823-1001Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3071215331-3974172817-2085052823-1001UA.job

C:\Windows\tasks\ViewPassword Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}]

Virtual Storage Mount Notification - C:\Windows\system32\CbFsMntNtf3.dll [2011-11-04 158224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-27 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{949b3815-2809-4571-9ed9-ce9a1df53914}]

ViewPassword - C:\Program Files\ViewPassword\150.dll [2014-01-28 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}]

Search Assistant BHO - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll [2014-01-25 140360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-18 194128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-27 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}]

Toolbar BHO - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbar.dll [2014-01-25 859720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]

Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2013-10-08 448776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-18 194128]

{cd1a63ba-a08c-431b-9a34-f240aadc728d} - Allin1Convert - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll [2014-01-25 859720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN []

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]

"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440]

"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16 499608]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11 958576]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2014-01-21 98304]

"Allin1Convert EPM Support"=C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hmedint.exe [2014-01-25 12872]

"Allin1Convert Home Page Guard 32 bit"=C:\PROGRA~1\ALLIN1~2\bar\1.bin\AppIntegrator.exe []

"Allin1Convert Search Scope Monitor"=C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hsrchmn.exe [2014-01-25 55368]

"Allin1Convert_8h Browser Plugin Loader"=C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe [2014-01-25 61512]

"mobilegeni daemon"=C:\Program Files\Mobogenie\DaemonProcess.exe [2014-01-28 775872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-31 39408]

"Google Update"=C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27 136176]

"CAHeadless"=C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [2011-09-14 539800]

"AROReminder"=C:\Program Files\ARO 2012\ARO.exe [2012-10-16 2570144]

"NextLive"=C:\Users\Robert\AppData\Roaming\newnext.me\nengine.dll [2014-01-06 1283584]

"lollipop_01300815"=c:\users\robert\appdata\local\lollipop\lollipop_01300815.exe [2014-01-30 3466240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-11-04 158224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-11-04 158224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"VIDC.DIVX"=divx.dll

"VIDC.XVID"=xvidvfw.dll

"VIDC.YV12"=yv12vfw.dll

"msacm.ac3acm"=ac3acm.acm

"msacm.lameacm"=lameACM.acm

"VIDC.FFDS"=ff_vfw.dll

"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-02-03 11:25:34 ----D---- C:\rsit

2014-02-03 11:25:34 ----D---- C:\Program Files\trend micro

2014-02-03 11:09:09 ----D---- C:\Program Files\Adblock Plus for IE

2014-02-03 11:08:59 ----D---- C:\ProgramData\Package Cache

2014-01-28 14:40:28 ----A---- C:\Windows\system32\roboot.exe

2014-01-28 14:40:24 ----D---- C:\Users\Robert\AppData\Roaming\systweak

2014-01-28 14:31:12 ----D---- C:\Users\Robert\AppData\Roaming\newnext.me

2014-01-28 14:30:19 ----D---- C:\Program Files\Mobogenie

2014-01-28 14:29:55 ----D---- C:\Program Files\ViewPassword

2014-01-25 13:44:13 ----D---- C:\Program Files\Allin1Convert_8h

2014-01-21 08:33:24 ----A---- C:\Windows\system32\LPPCD01.ini

2014-01-21 08:30:47 ----A---- C:\Windows\unvise32qt.exe

2014-01-21 08:30:19 ----D---- C:\Windows\system32\QuickTime

2014-01-21 08:30:19 ----D---- C:\Program Files\QuickTime

2014-01-21 08:27:00 ----D---- C:\ProgramData\QuickTime

2014-01-21 08:23:54 ----D---- C:\Program Files\De Kleine Prins

2014-01-16 15:40:29 ----A---- C:\Windows\system32\win32k.sys

2014-01-16 15:40:28 ----A---- C:\Windows\system32\drivers\netio.sys

2014-01-16 15:40:26 ----A---- C:\Windows\system32\drivers\usbport.sys

2014-01-16 15:40:26 ----A---- C:\Windows\system32\drivers\usbhub.sys

2014-01-16 15:40:26 ----A---- C:\Windows\system32\drivers\usbehci.sys

2014-01-16 15:40:26 ----A---- C:\Windows\system32\drivers\usbccgp.sys

2014-01-16 15:40:25 ----A---- C:\Windows\system32\drivers\usbohci.sys

2014-01-16 15:40:25 ----A---- C:\Windows\system32\drivers\usbd.sys

2014-01-16 15:40:22 ----A---- C:\Windows\system32\drivers\usbuhci.sys

2014-01-06 20:23:36 ----A---- C:\Windows\system32\GPhotos.scr

======List of files/folders modified in the last 1 month======

2014-02-03 11:25:34 ----RD---- C:\Program Files

2014-02-03 11:25:27 ----D---- C:\Windows\Temp

2014-02-03 11:20:44 ----D---- C:\Windows\system32\config

2014-02-03 11:09:17 ----SHD---- C:\Windows\Installer

2014-02-03 11:09:01 ----SHD---- C:\System Volume Information

2014-02-03 11:08:59 ----HD---- C:\ProgramData

2014-02-03 11:05:46 ----D---- C:\Windows\system32\Tasks

2014-02-03 11:05:44 ----D---- C:\Windows\Tasks

2014-02-03 11:04:44 ----D---- C:\Windows\System32

2014-02-02 18:03:44 ----D---- C:\Windows\Prefetch

2014-01-29 11:26:00 ----D---- C:\Windows\system32\wdi

2014-01-28 14:51:28 ----AD---- C:\ProgramData\TEMP

2014-01-23 17:08:33 ----D---- C:\Windows\inf

2014-01-23 17:08:33 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-01-21 08:30:49 ----D---- C:\Windows

2014-01-21 08:30:44 ----D---- C:\Program Files\Internet Explorer

2014-01-19 09:57:41 ----D---- C:\Windows\system32\catroot2

2014-01-19 08:32:23 ----N---- C:\Windows\system32\MpSigStub.exe

2014-01-17 09:35:40 ----D---- C:\Windows\winsxs

2014-01-17 09:30:01 ----D---- C:\Windows\system32\drivers

2014-01-17 09:30:00 ----D---- C:\Windows\system32\DriverStore

2014-01-16 21:07:56 ----D---- C:\ProgramData\Microsoft Help

2014-01-16 21:07:20 ----D---- C:\Windows\system32\MRT

2014-01-16 21:05:49 ----A---- C:\Windows\system32\MRT.exe

2014-01-16 15:40:15 ----D---- C:\Windows\system32\catroot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 214696]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-03-19 45648]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]

R1 cbfs3;cbfs3; \??\C:\Windows\system32\drivers\cbfs3.sys [2011-11-04 296592]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]

R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]

S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]

S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]

R2 Allin1Convert_8hService;Allin1ConvertService; C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbarsvc.exe [2014-01-25 88648]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-31 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-28 257416]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-31 135664]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-25 194032]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 108032]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]

-----------------EOF-----------------

Dank je wel voor de moeite!

[kape]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4};c
 C:\Program Files\Allin1Convert_8h;fs
 {5C255C8A-E604-49b4-9D64-90988571CECB};c
 {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797};c
 {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d};c
 {cd1a63ba-a08c-431b-9a34-f240aadc728d};c
 Allin1Convert EPM Support;s
 Allin1Convert Home Page Guard 32 bit;s
 Allin1Convert Search Scope Monitor;s
 Allin1Convert_8h Browser Plugin Loader;s
 mobilegeni daemon;s
 NextLive;s
 C:\Program Files\Mobogenie;fs
 C:\Users\Robert\AppData\Roaming\newnext.me;fs
 lollipop_01300815;s
 c:\users\robert\appdata\local\lollipop;fs
 Allin1Convert_8hService;s
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}];r
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
 "Allin1Convert EPM Support"=-;r
 "Allin1Convert Home Page Guard 32 bit"=-;r
 "Allin1Convert Search Scope Monitor"=-;r
 "Allin1Convert_8h Browser Plugin Loader"=-;r
 "mobilegeni daemon"=-;r
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
 "NextLive"=-;r
 "lollipop_01300815"=-;r
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r
 "AppInit_DLLs"=-;r
 C:\Windows\system32\roboot.exe;f
 C:\Users\Robert\AppData\Roaming\systweak;fs
 C:\Users\Robert\AppData\Roaming\newnext.me;fs
 emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[robertl]

Zoek.exe v5.0.0.0 Updated 31-January-2014

Tool run by Robert on ma 03/02/2014 at 14:26:08,17.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Robert\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

3/02/2014 14:28:53 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\GUM9575.tmp deleted successfully

C:\Users\Robert\AppData\Roaming\Media Player Classic deleted successfully

C:\Users\Leen\AppData\Local\VirtualStore deleted successfully

C:\Users\Robert\AppData\Local\cache deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3071215331-3974172817-2085052823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

HKEY_USERS\S-1-5-21-3071215331-3974172817-2085052823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

HKEY_USERS\S-1-5-21-3071215331-3974172817-2085052823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully

HKEY_USERS\S-1-5-21-3071215331-3974172817-2085052823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully

HKEY_USERS\S-1-5-21-3071215331-3974172817-2085052823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully

HKEY_USERS\S-1-5-21-3071215331-3974172817-2085052823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully

HKEY_USERS\S-1-5-21-3071215331-3974172817-2085052823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully

HKEY_USERS\S-1-5-21-3071215331-3974172817-2085052823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully

HKEY_USERS\S-1-5-21-3071215331-3974172817-2085052823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Allin1Convert_8hService deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Allin1Convert EPM Support"=-

"Allin1Convert Home Page Guard 32 bit"=-

"Allin1Convert Search Scope Monitor"=-

"Allin1Convert_8h Browser Plugin Loader"=-

"mobilegeni daemon"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"NextLive"=-

"lollipop_01300815"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Users\Robert\AppData\Local\Allin1Convert_8h not found

C:\Users\Robert\appdata\locallow\Allin1Convert_8h not found

C:\Users\Robert\AppData\Local\Allin1Convert_8h not found

C:\Users\Robert\AppData\LocalLow\Allin1Convert_8h not found

C:\Users\Robert\AppData\Roaming\newnext.me deleted

c:\users\robert\appdata\local\lollipop deleted

C:\Users\Robert\AppData\Roaming\systweak deleted

C:\Windows\Tasks\ViewPassword update.job deleted

C:\Windows\system32\Tasks\ViewPassword update deleted

C:\Users\Robert\AppData\Local\genienext deleted

C:\Users\Leen\daemonprocess.txt deleted

C:\Users\Robert\.android deleted

C:\Users\Leen\AppData\Roaming\Systweak deleted

C:\Users\Robert\AppData\Roaming\Sammsoft deleted

C:\ProgramData\Package Cache deleted

C:\Users\Robert\AppData\Local\Mobogenie deleted

C:\Users\Robert\AppData\Local\SwvUpdater deleted

C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop deleted

C:\Windows\System32\Tasks\LaunchApp deleted

C:\Users\Leen\AppData\LocalLow\Allin1Convert_8h deleted

C:\Users\Robert\AppData\LocalLow\IAC deleted

C:\Windows\tasks\AmiUpdXp.job deleted

C:\Windows\system32\tasks\AmiUpdXp deleted

C:\Windows\system32\roboot.exe deleted

C:\Users\Robert\Documents\Optimizer Pro deleted

C:\Users\Robert\Documents\Mobogenie deleted

"C:\Users\Robert\daemonprocess.txt" deleted

"C:\Program Files\Mobogenie\DaemonProcess.exe" deleted

"C:\Program Files\Mobogenie\DCR.dll" deleted

"C:\Program Files\Mobogenie\Device.dll" deleted

"C:\Program Files\Mobogenie\libeay32.dll" deleted

"C:\Program Files\Mobogenie\msvcp100.dll" deleted

"C:\Program Files\Mobogenie\msvcr100.dll" deleted

"C:\Program Files\Mobogenie\QtCore4.dll" deleted

"C:\Program Files\Mobogenie\QtGui4.dll" deleted

"C:\Program Files\Mobogenie\QtNetwork4.dll" deleted

"C:\Program Files\Mobogenie\QtSql4.dll" deleted

"C:\Program Files\Mobogenie\QtWebKit4.dll" deleted

"C:\Program Files\Mobogenie\ssleay32.dll" deleted

"C:\Program Files\Mobogenie\DaemonProcess.exe" deleted

"C:\Program Files\Mobogenie\DCR.dll" deleted

"C:\Program Files\Mobogenie\Device.dll" deleted

"C:\Program Files\Mobogenie\libeay32.dll" deleted

"C:\Program Files\Mobogenie\msvcp100.dll" deleted

"C:\Program Files\Mobogenie\msvcr100.dll" deleted

"C:\Program Files\Mobogenie\QtCore4.dll" deleted

"C:\Program Files\Mobogenie\QtGui4.dll" deleted

"C:\Program Files\Mobogenie\QtNetwork4.dll" deleted

"C:\Program Files\Mobogenie\QtSql4.dll" deleted

"C:\Program Files\Mobogenie\QtWebKit4.dll" deleted

"C:\Program Files\Mobogenie\ssleay32.dll" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\T8RES.DLL" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\T8RES.DLL" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\T8RES.DLL" deleted

"C:\Program Files\Allin1Convert_8h" deleted

"C:\Program Files\Mobogenie" deleted

"C:\Program Files\Allin1Convert_8h" deleted

"C:\Program Files\ViewPassword" deleted

"C:\Program Files\ViewPassword" deleted

"C:\Program Files\ViewPassword" deleted

"C:\Program Files\Mobogenie" deleted

"C:\Program Files\Allin1Convert_8h" deleted

"C:\Program Files\ViewPassword" deleted

"C:\Program Files\Allin1Convert_8h\bar" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin" deleted

"C:\Program Files\Allin1Convert_8h\bar" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin" deleted

"C:\Program Files\Allin1Convert_8h\bar" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2014-01-21 07:30:47 4478918C7D60EC932016E144086E249F 86016 ----a-w- C:\Windows\unvise32qt.exe

====== C:\Users\Robert\AppData\Local\Temp ====

2014-01-21 07:26:59 C459E252866435ED8B928D1509C28DE2 16896 ----a-w- C:\Users\Leen\AppData\Local\Temp\~vis0000\rebootnt.exe

2014-01-21 07:26:57 FFAFEC3CFAD854399E9CF9D24AFD8AF6 442368 ----a-w- C:\Users\Leen\AppData\Local\Temp\~vis0000\vise32ex.dll

2014-01-21 07:23:34 9A0211146CE87037A18206C702BB01CB 561152 ----a-w- C:\Users\Leen\AppData\Local\Temp\TempFolder.aaa\iml32.dll

2014-01-21 07:23:34 718E778A97FC8CF6694821F724A0FCA0 1097728 ----a-w- C:\Users\Leen\AppData\Local\Temp\TempFolder.aaa\dirapi.dll

2014-01-21 07:23:34 63DA4613383EC70E047B4CD5C48F0B05 266293 ----a-w- C:\Users\Leen\AppData\Local\Temp\TempFolder.aaa\msvcrt.dll

2014-01-21 07:23:34 1A9B1D8B21AE6F6A5428B4D23DBFB03E 159744 ----a-w- C:\Users\Leen\AppData\Local\Temp\TempFolder.aaa\proj.dll

====== Java Cache =====

====== C:\Windows\system32 =====

2014-02-03 11:06:37 18C48414627F5F1C57A8C7CA815E75BD 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2014-02-03 11:06:34 D3A08BA0A5C9CA61A10A8EB81C176692 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2014-02-03 11:06:34 A86F5616EACB7155998011CEFFFB52F6 12800 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll

2014-02-03 11:06:29 D3F64318307CEC05CBDE533D99976532 16896 ----a-w- C:\Windows\System32\wksprtPS.dll

2014-02-03 11:06:29 A9D4140B8B843D5719F7C3EED8C0F9FD 37376 ----a-w- C:\Windows\System32\tsgqec.dll

2014-02-03 11:06:28 E6446AB7A7E602CAFF51ACA3C68C1526 269312 ----a-w- C:\Windows\System32\aaclient.dll

2014-02-03 11:06:28 C551B35F71CA76C88112966238821105 317440 ----a-w- C:\Windows\System32\wksprt.exe

2014-02-03 11:06:28 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\System32\rdpendp_winip.dll

2014-02-03 11:06:28 3F853160DEE5B71B9AD2F1BAF2B1E55B 46592 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll

2014-02-03 11:06:28 3228AB5F8652EAABFF3C5FC7FD0F603A 221184 ----a-w- C:\Windows\System32\rdpudd.dll

2014-02-03 11:06:28 321BE3A2C87206B0C85ECD4FA4EBBF54 56320 ----a-w- C:\Windows\System32\TSWbPrxy.exe

2014-02-03 11:06:28 235B7E30D5B48A3B769C00DA166F080B 32768 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll

2014-02-03 11:06:27 AC3598BD1101BBC4365994BAB093BB62 2739712 ----a-w- C:\Windows\System32\rdpcorets.dll

2014-02-03 11:06:27 40FF6C636380A87DE3A99F4E348BFDCB 1048064 ----a-w- C:\Windows\System32\mstsc.exe

2014-02-03 11:06:26 EF1689081813A60D4610FF429530BA36 4916224 ----a-w- C:\Windows\System32\mstscax.dll

2014-02-03 11:04:47 33B26FA5DBEB69FFAB703EDCB4E6DE4A 514560 ----a-w- C:\Windows\System32\qdvd.dll

2014-01-21 07:33:24 E72E87DBBA862B34C6E4B8ED5E84DBDA 45 ----a-w- C:\Windows\System32\LPPCD01.ini

====== C:\Windows\system32\drivers =====

2014-02-03 11:06:36 65375DF758CA1872AB7EBBBA457FD5E6 14848 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys

2014-02-03 11:06:32 9CE253214ACAA5A7D323327D2055EFAA 49664 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

2014-01-16 14:40:28 5DBD4F73E2A52FEED61DBAB3752E329C 240576 ----a-w- C:\Windows\System32\drivers\netio.sys

2014-01-16 14:40:26 EDF2DF71C4F1E13A6AC75F5224DE655A 258560 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2014-01-16 14:40:26 EC2C5AF37B76D7B58C642CB74423DB7A 284672 ----a-w- C:\Windows\System32\drivers\usbport.sys

2014-01-16 14:40:26 D40855F89B69305140BBD7E9A3BA2DA6 43520 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2014-01-16 14:40:26 0803FBA9FE829D61AE26EC0BCC910C46 76288 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2014-01-16 14:40:25 9828C8D14CC2676421778F0DE638CF97 20480 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2014-01-16 14:40:25 74F805AB12EB0E3E49E469F19FF02640 6016 ----a-w- C:\Windows\System32\drivers\usbd.sys

2014-01-16 14:40:22 800AABFD625EEFF899F7E5496BDE37AB 24064 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-02-03 10:25:34 -------- d-----w- C:\Program Files\trend micro

2014-02-03 10:09:09 -------- d-----w- C:\Program Files\Adblock Plus for IE

2014-01-21 07:30:19 -------- d-----w- C:\Program Files\QuickTime

2014-01-21 07:23:54 -------- d-----w- C:\Program Files\De Kleine Prins

======= C: =====

====== C:\Users\Robert\AppData\Roaming ======

2014-02-03 13:37:44 -------- d-----w- C:\Users\Robert\AppData\Roaming\Sammsoft

2014-02-03 10:09:16 -------- d-----w- C:\Users\Robert\AppData\Locallow\Adblock Plus for IE

2014-01-21 13:01:45 -------- d-----w- C:\Users\Leen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup

2014-01-21 13:01:42 -------- d-----w- C:\Users\Leen\AppData\Local\Programs

2014-01-21 07:26:55 -------- d-----w- C:\Users\Leen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lannoo

2014-01-07 08:39:10 -------- d-----w- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup

====== C:\Users\Robert ======

2014-02-03 10:48:53 755246A3D44BFDB8A66DB8C19122724B 4721920 ----a-w- C:\Users\Robert\Downloads\ccsetup410.exe

2014-02-03 10:25:21 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robert\Downloads\RSIT.exe

2014-01-21 07:30:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-01-21 07:27:00 -------- d-----w- C:\ProgramData\QuickTime

====== C: exe-files ==

2014-02-03 13:38:08 91722F04D2E86C607F7E5E5DA9D4A3B2 84563 ----a-w- C:\Users\Robert\AppData\Local\Temp\~nsu.tmp\Au_.exe

2014-02-03 11:06:37 18C48414627F5F1C57A8C7CA815E75BD 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2014-02-03 11:06:28 C551B35F71CA76C88112966238821105 317440 ----a-w- C:\Windows\System32\wksprt.exe

2014-02-03 11:06:28 321BE3A2C87206B0C85ECD4FA4EBBF54 56320 ----a-w- C:\Windows\System32\TSWbPrxy.exe

2014-02-03 11:06:27 40FF6C636380A87DE3A99F4E348BFDCB 1048064 ----a-w- C:\Windows\System32\mstsc.exe

2014-02-03 10:48:53 755246A3D44BFDB8A66DB8C19122724B 4721920 ----a-w- C:\Users\Robert\Downloads\ccsetup410.exe

2014-02-03 10:25:34 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Robert.exe

2014-02-03 10:25:21 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robert\Downloads\RSIT.exe

2014-01-30 14:23:17 75B0D4CC6E1BFD6344EEF198270A773D 36532904 ----a-w- C:\Users\Leen\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.102\32.0.1700.102_chrome_installer.exe

2014-01-29 17:46:35 BD556495B9E1E00A2A55D4E6131C2EA0 981160 ----a-w- C:\Users\Leen\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.102\32.0.1700.102_32.0.1700.76_chrome_updater.exe

2014-01-29 10:26:54 BD556495B9E1E00A2A55D4E6131C2EA0 981160 ----a-w- C:\Users\Robert\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.102\32.0.1700.102_32.0.1700.76_chrome_updater.exe

=== C: other files ==

2014-02-03 11:06:36 E951866BAC5A23403F62A349EDBB6EEB 24064 ----a-w- C:\Windows\System32\DriverStore\FileRepository\termmou.inf_x86_neutral_0e28c761f9ae155a\terminpt.sys

2014-02-03 11:06:36 E951866BAC5A23403F62A349EDBB6EEB 24064 ----a-w- C:\Windows\System32\DriverStore\FileRepository\termkbd.inf_x86_neutral_339f71420b21f4a1\terminpt.sys

2014-02-03 11:06:36 65375DF758CA1872AB7EBBBA457FD5E6 14848 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys

2014-02-03 11:06:32 9CE253214ACAA5A7D323327D2055EFAA 49664 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

2014-02-03 11:06:32 57C527AF84748B5C2F5178C499C0B81F 27136 ----a-w- C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_x86_neutral_93ae7b205b7d38be\TsUsbGD.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeAAMUpdater-1.0"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAHeadless]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CAHeadless"

"hkey"="HKCU"

"command"="C:\\Program Files\\Adobe\\Elements 10 Organizer\\CAHeadless\\ElementsAutoAnalyzer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Google Update"

"hkey"="HKCU"

"command"="\"C:\\Users\\Robert\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QuickTime Task"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="swg"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

==== Startup Folders ======================

2011-10-28 07:50:01 1284 ----a-w- C:\Users\Leen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [28/12/2013 15:36]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [31/12/2009 11:49]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [31/12/2009 11:49]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3071215331-3974172817-2085052823-1000UA.job --a------ C:\Users\Leen\AppData\Local\Google\Update\GoogleUpdate.exe [23/10/2010 19:04]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3071215331-3974172817-2085052823-1001Core.job --a------ C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [27/10/2011 17:44]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3071215331-3974172817-2085052823-1001UA.job --a------ C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [27/10/2011 17:44]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-RORI-PC-Leen" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]

"C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-RORI-PC-Robert" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3071215331-3974172817-2085052823-1000Core" [C:\Users\Leen\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3071215331-3974172817-2085052823-1000UA" [C:\Users\Leen\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3071215331-3974172817-2085052823-1001Core" [C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3071215331-3974172817-2085052823-1001UA" [C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\User_Feed_Synchronization-{3D933F0D-7BEC-4C42-86BD-1EFB4EFF96FD}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\system32\tasks\User_Feed_Synchronization-{6A5FD232-5893-4788-B1D4-B21653355FBB}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\system32\tasks\{148B859F-E3DF-4782-A679-D52DACC72137}" [C:\Program Files\Google\Picasa3\Picasa3.exe]

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{bf2ac236-951a-458b-835e-dfb97c24af2c}"="C:\Program Files\ViewPassword\150.xpi" []

==== Chrome Look ======================

Google Wallet - Leen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Google Wallet - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3071215331-3974172817-2085052823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{949b3815-2809-4571-9ed9-ce9a1df53914} deleted successfully

HKEY_USERS\S-1-5-21-3071215331-3974172817-2085052823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{949b3815-2809-4571-9ed9-ce9a1df53914} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{949b3815-2809-4571-9ed9-ce9a1df53914} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{949b3815-2809-4571-9ed9-ce9a1df53914} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3071215331-3974172817-2085052823-1001\Software\Mozilla\Firefox\Extensions\{bf2ac236-951a-458b-835e-dfb97c24af2c} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\3c8a3e8f-f2be-4078-bc61-9f25482387db deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Leen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Leen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Leen\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Leen\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\61I8Y0P1 will be deleted at reboot

C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6T1XBLF3 will be deleted at reboot

C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6XZGMQF8 will be deleted at reboot

C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GQ9IKRVD will be deleted at reboot

C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HD2YNSEJ will be deleted at reboot

C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QSAKW0B2 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Leen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2554 folders=230 173384890 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Leen\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Robert\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Robert\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\61I8Y0P1" not found

"C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6T1XBLF3" not found

"C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6XZGMQF8" not found

"C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GQ9IKRVD" not found

"C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HD2YNSEJ" not found

"C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QSAKW0B2" not found

==== EOF on ma 03/02/2014 at 14:45:54,66 ======================

[kape]

Mooie opruiming gebeurd. Download AdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op de knop Scan.
  
• Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  
• Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  
• Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  
• Plaats dit logbestand in het volgende bericht.