Rsit Logje - Malware Op Pc

[YayYay]

 

Hi, 

 

Mijn vriendin heeft per ongeluk een bestandje aangeklikt op internet, dat allerlei malware programma's heeft geinstalleerd op m'n pc. 

De meeste hiervan heb ik kunnen verwijderen via Configuratiescherm & heb Anti-malware bytes al eens laten lopen. 

 

Momenteel wordt mijn startpagina van Chrome echter nog altijd opnieuw gewijzigd naar een "startmysearch" pagina, en heb ik nog een icoontje van "Searchprotect" staan bij mijn systeemicoontje. Voorspelt weinig goeds dus.

 

Vandaar even mijn logje. 

 

Alvast bedankt voor de hulp.

Groeten.

 

 

 

Logfile of random's system information tool 1.10 (written by random/random)

Run by Jelle at 2014-12-08 19:41:54

Microsoft Windows 8.1 

System drive C: has 681 GB (76%) free of 891 GB

Total RAM: 4051 MB (50% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:41:58, on 8/12/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.17416)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1434\jsdrv.exe

C:\Users\Jelle\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\SupTab\HpUI.exe

C:\Program Files (x86)\SupTab\Loader32.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\syswow64\wwahost.exe

C:\Program Files\trend micro\Jelle.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot

O4 - HKLM\..\Run: [salus] C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"

O4 - HKCU\..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot

O4 - HKUS\S-1-5-21-40242581-377180158-3296479076-1001\..\Run: [AppLauncher] C:\Program Files (x86)\Medion MediaPack 3\Ashampoo AppLauncher (Medion)\AppLauncher.exe (User 'UpdatusUser')

O4 - Startup: Dropbox.lnk = Jelle\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-154558-44482-6/4 (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-154558-44482-6/4 (file missing) (HKCU)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Box Sync Update Service (BoxSyncUpdateService) - Box, Inc. - C:\Program Files\Box\Box Sync\SyncUpdaterService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Universal Updater Service (UniversalUpdater) - Unknown owner - C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8897 bytes

 

======Listing Processes======

 

 

 

 

 

wininit.exe

 

C:\Windows\system32\lsass.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

"C:\Windows\system32\nvvsvc.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

dashost.exe {4249051b-0712-42f3-acc8e4537dcfc56e}

C:\Windows\system32\svchost.exe -k imgsvc

 

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

 

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files\iPod\bin\iPodService.exe"

"C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service

C:\ProgramData\IePluginServices\PluginService.exe -service

"C:\Program Files\Common Files\ShopperPro\spbiu.exe" /service

"C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe"

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-7cae713e-21a3-4622-b504-ee19b70a5c0d -SystemEventPortName:HostProcess-6a1909b7-8a6f-45ad-95f2-83af79e6ffed -IoCancelEventPortName:HostProcess-ca42f200-233c-4a52-9100-f7988f71222f -NonStateChangingEventPortName:HostProcess-d57548be-b80b-4daa-af8c-f4be5a70f14e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:014e737c-7f7e-49b4-b423-0ba818c4af4a -DeviceGroupId:

 

winlogon.exe

"dwm.exe"

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"

C:\Windows\system32\nvvsvc.exe -session

taskhostex.exe 

C:\Windows\Explorer.EXE

C:\Windows\System32\skydrive.exe -Embedding

"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1

"C:\Windows\System32\SettingSyncHost.exe" -Embedding

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1434\jsdrv.exe" 

"C:\Users\Jelle\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup

"C:\Program Files (x86)\iTunes\iTunesHelper.exe" 

"C:\Program Files (x86)\SupTab\HpUI.exe" -run

"C:\Program Files (x86)\SupTab\Loader64.exe" 

"C:\Program Files (x86)\SupTab\Loader32.exe" 

"C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

taskhost.exe 

taskhost.exe $(Arg0)

"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetServiceDss -RestrictPrivileges -AccessKey 65E746BB-0829-19CC-E3A2-AD1E7C4C3C97 -Reinvoke

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.mystartsearch.com/?type=sc&ts=1418053832&from=amt&uid=TOSHIBAXDT01ACA100_14KJM2NNSXX14KJM2NNSX

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5252.0.1201249762\1401067872" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,17,38,46 --gpu-vendor-id=0x10de --gpu-device-id=0x1382 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3235 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="DomRel-Enable/enable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5252.1.293524107\912204902" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5252.2.445022969\924216113" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Disabled/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5252.8.1027542747\1687234586" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5252.9.925639626\1325423877" --ppapi-flash-args=enable_hw_video_decode=1 --lang=nl --ignored=" --type=renderer " /prefetch:-632637702

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe168_ Global\UsGthrCtrlFltPipeMssGthrPipe168 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 

"C:\Windows\system32\SearchFilterHost.exe" 0 576 580 588 65536 584 

 

"C:\Users\Jelle\Desktop\RSITx64.exe" 

"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server

"C:\Windows\syswow64\wwahost.exe" -ServerName:App.wwa

C:\Windows\System32\RuntimeBroker.exe -Embedding

C:\Windows\system32\wbem\wmiprvse.exe

 

======Scheduled tasks folder======

 

C:\Windows\tasks\AVGNOJW.job - C:\Users\mieke_000\AppData\Roaming\AVGNOJW.exe  /infocmdline=EVbq3I6mFN8RARhFcw2Ed740Jnzs1c1ks5fbtMKCNy8Z5ezYD+0MgioHxryPyJ/bqHTHnK+OqWtWoo9D5yWhb/YnXm5I1B1cbz//OZmYBUX1inxHTJsaHvn+mX2x9CNg7tCqYl0NO1vgWST7R9PmFJPDu2KLkDj96arAg0hczeVEpqW3eaULQfO2trZ/LTXA1oS/QXTN2sE3ucRKlLPphvviL3CHRK4L4MNedWE8KUoJGo1o/GYuXNIesunGJdjOkdh8wjzTxD3UXr8kg5jIaRJuyVds5z1Hb5G7dCU3Y7fo7VI9ERCDcqqpbn9xLkEz5Yz2oB6G9AcC9tlojRs3orX5908p1TVUoFQKKcff9zuoCG9tPOsJ0vlR2HGfiMEfxXsZFM1MM086vySRW2f8tR9b+KYVM/EHjdQPbMCLySLKGgDJRjh82CkLnonKC3gIJvHkAd3MpceiIkfi/tHvL1QzZalkmhWP7XDcs6WAeMzJWj8Ut5XdsKv3RtrkgD3oqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70= 

C:\Windows\tasks\DMHMP.job - C:\Users\mieke_000\AppData\Roaming\DMHMP.exe  /infocmdline=wslPuO13l2Qejgzfagyoi050OI3njiwYAuR0e5lgrpbq90ofs8vYE3KNDIVyBJVvsXYQAC3CZCGQyCHvFh4wxrL1hwSa655WctosEy+sWsPE3otPFeptjzuJmyh0+LYGtSWg9OrXJiSKEEQ3Yi67WUtO5LsKii+eLkeXU4aZiTacQLM36L76kmSIAZ3QSlDlJZK7PF/wbVZ9dZUu95N0MMpThoNSCaWksm1+zXxovKcGQ73+WpGpxQxnL7wGeOELhKFILN7ffpYSnGw2TMQQVEhj1uIy0WzU/qhAtUknhTRwRZ9WQQ7KhLn0j7pfwGuPCnSgxKqKyP9DSgIZqVsnGL5DfwQ3OIw0Xlux2oTFoxHlN+fEYx4MRCp0m0tMvmpMALOMQv7wmduJj4+C5uv1mBOAHYOVaY7vmYcXp4uZzdsw8497sUc9IXxlJWmGBaC186A9psN4D29Drw3jZlCtxKIHTJGyiGepVCer+9y/vRHkq/0+12s7GtKkLwu0mmK3 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"=C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [2013-11-21 36352]

"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-24 13662936]

"BoxSync"=C:\Program Files\Box\Box Sync\BoxSync.exe [2014-11-13 5609176]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"YTDownloader"=C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot []

 

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-02-21 152392]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

"beid"=C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup []

"YTDownloader"=C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot []

"Salus"=C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe [2014-12-08 1114624]

 

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [2014-11-21 54072]

 

C:\Users\Jelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\Jelle\AppData\Roaming\Dropbox\bin\Dropbox.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2014-01-08 624640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"ConfirmFileDelete"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"VIDC.YUY2"=msyuv.dll

"vidc.i420"=iyuv_32.dll

"msacm.msgsm610"=msgsm32.acm

"msacm.msg711"=msg711.acm

"VIDC.YVYU"=msyuv.dll

"VIDC.YVU9"=tsbyuv.dll

"wavemapper"=msacm32.drv

"midimapper"=midimap.dll

"VIDC.UYVY"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"vidc.msvc"=msvidc32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux1"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux2"=wdmaud.drv

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 month======

 

2014-12-08 19:41:54 ----D---- C:\rsit

2014-12-08 19:41:54 ----D---- C:\Program Files\trend micro

2014-12-08 19:35:31 ----A---- C:\Windows\system32\drivers\cembn.sys

2014-12-08 16:53:04 ----D---- C:\Program Files (x86)\Universal Updater

2014-12-08 16:53:04 ----D---- C:\Program Files (x86)\0ca45c95134d

2014-12-08 16:53:03 ----D---- C:\Program Files (x86)\f552dd4c52e3

2014-12-08 16:52:22 ----D---- C:\Program Files\Common Files\ShopperPro

2014-12-08 16:51:52 ----D---- C:\Program Files (x86)\fb9c456e-c6d8-4567-b255-31f106c1ca11

2014-12-08 16:51:46 ----D---- C:\Program Files (x86)\globalUpdate

2014-12-08 16:51:09 ----D---- C:\Program Files (x86)\ShopperPro

2014-12-08 16:50:58 ----D---- C:\ProgramData\IePluginServices

2014-12-08 16:50:48 ----D---- C:\Program Files (x86)\SupTab

2014-12-08 16:50:42 ----D---- C:\ProgramData\WindowsMangerProtect

2014-12-08 01:08:08 ----A---- C:\Windows\system32\drivers\b786bdb3c67d.sys

2014-11-19 08:49:09 ----A---- C:\Windows\SYSWOW64\pku2u.dll

2014-11-19 08:49:09 ----A---- C:\Windows\SYSWOW64\kerberos.dll

2014-11-19 08:49:09 ----A---- C:\Windows\system32\pku2u.dll

2014-11-19 08:49:09 ----A---- C:\Windows\system32\kerberos.dll

2014-11-12 09:08:40 ----A---- C:\Windows\SYSWOW64\msxml3.dll

2014-11-12 09:08:39 ----A---- C:\Windows\system32\msxml3.dll

2014-11-12 09:08:33 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll

2014-11-12 09:08:33 ----A---- C:\Windows\system32\audiosrv.dll

2014-11-12 09:08:33 ----A---- C:\Windows\system32\AudioSes.dll

2014-11-12 09:08:33 ----A---- C:\Windows\system32\AUDIOKSE.dll

2014-11-12 09:08:32 ----A---- C:\Windows\SYSWOW64\AudioSes.dll

2014-11-12 09:08:32 ----A---- C:\Windows\SYSWOW64\AudioEng.dll

2014-11-12 09:08:32 ----A---- C:\Windows\system32\EncDump.dll

2014-11-12 09:08:32 ----A---- C:\Windows\system32\AudioEng.dll

2014-11-12 09:08:32 ----A---- C:\Windows\system32\AudioEndpointBuilder.dll

2014-11-12 09:08:32 ----A---- C:\Windows\system32\audiodg.exe

2014-11-12 09:08:29 ----A---- C:\Windows\system32\mshtml.dll

2014-11-12 09:08:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2014-11-12 09:08:05 ----A---- C:\Windows\system32\ieframe.dll

2014-11-12 09:08:01 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2014-11-12 09:07:57 ----A---- C:\Windows\system32\jscript9.dll

2014-11-12 09:07:56 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2014-11-12 09:07:55 ----A---- C:\Windows\system32\wininet.dll

2014-11-12 09:07:54 ----A---- C:\Windows\SYSWOW64\wininet.dll

2014-11-12 09:07:54 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2014-11-12 09:07:54 ----A---- C:\Windows\system32\urlmon.dll

2014-11-12 09:07:53 ----A---- C:\Windows\SYSWOW64\inetcomm.dll

2014-11-12 09:07:53 ----A---- C:\Windows\system32\inetcomm.dll

2014-11-12 09:07:53 ----A---- C:\Windows\system32\iertutil.dll

2014-11-12 09:07:53 ----A---- C:\Windows\system32\actxprxy.dll

2014-11-12 09:07:52 ----A---- C:\Windows\SYSWOW64\jscript.dll

2014-11-12 09:07:52 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2014-11-12 09:07:52 ----A---- C:\Windows\system32\jscript9diag.dll

2014-11-12 09:07:52 ----A---- C:\Windows\system32\jscript.dll

2014-11-12 09:07:51 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2014-11-12 09:07:51 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll

2014-11-12 09:07:51 ----A---- C:\Windows\system32\msfeeds.dll

2014-11-12 09:07:51 ----A---- C:\Windows\system32\ieui.dll

2014-11-12 09:07:50 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2014-11-12 09:07:50 ----A---- C:\Windows\SYSWOW64\ieui.dll

2014-11-12 09:07:50 ----A---- C:\Windows\system32\vbscript.dll

2014-11-12 09:07:47 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2014-11-12 09:07:47 ----A---- C:\Windows\SYSWOW64\dxtrans.dll

2014-11-12 09:07:47 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll

2014-11-12 09:07:47 ----A---- C:\Windows\system32\ieapfltr.dll

2014-11-12 09:07:47 ----A---- C:\Windows\system32\dxtrans.dll

2014-11-12 09:07:47 ----A---- C:\Windows\system32\dxtmsft.dll

2014-11-12 09:07:46 ----A---- C:\Windows\SYSWOW64\webcheck.dll

2014-11-12 09:07:46 ----A---- C:\Windows\system32\webcheck.dll

2014-11-12 09:07:46 ----A---- C:\Windows\system32\ieetwproxystub.dll

2014-11-12 09:07:45 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll

2014-11-12 09:07:45 ----A---- C:\Windows\SYSWOW64\hlink.dll

2014-11-12 09:07:45 ----A---- C:\Windows\system32\iedkcs32.dll

2014-11-12 09:07:44 ----A---- C:\Windows\SYSWOW64\msrating.dll

2014-11-12 09:07:44 ----A---- C:\Windows\SYSWOW64\inseng.dll

2014-11-12 09:07:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2014-11-12 09:07:44 ----A---- C:\Windows\SYSWOW64\iesysprep.dll

2014-11-12 09:07:44 ----A---- C:\Windows\SYSWOW64\iepeers.dll

2014-11-12 09:07:44 ----A---- C:\Windows\SYSWOW64\actxprxy.dll

2014-11-12 09:07:44 ----A---- C:\Windows\system32\inseng.dll

2014-11-12 09:07:44 ----A---- C:\Windows\system32\ieUnatt.exe

2014-11-12 09:07:44 ----A---- C:\Windows\system32\iesysprep.dll

2014-11-12 09:07:44 ----A---- C:\Windows\system32\iepeers.dll

2014-11-12 09:07:44 ----A---- C:\Windows\system32\ieetwcollector.exe

2014-11-12 09:07:44 ----A---- C:\Windows\system32\ie4uinit.exe

2014-11-12 09:07:44 ----A---- C:\Windows\system32\hlink.dll

2014-11-12 09:07:43 ----A---- C:\Windows\SYSWOW64\occache.dll

2014-11-12 09:07:43 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2014-11-12 09:07:43 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll

2014-11-12 09:07:43 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2014-11-12 09:07:43 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll

2014-11-12 09:07:43 ----A---- C:\Windows\SYSWOW64\iexpress.exe

2014-11-12 09:07:43 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll

2014-11-12 09:07:43 ----A---- C:\Windows\system32\msrating.dll

2014-11-12 09:07:43 ----A---- C:\Windows\system32\mshtmled.dll

2014-11-12 09:07:43 ----A---- C:\Windows\system32\MshtmlDac.dll

2014-11-12 09:07:43 ----A---- C:\Windows\system32\msfeedsbs.dll

2014-11-12 09:07:43 ----A---- C:\Windows\system32\jsproxy.dll

2014-11-12 09:07:43 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-11-12 09:07:42 ----A---- C:\Windows\SYSWOW64\wextract.exe

2014-11-12 09:07:42 ----A---- C:\Windows\SYSWOW64\url.dll

2014-11-12 09:07:42 ----A---- C:\Windows\SYSWOW64\pngfilt.dll

2014-11-12 09:07:42 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll

2014-11-12 09:07:42 ----A---- C:\Windows\SYSWOW64\licmgr10.dll

2014-11-12 09:07:42 ----A---- C:\Windows\SYSWOW64\imgutil.dll

2014-11-12 09:07:42 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2014-11-12 09:07:42 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2014-11-12 09:07:42 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll

2014-11-12 09:07:42 ----A---- C:\Windows\system32\url.dll

2014-11-12 09:07:42 ----A---- C:\Windows\system32\pngfilt.dll

2014-11-12 09:07:42 ----A---- C:\Windows\system32\occache.dll

2014-11-12 09:07:42 ----A---- C:\Windows\system32\licmgr10.dll

2014-11-12 09:07:42 ----A---- C:\Windows\system32\imgutil.dll

2014-11-12 09:07:42 ----A---- C:\Windows\system32\iernonce.dll

2014-11-12 09:07:42 ----A---- C:\Windows\system32\IEAdvpack.dll

2014-11-12 09:07:41 ----A---- C:\Windows\SYSWOW64\mshta.exe

2014-11-12 09:07:41 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe

2014-11-12 09:07:41 ----A---- C:\Windows\system32\wextract.exe

2014-11-12 09:07:41 ----A---- C:\Windows\system32\mshta.exe

2014-11-12 09:07:41 ----A---- C:\Windows\system32\msfeedssync.exe

2014-11-12 09:07:41 ----A---- C:\Windows\system32\iexpress.exe

2014-11-12 09:07:41 ----A---- C:\Windows\system32\iesetup.dll

2014-11-12 09:07:33 ----A---- C:\Windows\SYSWOW64\schannel.dll

2014-11-12 09:07:33 ----A---- C:\Windows\SYSWOW64\ncryptsslp.dll

2014-11-12 09:07:33 ----A---- C:\Windows\system32\schannel.dll

2014-11-12 09:07:33 ----A---- C:\Windows\system32\ncryptsslp.dll

2014-11-12 09:07:33 ----A---- C:\Windows\system32\dpapisrv.dll

2014-11-12 09:07:32 ----A---- C:\Windows\system32\win32k.sys

2014-11-12 09:07:31 ----A---- C:\Windows\SYSWOW64\packager.dll

2014-11-12 09:07:31 ----A---- C:\Windows\system32\packager.dll

2014-11-12 09:07:28 ----A---- C:\Windows\SYSWOW64\msaudite.dll

2014-11-12 09:07:28 ----A---- C:\Windows\SYSWOW64\certcli.dll

2014-11-12 09:07:28 ----A---- C:\Windows\SYSWOW64\adtschema.dll

2014-11-12 09:07:28 ----A---- C:\Windows\system32\rfxvmt.dll

2014-11-12 09:07:28 ----A---- C:\Windows\system32\rdpudd.dll

2014-11-12 09:07:28 ----A---- C:\Windows\system32\rdpcorets.dll

2014-11-12 09:07:28 ----A---- C:\Windows\system32\msaudite.dll

2014-11-12 09:07:28 ----A---- C:\Windows\system32\lsasrv.dll

2014-11-12 09:07:28 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys

2014-11-12 09:07:28 ----A---- C:\Windows\system32\drivers\ksecpkg.sys

2014-11-12 09:07:28 ----A---- C:\Windows\system32\drivers\cng.sys

2014-11-12 09:07:28 ----A---- C:\Windows\system32\certcli.dll

2014-11-12 09:07:28 ----A---- C:\Windows\system32\adtschema.dll

2014-11-12 09:07:21 ----A---- C:\Windows\SYSWOW64\oleaut32.dll

2014-11-12 09:07:21 ----A---- C:\Windows\system32\oleaut32.dll

2014-11-12 09:07:19 ----A---- C:\Windows\system32\devinv.dll

2014-11-12 09:07:19 ----A---- C:\Windows\system32\aepdu.dll

2014-11-12 09:07:18 ----A---- C:\Windows\system32\generaltel.dll

2014-11-12 09:07:18 ----A---- C:\Windows\system32\aeinv.dll

2014-11-12 09:07:16 ----A---- C:\Windows\system32\aepic.dll

2014-11-12 09:07:15 ----A---- C:\Windows\SYSWOW64\msi.dll

2014-11-12 09:07:15 ----A---- C:\Windows\system32\msi.dll

2014-11-12 09:07:15 ----A---- C:\Windows\system32\authui.dll

2014-11-12 09:07:14 ----A---- C:\Windows\SYSWOW64\msihnd.dll

2014-11-12 09:07:14 ----A---- C:\Windows\SYSWOW64\authui.dll

2014-11-12 09:07:14 ----A---- C:\Windows\system32\msihnd.dll

2014-11-12 09:07:13 ----A---- C:\Windows\system32\consent.exe

2014-11-12 09:07:13 ----A---- C:\Windows\system32\appinfo.dll

2014-11-12 09:07:08 ----A---- C:\Windows\system32\wuaueng.dll

2014-11-12 09:07:08 ----A---- C:\Windows\system32\wuapi.dll

2014-11-12 09:07:07 ----A---- C:\Windows\SYSWOW64\wuwebv.dll

2014-11-12 09:07:07 ----A---- C:\Windows\SYSWOW64\wudriver.dll

2014-11-12 09:07:07 ----A---- C:\Windows\SYSWOW64\wuapi.dll

2014-11-12 09:07:07 ----A---- C:\Windows\system32\wuwebv.dll

2014-11-12 09:07:07 ----A---- C:\Windows\system32\WUSettingsProvider.dll

2014-11-12 09:07:07 ----A---- C:\Windows\system32\wucltux.dll

2014-11-12 09:07:06 ----A---- C:\Windows\SYSWOW64\wups.dll

2014-11-12 09:07:06 ----A---- C:\Windows\SYSWOW64\wuapp.exe

2014-11-12 09:07:06 ----A---- C:\Windows\system32\wups2.dll

2014-11-12 09:07:06 ----A---- C:\Windows\system32\wups.dll

2014-11-12 09:07:06 ----A---- C:\Windows\system32\wudriver.dll

2014-11-12 09:07:06 ----A---- C:\Windows\system32\wuauclt.exe

2014-11-12 09:07:06 ----A---- C:\Windows\system32\wuapp.exe

2014-11-12 09:07:06 ----A---- C:\Windows\system32\wuaext.dll

2014-11-12 09:06:52 ----A---- C:\Windows\system32\user32.dll

2014-11-12 09:06:49 ----A---- C:\Windows\SYSWOW64\user32.dll

2014-11-12 09:06:48 ----A---- C:\Windows\system32\drivers\WdFilter.sys

2014-11-12 09:06:47 ----A---- C:\Windows\system32\drivers\WdNisDrv.sys

2014-11-12 09:06:46 ----A---- C:\Windows\system32\drivers\WdBoot.sys

2014-11-12 09:06:45 ----A---- C:\Windows\SYSWOW64\winshfhc.dll

2014-11-12 09:06:45 ----A---- C:\Windows\system32\winshfhc.dll

2014-11-12 09:05:54 ----A---- C:\Windows\system32\shell32.dll

2014-11-12 09:05:53 ----A---- C:\Windows\system32\ntoskrnl.exe

2014-11-12 09:05:52 ----A---- C:\Windows\SYSWOW64\shell32.dll

2014-11-12 09:05:49 ----A---- C:\Windows\system32\SettingsHandlers.dll

2014-11-12 09:05:48 ----A---- C:\Windows\system32\twinui.dll

2014-11-12 09:05:48 ----A---- C:\Windows\system32\localspl.dll

2014-11-12 09:05:48 ----A---- C:\Windows\system32\drivers\tcpip.sys

2014-11-12 09:05:47 ----A---- C:\Windows\system32\mfmp4srcsnk.dll

2014-11-12 09:05:47 ----A---- C:\Windows\system32\MFMediaEngine.dll

2014-11-12 09:05:46 ----A---- C:\Windows\SYSWOW64\twinui.dll

2014-11-12 09:05:46 ----A---- C:\Windows\SYSWOW64\mfmp4srcsnk.dll

2014-11-12 09:05:46 ----A---- C:\Windows\SYSWOW64\MFMediaEngine.dll

2014-11-12 09:05:46 ----A---- C:\Windows\system32\win32spl.dll

2014-11-12 09:05:46 ----A---- C:\Windows\system32\drivers\netio.sys

2014-11-12 09:05:45 ----AC---- C:\Windows\system32\drivers\USBSTOR.SYS

2014-11-12 09:05:45 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll

2014-11-12 09:05:45 ----A---- C:\Windows\SYSWOW64\puiobj.dll

2014-11-12 09:05:45 ----A---- C:\Windows\system32\WsmSvc.dll

2014-11-12 09:05:45 ----A---- C:\Windows\system32\puiobj.dll

2014-11-12 09:05:44 ----A---- C:\Windows\SYSWOW64\untfs.dll

2014-11-12 09:05:44 ----A---- C:\Windows\system32\untfs.dll

2014-11-12 09:05:44 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS

2014-11-12 09:05:43 ----A---- C:\Windows\system32\FXSCOMEX.dll

2014-11-12 09:05:41 ----A---- C:\Windows\system32\FXSAPI.dll

2014-11-12 09:05:36 ----A---- C:\Windows\SYSWOW64\FXSAPI.dll

 

======List of files/folders modified in the last 1 month======

 

2014-12-08 19:41:54 ----RD---- C:\Program Files

2014-12-08 19:41:31 ----D---- C:\Windows\Prefetch

2014-12-08 19:36:31 ----RD---- C:\Program Files (x86)

2014-12-08 19:36:30 ----HD---- C:\ProgramData

2014-12-08 19:36:22 ----D---- C:\Windows\Temp

2014-12-08 19:36:08 ----D---- C:\Windows\system32\Tasks

2014-12-08 19:36:08 ----D---- C:\Program Files\Common Files\System

2014-12-08 19:35:31 ----D---- C:\Windows\system32\drivers

2014-12-08 19:35:31 ----D---- C:\Windows\da

2014-12-08 19:35:08 ----D---- C:\Windows\Tasks

2014-12-08 19:35:08 ----D---- C:\Program Files (x86)\AGEIA Technologies

2014-12-08 19:19:56 ----HD---- C:\Program Files\WindowsApps

2014-12-08 19:19:54 ----D---- C:\Windows\AppReadiness

2014-12-08 19:12:07 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-08 19:10:19 ----D---- C:\Users\Jelle\AppData\Roaming\Dropbox

2014-12-08 19:00:19 ----D---- C:\Windows\system32\sru

2014-12-08 17:19:20 ----D---- C:\Windows\Microsoft.NET

2014-12-08 16:53:25 ----D---- C:\Windows\SysWOW64

2014-12-08 16:52:22 ----D---- C:\Program Files\Common Files

2014-12-08 16:52:04 ----SHD---- C:\Windows\Installer

2014-12-08 13:46:25 ----D---- C:\Windows\system32\config

2014-12-03 23:50:27 ----RD---- C:\Windows\System32

2014-12-03 23:50:27 ----D---- C:\Windows\Inf

2014-12-03 23:50:27 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-12-03 11:48:37 ----SHD---- C:\System Volume Information

2014-12-01 12:13:53 ----D---- C:\ProgramData\CanonIJPLM

2014-11-26 07:58:01 ----D---- C:\Windows\CbsTemp

2014-11-26 07:57:59 ----D---- C:\Windows\WinSxS

2014-11-20 21:51:37 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2014-11-18 09:32:42 ----D---- C:\Windows\system32\catroot2

2014-11-17 21:17:09 ----D---- C:\Program Files (x86)\Microsoft Office

2014-11-17 12:51:58 ----D---- C:\Windows\rescache

2014-11-17 12:28:19 ----D---- C:\Windows\system32\DriverStore

2014-11-15 09:43:00 ----D---- C:\Windows\system32\MRT

2014-11-15 09:40:34 ----A---- C:\Windows\system32\MRT.exe

2014-11-15 08:46:53 ----D---- C:\Windows\system32\catroot

2014-11-14 21:50:16 ----SD---- C:\Windows\system32\CompatTel

2014-11-14 21:50:12 ----D---- C:\Program Files\Windows Defender

2014-11-14 21:50:11 ----D---- C:\Program Files (x86)\Windows Defender

2014-11-14 21:50:07 ----D---- C:\Windows\system32\wbem

2014-11-14 21:50:04 ----D---- C:\Windows\SYSWOW64\nl-NL

2014-11-14 21:50:04 ----D---- C:\Windows\system32\nl-NL

2014-11-14 21:50:00 ----D---- C:\Program Files (x86)\Internet Explorer

2014-11-14 21:49:58 ----D---- C:\Windows\SYSWOW64\migration

2014-11-14 21:49:56 ----D---- C:\Windows\system32\migration

2014-11-14 21:49:53 ----D---- C:\Program Files\Internet Explorer

2014-11-14 15:55:13 ----D---- C:\ProgramData\Microsoft Help

2014-11-12 16:41:02 ----RD---- C:\Windows\ToastData

2014-11-12 16:40:59 ----RD---- C:\Windows\ImmersiveControlPanel

2014-11-12 16:40:58 ----D---- C:\Windows\apppatch

2014-11-12 11:22:05 ----RD---- C:\Windows\assembly

2014-11-09 09:58:05 ----D---- C:\Users\Jelle\AppData\Roaming\uTorrent

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2013-11-21 632168]

R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 157016]

R1 b786bdb3c67d;b786bdb3c67d; C:\Windows\system32\drivers\b786bdb3c67d.sys [2014-12-08 51528]

R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-29 3698904]

R3 MEIx64;@oem16.inf,%TEE_SvcDesc%;Intel® Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-04 99288]

R3 NVHDA;@oem14.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-01-08 12652320]

R3 RTL8168;@oem15.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-08-15 830680]

R3 RtlWlanu;@oem2.inf,%RtlWlanu.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2014-01-15 2968280]

R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]

R3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2013-08-22 78848]

S0 ubbtcuot;ubbtcuot; C:\Windows\System32\drivers\cembn.sys [2014-12-08 79064]

S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-01-08 4220416]

S3 intaud_WaveExtensible;@oem11.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys []

S3 IntcDAud;@oem9.inf,%IntcDAud.SvcDesc%;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-01-08 450520]

S3 iwdbus;@oem12.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys []

S3 USBAAPL64;@oem12.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2013-03-18 54784]

S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;Stuurprogramma voor USB-audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-12-13 121088]

S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB-videoapparaat (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-08-22 212224]

S3 WSDPrintDevice;@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support; C:\Windows\System32\drivers\WSDPrint.sys [2013-08-22 20992]

S3 WSDScan;@sti.inf,%WSDScan.SvcDesc%;Ondersteuning voor WSD-scan; C:\Windows\System32\drivers\WSDScan.sys [2013-08-22 23040]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-02-12 43336]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-21 15720]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-01-08 922912]

R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2014-01-08 1364256]

R2 UniversalUpdater;Universal Updater Service; C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe [2014-12-08 697344]

R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2014-02-21 641352]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20 116648]

S3 BoxSyncUpdateService;Box Sync Update Service; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2014-09-18 28184]

S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-01-08 279024]

S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-22 43696]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20 116648]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

 

-----------------EOF-----------------

 

[kape]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
• Dubbelklik op Zoek.exe om de tool te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

YTDownloader;s
C:\Program Files (x86)\YTDownloader;fs
Salus;s
C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe;f
{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA};c
UniversalUpdater;s
C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe;f
C:\Program Files\Common Files\ShopperPro;fs
C:\Program Files (x86)\SupTab;fs
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r64
"YTDownloader"=-;r64
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64
"YTDownloader"=-;r64
"Salus"=-;r64
C:\Program Files (x86)\Universal Updater;fs
C:\Program Files (x86)\0ca45c95134d;fs
C:\Program Files (x86)\f552dd4c52e3;fs
C:\Program Files (x86)\fb9c456e-c6d8-4567-b255-31f106c1ca11;fs
C:\Program Files (x86)\globalUpdate;fs
C:\Program Files (x86)\ShopperPro;fs
C:\ProgramData\IePluginServices;fs
C:\ProgramData\WindowsMangerProtect;fs
emptyfolderscheck;delete
startupall;
filesrcm;

• Klik op de knop "More options" en vink nu de onderstaande opties aan.
• Do a Deep Scan
• Auto Clean
• De optie "Scan All Users" staat standaard aangevinkt.
• Klik nu op de knop "Run script".
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
• Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

9 december 2014 aangepast door kape

[YayYay]

Heb de indruk dat de programma's weg zijn. Zie geen onbekende icoontjes meer, en startpagina is opnieuw hersteld. 

Hieronder mijn logje:

 

 

Zoek.exe v5.0.0.0 Updated 08-December-2014

Tool run by Jelle on di 09/12/2014 at 22:27:49,78.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Jelle\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used]

 

==== System Restore Info ======================

 

9/12/2014 22:29:40 Zoek.exe System Restore Point Created Succesfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\Universal Updater deleted successfully

C:\PROGRA~2\COMMON~1\Intel deleted successfully

C:\Program Files\log deleted successfully

C:\PROGRA~3\CLSK deleted successfully

C:\Users\Jelle\AppData\Local\VirtualStore deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-40242581-377180158-3296479076-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully

HKEY_USERS\S-1-5-21-40242581-377180158-3296479076-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22D321B5-7CF-48FC-8179-67A79BE4EA11} deleted successfully

HKEY_USERS\S-1-5-21-40242581-377180158-3296479076-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39FA9E88-F00E-49A8-9C67-A01D92CEE011} deleted successfully

HKEY_USERS\S-1-5-21-40242581-377180158-3296479076-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44AB86E1-4631-428B-801F-B4708CA9914} deleted successfully

HKEY_USERS\S-1-5-21-40242581-377180158-3296479076-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{579C25EB-48C-43CF-99E6-585E4B7C8F53} deleted successfully

HKEY_USERS\S-1-5-21-40242581-377180158-3296479076-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{654770E8-9C9D-4EBC-9DC1-B27267FC13E1} deleted successfully

HKEY_USERS\S-1-5-21-40242581-377180158-3296479076-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7630F2EA-528A-4EC0-91FE-82ECE308FC1} deleted successfully

HKEY_USERS\S-1-5-21-40242581-377180158-3296479076-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFAC6354-DCCB-4553-AA83-9AF1CEB53138} deleted successfully

HKEY_USERS\S-1-5-21-40242581-377180158-3296479076-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7135541-FE19-4C72-AC27-DA119EB1DFB5} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Running Processes ======================

 

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe

C:\ProgramData\IePluginServices\PluginService.exe

C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Jelle\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Users\Jelle\Desktop\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

 

==== Deleting Services ======================

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UniversalUpdater deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b786bdb3c67d deleted successfully

 

==== Registry Fix Code x64 ======================

 

Windows Registry Editor Version 5.00

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 

"YTDownloader"=- 

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 

"YTDownloader"=- 

"Salus"=- 

 

==== Deleting Files \ Folders ======================

 

C:\Program Files (x86)\YTDownloader not found

C:\Program Files (x86)\SupTab not found

C:\Program Files (x86)\Universal Updater not found

C:\Program Files (x86)\f552dd4c52e3 not found

C:\Program Files (x86)\ShopperPro not found

"C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe" not found

C:\Program Files (x86)\0ca45c95134d deleted

C:\Program Files (x86)\fb9c456e-c6d8-4567-b255-31f106c1ca11 deleted

C:\Program Files (x86)\globalUpdate deleted

C:\PROGRA~3\ShopperPro deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Jelle\AppData\Local\globalUpdate deleted

C:\Users\Jelle\AppData\Local\CrashRpt deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

C:\Users\Public\Documents\ShopperPro deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

C:\Windows\Syswow64\RegistryHelperLM.ocx deleted

"C:\Program Files\Common Files\ShopperPro\spbiu.exe" not deleted

"C:\ProgramData\IePluginServices\PluginService.exe" deleted

"C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe" deleted

"C:\PROGRA~3\IePluginServices\PluginService.exe" deleted

"C:\PROGRA~3\IePluginServices\PluginService.exe" deleted

"C:\PROGRA~3\WindowsMangerProtect\ProtectWindowsManager.exe" deleted

"C:\Program Files\Common Files\ShopperPro" not deleted

"C:\ProgramData\IePluginServices" not deleted

"C:\ProgramData\WindowsMangerProtect" not deleted

"C:\PROGRA~3\IePluginServices" not deleted

"C:\PROGRA~3\IePluginServices" not deleted

"C:\PROGRA~3\WindowsMangerProtect" not deleted

 

==== System Specs ======================

 

Windows: Windows Version 6.2 (Build 9200)

Memory (RAM): 4052 MB

CPU Info: Intel® Pentium® CPU G3220 @ 3.00GHz

CPU Speed: 3080,7 MHz

Sound Card: Speakers (Realtek High Definiti | 

Display Adapters: NVIDIA GeForce GTX 745 | NVIDIA GeForce GTX 745

Monitors: 1x; Generic PnP Monitor | 

Screen Resolution: 1920 X 1080 - 32 bit

Network: Network Present

Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter | Realtek PCIe GBE Family Controller

CD / DVD Drives: 1x (F: | ) F: TSSTcorpCDDVDW SH-216DB

Ports: COM Ports NOT Present. LPT Port NOT Present. 

Mouse: 3 Button Wheel Mouse Present

Hard Disks: C:  869,8GB | D:  60,0GB

Hard Disks - Free: C:  667,5GB | D:  43,4GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE |  | ALASKA - 1072009

Time Zone: Romance (standaardtijd)

Motherboard *: MEDION H81H3-EM2

Country: Belgi‰ 

Language: NLB 

 

==== System Specs (Software) ======================

 

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Default Browser: Google Chrome 39.0.2171.71

Internet Explorer Version: 11.0.9600.17416 

Google Chrome version: 39.0.2171.71

Adobe Reader version: 11.0.9.29

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

====== C:\Users\Jelle\AppData\Local\Temp ====

2014-12-09 21:26:27 EB4686F6F4BE2B00AA40978D551F66C4 43008 ----a-w- C:\Users\Jelle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxy42vl.dll

2014-12-09 20:56:06 2B6C7D88053EDF95221D30BC048D9EEB 9728 ----a-w- C:\Users\mieke_000\AppData\Local\Temp\nsu3E7E.tmp\System.dll

2014-12-09 15:05:29 EB4686F6F4BE2B00AA40978D551F66C4 43008 ----a-w- C:\Users\mieke_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucc6i8.dll

2014-12-08 18:35:46 717E87D8F33D1AA7BC647828C2E178C8 222704 ----a-w- C:\Users\Jelle\AppData\Local\Temp\tu17p84.exe

2014-12-08 15:50:49 E8B8EE3DF018745083CD3E1A0180B84B 6866769 ----a-w- C:\Users\Jelle\AppData\Local\Temp\Install_4738\ins_ytd.exe

2014-12-08 15:50:49 5FB507803B530B46A26506956A81E9E4 4689355 ----a-w- C:\Users\Jelle\AppData\Local\Temp\Install_4738\ins_shopperpro.exe

2014-12-08 00:05:32 11AD7B667A17D37C66BFABC966750613 762136 ----a-w- C:\Users\Jelle\AppData\Local\Temp\uobnyv04ydl6.exe

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2014-12-08 19:22:11 95B3CEAF06A2DF96FE28CD0755D319C4 79064 ----a-w- C:\Windows\Sysnative\drivers\qvbfgexw.sys

2014-12-08 18:35:31 95B3CEAF06A2DF96FE28CD0755D319C4 79064 ----a-w- C:\Windows\Sysnative\drivers\cembn.sys

2014-11-12 08:07:28 9F08A6608F98B5407E7DDBCF306573EF 27456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys

2014-11-12 08:07:28 6D2EE96150E35B9EA49F2B481DE0369A 177472 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys

2014-11-12 08:07:28 4E1207CE16E615B0B7A70DC889F4500E 563976 ----a-w- C:\Windows\Sysnative\drivers\cng.sys

2014-11-12 08:06:48 DE8D12B4C3F55FA2C5E9774314F6C58A 258368 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys

2014-11-12 08:06:47 4AD874CDC812EC156265E451B6B09DAB 114496 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys

2014-11-12 08:06:46 0359607177E5E9F6041136CC0A5CB0B6 35320 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys

2014-11-12 08:05:48 CCB3A2BB60FE5073F2DEA63FE83CF8FE 2497344 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys

2014-11-12 08:05:46 E3FCE2A6B3533D99A3B498504DF9CC47 474432 ----a-w- C:\Windows\Sysnative\drivers\netio.sys

2014-11-12 08:05:45 66732C13628BDB1AB0D6FD46027327C2 148800 -c--a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS

2014-11-12 08:05:44 7F23E38C5B6448F91439E4066645191E 428864 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS

====== C:\Windows\Tasks ======

2014-12-08 15:52:28 FE19A729142DB2429CC66C8CD074CD9F 1360 ----a-w- C:\Windows\Tasks\DMHMP.job

2014-12-08 15:52:28 C5FCDE79D26D673A2519B2F7F5931A23 4364 ----a-w- C:\Windows\Sysnative\Tasks\DMHMP

2014-12-08 15:51:51 420C090AB1B130115143343193A1E7E9 1708 ----a-w- C:\Windows\Tasks\AVGNOJW.job

2014-12-08 15:51:51 3767A5CED00EF87B8EF1869D614F177F 4714 ----a-w- C:\Windows\Sysnative\Tasks\AVGNOJW

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-12-08 18:41:54 -------- d-----w- C:\Program Files\trend micro

2014-12-08 15:52:22 -------- d-----w- C:\Program Files\Common Files\ShopperPro

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Jelle\AppData\Roaming ======

2014-12-09 20:57:53 -------- d-----w- C:\Users\mieke_000\AppData\Local\Adobe_Systems_Incorporate

2014-12-09 15:39:27 -------- d-sh--w- C:\Users\mieke_000\AppData\Locallow\EmieBrowserModeList

====== C:\Users\Jelle ======

2014-12-09 20:57:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

2014-12-09 20:56:20 A1BBAA630BAB9F763FB8F01D061E528C 6144272 ----a-w- C:\Users\mieke_000\Downloads\ADE_3.0_Installer (1).exe

2014-12-09 20:55:56 A1BBAA630BAB9F763FB8F01D061E528C 6144272 ----a-w- C:\Users\mieke_000\Downloads\ADE_3.0_Installer.exe

2014-12-08 18:54:57 038B75662205880BE56A8FFA9930F830 5162080 ----a-w- C:\Users\Jelle\Downloads\ccsetup500.exe

2014-12-08 18:40:52 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Jelle\Desktop\RSITx64.exe

2014-12-08 15:50:58 -------- d-----w- C:\ProgramData\IePluginServices

2014-12-08 15:50:42 -------- d-----w- C:\ProgramData\WindowsMangerProtect

 

====== C: exe-files ==

2014-12-09 20:56:20 A1BBAA630BAB9F763FB8F01D061E528C 6144272 ----a-w- C:\Users\mieke_000\Downloads\ADE_3.0_Installer (1).exe

2014-12-09 20:55:56 A1BBAA630BAB9F763FB8F01D061E528C 6144272 ----a-w- C:\Users\mieke_000\Downloads\ADE_3.0_Installer.exe

2014-12-08 18:54:57 038B75662205880BE56A8FFA9930F830 5162080 ----a-w- C:\Users\Jelle\Downloads\ccsetup500.exe

2014-12-08 18:41:55 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Jelle.exe

2014-12-08 18:40:52 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Jelle\Desktop\RSITx64.exe

2014-12-08 18:35:46 717E87D8F33D1AA7BC647828C2E178C8 222704 ----a-w- C:\Users\Jelle\AppData\Local\Temp\tu17p84.exe

2014-12-08 15:50:49 E8B8EE3DF018745083CD3E1A0180B84B 6866769 ----a-w- C:\Users\Jelle\AppData\Local\Temp\Install_4738\ins_ytd.exe

2014-12-08 15:50:49 5FB507803B530B46A26506956A81E9E4 4689355 ----a-w- C:\Users\Jelle\AppData\Local\Temp\Install_4738\ins_shopperpro.exe

2014-12-08 09:30:00 179EF0D01F01A8D3AA1CB4D7D1C88796 2346880 ----a-w- C:\Program Files\Common Files\ShopperPro\spbiu.exe

2014-12-08 00:05:32 11AD7B667A17D37C66BFABC966750613 762136 ----a-w- C:\Users\Jelle\AppData\Local\Temp\uobnyv04ydl6.exe

=== C: other files ==

2014-12-08 19:22:11 95B3CEAF06A2DF96FE28CD0755D319C4 79064 ----a-w- C:\Windows\System32\drivers\qvbfgexw.sys

2014-12-08 18:35:31 95B3CEAF06A2DF96FE28CD0755D319C4 79064 ----a-w- C:\Windows\System32\drivers\cembn.sys

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-21-40242581-377180158-3296479076-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"AppLauncher"="C:\Program Files (x86)\Medion MediaPack 3\Ashampoo AppLauncher (Medion)\AppLauncher.exe"

 

[HKEY_USERS\S-1-5-21-40242581-377180158-3296479076-1002\Software\Microsoft\Windows\CurrentVersion\Run]

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"BoxSync"="C:\Program Files\Box\Box Sync\BoxSync.exe -m"

 

==== Startup Folders ======================

 

2014-04-18 06:32:09 1102 ----a-w- C:\Users\Jelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2014-05-19 06:23:49 1106 ----a-w- C:\Users\mieke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\AVGNOJW.job --a-------- C:\Users\mieke_000\AppData\Roaming\AVGNOJW.exe []

C:\Windows\tasks\DMHMP.job --a-------- C:\Users\mieke_000\AppData\Roaming\DMHMP.exe []

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/03/2014 07:33]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/03/2014 07:33]

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\SysNative\tasks\AVGNOJW" [C:\Users\mieke_000\AppData\Roaming\AVGNOJW.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\DMHMP" [C:\Users\mieke_000\AppData\Roaming\DMHMP.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{64BAB2E2-20A5-409C-AEAA-2C0491862C20}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{F2C56A42-47A5-4083-9491-7A4F73EF528A}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []

 

==== Chromium Look ======================

 

Google Docs - Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

selector is not a valid CSS selector - Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Google Search - Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Docs - mieke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - mieke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - mieke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - mieke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - mieke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - mieke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

 

==== Chromium Fix ======================

 

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

C:\Users\mieke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully

C:\Users\mieke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully

C:\Users\mieke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully

C:\Users\mieke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

C:\Users\mieke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully

C:\Users\mieke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully

C:\Users\mieke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully

C:\Users\mieke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{D48D43D9-DF6C-4B39-BE6F-C8A0B2253078} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB"

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== shortcuts on Users Desktops ======================

 

C:\Users\Default\Desktop\ALDI Foto Service.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.aldifoto.be/nl

C:\Users\Default\Desktop\ALDI Startpagina.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://aldi-bn.aldi.be/

C:\Users\Default\Desktop\ALDI Talk.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.medionmobile.be/

C:\Users\Default\Desktop\LIFESTORE.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.medion.com/lifestore

C:\Users\Default\Desktop\MEDIONhome.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.medion.com/be/nl

C:\Users\Default User\Desktop\ALDI Foto Service.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.aldifoto.be/nl

C:\Users\Default User\Desktop\ALDI Startpagina.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://aldi-bn.aldi.be/

C:\Users\Default User\Desktop\ALDI Talk.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.medionmobile.be/

C:\Users\Default User\Desktop\LIFESTORE.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.medion.com/lifestore

C:\Users\Default User\Desktop\MEDIONhome.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.medion.com/be/nl

C:\Users\Jelle\Desktop\Box Sync.lnk - C:\Users\Jelle\Box Sync 

C:\Users\Jelle\Desktop\Dropbox.lnk - C:\Users\Jelle\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\mieke_000\Desktop\Box Sync.lnk - C:\Users\Jelle\Box Sync 

C:\Users\mieke_000\Desktop\DOCTORAAT 13aug2014 - Snelkoppeling.lnk - C:\Users\mieke_000\Dropbox\DOCTORAAT 13aug2014 

C:\Users\mieke_000\Desktop\Dropbox.lnk - C:\Users\Jelle\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\mieke_000\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\mieke_000\Desktop\Theoretische Dringende ReadingList dec2014 - Snelkoppeling.lnk - C:\Users\mieke_000\Dropbox\DOCTORAAT 13aug2014\BIBLIOGRAPHY\Theoretische Dringende ReadingList dec2014.docx 

 

==== shortcuts on All Users Desktop ======================

 

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe 

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 

C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe 

C:\Users\Public\Desktop\ePainter.lnk - C:\Program Files (x86)\AkzoNobel\OwnRooms\OwnRooms.exe 

C:\Users\Public\Desktop\Kruidvat fotoservice.lnk - C:\Program Files\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe 

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 

 

==== shortcuts in Users Start Menu ======================

 

C:\Users\Jelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418053832&from=amt&uid=TOSHIBAXDT01ACA100_14KJM2NNSXX14KJM2NNSX

C:\Users\Jelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Jelle\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\Jelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Jelle\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 

C:\Users\Jelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Jelle\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

C:\Users\mieke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DOCTORAAT 13aug2014.lnk - C:\Users\mieke_000\Dropbox\DOCTORAAT 13aug2014 

C:\Users\mieke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Jelle\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\mieke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Jelle\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 

C:\Users\mieke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Jelle\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

 

==== shortcuts in All Users Start Menu ======================

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 3.0\DigitalEditions.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418053832&from=amt&uid=TOSHIBAXDT01ACA100_14KJM2NNSXX14KJM2NNSX

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418053832&from=amt&uid=TOSHIBAXDT01ACA100_14KJM2NNSXX14KJM2NNSX

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 3.0\Adobe Digital Editions 3.0.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 3.0\DigitalEditions.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 3.0\Help.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 3.0\Home Page.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 3.0\Uninstall.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 3.0\uninstall.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync\Box Sync.lnk - C:\Windows\Installer\{09C53B19-C578-4803-95EF-DDEDF89D080C}\BoxSync.ico 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1418053832&from=amt&uid=TOSHIBAXDT01ACA100_14KJM2NNSXX14KJM2NNSX

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 

 

==== shortcuts in Quick Launch ======================

 

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1418053832&from=amt&uid=TOSHIBAXDT01ACA100_14KJM2NNSXX14KJM2NNSX

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418053832&from=amt&uid=TOSHIBAXDT01ACA100_14KJM2NNSXX14KJM2NNSX

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1418053832&from=amt&uid=TOSHIBAXDT01ACA100_14KJM2NNSXX14KJM2NNSX

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418053832&from=amt&uid=TOSHIBAXDT01ACA100_14KJM2NNSXX14KJM2NNSX

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTunes (2).lnk - C:\Program Files (x86)\iTunes\iTunes.exe 

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe 

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office PowerPoint 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe 

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe 

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -  

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe 

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office PowerPoint 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe 

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe 

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe 

C:\Users\mieke_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

 

==== shortcuts After Repair ======================

 

C:\Users\Default\Desktop\ALDI Foto Service.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\Default\Desktop\ALDI Startpagina.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\Default\Desktop\ALDI Talk.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\Default\Desktop\LIFESTORE.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\Default\Desktop\MEDIONhome.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\Default User\Desktop\ALDI Foto Service.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\Default User\Desktop\ALDI Startpagina.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\Default User\Desktop\ALDI Talk.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\Default User\Desktop\LIFESTORE.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\Default User\Desktop\MEDIONhome.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\Jelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\Jelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

 

==== HijackThis Entries ======================

 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O4 - HKUS\S-1-5-21-40242581-377180158-3296479076-1001\..\Run: [AppLauncher] C:\Program Files (x86)\Medion MediaPack 3\Ashampoo AppLauncher (Medion)\AppLauncher.exe (User 'UpdatusUser')

O4 - Startup: Dropbox.lnk = Jelle\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-154558-44482-6/4 (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-154558-44482-6/4 (file missing) (HKCU)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Box Sync Update Service (BoxSyncUpdateService) - Box, Inc. - C:\Program Files\Box\Box Sync\SyncUpdaterService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jelle\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Jelle\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\Users\mieke_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\mieke_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Jelle\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\Jelle\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\Users\mieke_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\mieke_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\mieke_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

No Java Cache Found

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=30 folders=25 8330888 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Jelle\AppData\Local\Temp will be emptied at reboot

C:\Users\mieke_000\AppData\Local\Temp emptied successfully

C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Jelle\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Program Files\Common Files\ShopperPro\spbiu.exe"  not found

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

"C:\Program Files\Common Files\ShopperPro"  not found

"C:\ProgramData\IePluginServices"  not found

"C:\ProgramData\WindowsMangerProtect"  not found

"C:\PROGRA~3\IePluginServices"  not found

"C:\PROGRA~3\IePluginServices"  not found

"C:\PROGRA~3\WindowsMangerProtect"  not found

 

==== EOF on di 09/12/2014 at 22:44:18,91 ======================

[kape]

Dubbelklik op Zoek.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

C:\Program Files\Common Files\ShopperPro;fs

C:\ProgramData\WindowsMangerProtect;fs

C:\Windows\tasks\AVGNOJW.job;f

C:\Windows\tasks\DMHMP.job;

CHRdefaults;

• De optie "Scan All Users" staat standaard aangevinkt.
• Klik nu op de knop "Run script".
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
• Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

9 december 2014 aangepast door kape

[YayYay]

 

Zoek.exe v5.0.0.0 Updated 08-December-2014

Tool run by Jelle on wo 10/12/2014 at  0:42:58,44.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Jelle\Desktop\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

10/12/2014 0:43:46 Zoek.exe System Restore Point Created Succesfully.

 

==== Deleting Files \ Folders ======================

 

C:\Program Files\Common Files\ShopperPro not found

C:\ProgramData\WindowsMangerProtect not found

"C:\Windows\tasks\AVGNOJW.job" deleted

 

==== Reset Google Chrome ======================

 

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\mieke_000\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\mieke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=31 folders=25 8332667 bytes)

 

==== EOF on wo 10/12/2014 at  0:44:08,83 ======================