centrino

zeer hard bedankt, sorry voor het late antwoord. Ik heb deze computer opgegeven, er wordt een nieuwe gekocht! Toch super hard bedankt!!!

Beste, dan geeft hij de volgende foutmelding: Runscanner error: Target is not windows 2000 or later

Beste, ik ziet momenteel in de Reatago desktop. Ik zie het pictogram OTLPE staan op mijn bureaublad. Wanneer ik hier echter op dubbelklik, krijg ik het volgende: "Browse for folder met daaronder bv. Ramdisk (B:), Local disk (c:), HP_TOOLS (D:), ...

beste, ik heb meermaals op refresh gedrukt maar het programma blijft dezelfde melding geven dat hij geen usb disks vindt. Ik ga vanavond proberen op een andere computer, hopelijk daar meer succes! Alvast super hard bedankt!

beste, ik heb alle stappen uitgevoerd zoals beschreven op het support forum. Ik krijg echter steeds de melding: No usb disks found! Terwijl ik de USB stick in meerdere poorten heb gestoken en ik steeds de USB stick gewoon kon openen (Ik heb deze vooraf natuurlijk geformatteerd)...

beste, zeer hard bedankt maar ik heb het gevoel dat de CD/DVD drive niet meer werkt. Vanaf de moment dat ik (eender welke) cd of dvd in de drive steek, wilt de laptop niets meer doen... Dan zit hij al vast bij het eerste scherm dat je krijgt wanneer de laptop opstart, pas vanaf dat ik de cd/dvd drive dan open doe, start de laptop verder op, zeer raar...

Beste, ik heb alles gedaan wat hierboven beschreven staat. Ik heb de computer afgesloten, terug herstart maar het virus staat er nog steeds op... Ik kan dus niet bij het scanrapport...

Beste, ik heb zowel het unlocken als het scannen van de computer geprobeerd. Beide werken niet. Wanneer ik de computer opstart is het virus nog steeds aanwezig... Ik heb met het scannen van de computer heel wat verwijderd (een scan van meer dan 6u denk), waardoor ik dacht dat het wel in orde zou zijn. Toch moest ik vaststellen dat na een reboot, het politievirus gewoon nog aanwezig was...

Beste, heel hard bedankt! Spijtig genoeg werkt dit ook niet... Wanneer ik probeer op te starten via de USB, komen er een paar zinnetjes te staan van hitman pro, het lijkt dus eerst dat het gaat werken, maar dan start de laptop automatisch terug opnieuw op...

Het lukt niet om de tool zelf op te starten... Je ziet heel even dat hij de tool wilt starten, maar dan start de laptop ineens terug op...

Beste, ik zit met het politievirus op een laptop. Ik kan echter niet in veilige modus opstarten. Ook heb ik reeds geprobeerd op te starten via USB met hitmanpro erop geïnstalleerd en ik heb ook al proberen op te starten in veilige modus met opdrachtprompt. Niets lukt... Kunnen jullie mij hiermee helpen?

Super hard bedankt!!!

Alles lijkt perfect te werken, super hard bedankt!

logbestandje; # AdwCleaner v3.018 - Report created 13/02/2014 at 11:37:27 # Updated 28/01/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : addy - ADDY-PC # Running from : C:\Users\addy\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon Key Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin Key Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin Key Deleted : HKLM\SOFTWARE\Classes\.bdc Key Deleted : HKLM\SOFTWARE\Classes\.bgl Key Deleted : HKLM\SOFTWARE\Classes\.bof Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\BabyDict Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1 Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1 Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Babylon Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BabylonToolbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\ImInstaller ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v [ File : C:\Users\addy\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [11318 octets] - [13/02/2014 11:30:35] AdwCleaner[s0].txt - [11140 octets] - [13/02/2014 11:37:27] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11201 octets] ##########

hierbij het logbestandje, bedankt! Zoek.exe v5.0.0.0 Updated 10-February-2014 Tool run by addy on do 13-02-2014 at 9:29:21,70. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\addy\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-02-12-190537.log 7128 bytes C:\zoek-results2014-02-12-211456.log 32025 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com not found ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{D19CA586-DD6C-4a0a-96F8-14644F340D60} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ocr@babylon.com deleted successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files= ==== EOF on do 13-02-2014 at 9:31:22,78 ======================

sorry, hier heb je denk ik het volledige logbestand Zoek.exe v5.0.0.0 Updated 10-February-2014 Tool run by addy on wo 12-02-2014 at 20:52:54,93. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\addy\Desktop\zoek.exe [scan all users] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-02-12-190537.log 7128 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Users\addy\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3033 MB CPU Info: Celeron® Dual-Core CPU T3100 @ 1.90GHz CPU Speed: 1943,4 MHz Sound Card: Not detected Display Adapters: | RDP Encoder Mirror Driver Monitors: 1x; Screen Resolution: 800 X 600 - 32 bit Network: Network Present Network Adapters: Dell draadloze 1397 WLAN Mini-kaart | Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller CD / DVD Drives: 1x (D: | ) D: Optiarc DVD+-RW AD-7700H Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 218,2GB Hard Disks - Free: C: 158,5GB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | 10/23/09 | DELL - 27d90a17 Time Zone: West-Europa (standaardtijd) Motherboard *: Dell Inc. 08D7FG Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Default Browser: Google Chrome 32.0.1700.107 Internet Explorer Version: 11.0.9600.16476 Google Chrome version: 32.0.1700.107 Adobe Reader version: 10.1.9.22 Sun Java version: 1.6.0_35 (32-bit) Sun Java version: 1.6.0_14 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\addy\AppData\Local\Temp ==== 2014-02-12 14:46:42 BD4EB1F2B07AD5F7C8F892DFFA30D0ED 265405 ----a-w- C:\Users\addy\AppData\Local\Temp\msi38157.exe 2014-02-09 15:57:33 F3A75D13F93D183CE0EE4F92377DBDFC 285001 ----a-w- C:\Users\addy\AppData\Local\Temp\msi60348.exe 2014-02-08 20:03:17 E3AE8510AFDEC4EEE244674B207D8543 261913 ----a-w- C:\Users\addy\AppData\Local\Temp\msi24961.exe 2014-02-07 10:24:27 08C122DA2F16050B8C7CCE739319A81A 232548 ----a-w- C:\Users\addy\AppData\Local\Temp\msi5330.exe 2014-02-06 06:49:21 CD0EEF8C0F706D6A45B607F1AC4C64BB 229248 ----a-w- C:\Users\addy\AppData\Local\Temp\msi52069.exe 2014-02-05 09:50:48 1C32E11DDA27CE3EEF8C57EBCD69F3C9 236875 ----a-w- C:\Users\addy\AppData\Local\Temp\msi36555.exe 2014-02-05 09:30:35 B55406C06031FF404AFB92C80C4BBC29 248139 ----a-w- C:\Users\addy\AppData\Local\Temp\msi3295.exe 2014-02-05 05:53:29 9A42AF4EF1F97F0D2CECD88CF3B27A9A 243825 ----a-w- C:\Users\addy\AppData\Local\Temp\msi18673.exe 2014-02-04 08:53:39 B2A5E7EC341A88FFCC60BB4F6C0991CB 242960 ----a-w- C:\Users\addy\AppData\Local\Temp\msi57307.exe 2014-02-03 19:44:11 4B2AE65FC9060DB83066C806FB272554 238156 ----a-w- C:\Users\addy\AppData\Local\Temp\msi6030.exe 2014-02-03 17:01:28 2FCF3BD98B23EDC81C1C0D182D0C9520 232288 ----a-w- C:\Users\addy\AppData\Local\Temp\msi8695.exe 2014-02-03 11:30:06 2FCF3BD98B23EDC81C1C0D182D0C9520 232288 ----a-w- C:\Users\addy\AppData\Local\Temp\msi49218.exe 2014-02-03 09:20:22 E7B087B0B19796B1CC31413B4D85EACC 208736 ----a-w- C:\Users\addy\AppData\Local\Temp\msi6836.exe 2014-02-03 09:10:16 E7B087B0B19796B1CC31413B4D85EACC 208736 ----a-w- C:\Users\addy\AppData\Local\Temp\msi56132.exe 2014-02-03 06:08:36 A74974CBCA9690A897DE3CA5DECC9977 208209 ----a-w- C:\Users\addy\AppData\Local\Temp\msi13745.exe 2014-02-02 06:10:00 D72D70583E778719D9D352BE0ADDB3C4 207160 ----a-w- C:\Users\addy\AppData\Local\Temp\msi64309.exe 2014-01-31 16:12:49 D72D70583E778719D9D352BE0ADDB3C4 207160 ----a-w- C:\Users\addy\AppData\Local\Temp\msi9765.exe 2014-01-31 09:38:51 5B7B2E2AC2C6819F5D42EF788CE1F2EE 214794 ----a-w- C:\Users\addy\AppData\Local\Temp\msi30896.exe 2014-01-31 08:08:42 F921952784D1A717E011DC19C0670BA4 87818 ----a-w- C:\Users\addy\AppData\Local\Temp\msi61501.exe 2014-01-30 15:05:31 A9E1E463287A6486A4F42B75F1149740 88136 ----a-w- C:\Users\addy\AppData\Local\Temp\msi11562.exe 2014-01-30 08:27:23 4952E15688D5A71DF9E49361A9CE6382 212040 ----a-w- C:\Users\addy\AppData\Local\Temp\msi44892.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-02-05 18:39:16 AF407EF66A4613E76E186D7B4AB71B7B 9216904 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-01-15 06:43:43 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2014-01-15 06:43:43 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys 2014-01-15 06:43:42 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys 2014-01-15 06:43:42 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys 2014-01-15 06:43:42 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys 2014-01-15 06:43:42 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2014-01-15 06:43:42 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys 2014-01-15 06:43:40 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-02-12 16:54:08 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\addy\AppData\Roaming ====== 2014-02-12 16:12:26 -------- d-----w- C:\Users\addy\AppData\Local\Programs ====== C:\Users\addy ====== 2014-02-12 16:53:32 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\addy\Downloads\RSITx64.exe ====== C: exe-files == 2014-02-12 16:54:08 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\addy.exe 2014-02-12 16:53:32 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\addy\Downloads\RSITx64.exe 2014-02-12 16:12:20 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\addy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JES8800K\mbam-setup-1.75.0.1300.exe 2014-02-12 14:46:42 BD4EB1F2B07AD5F7C8F892DFFA30D0ED 265405 ----a-w- C:\Users\addy\AppData\Local\Temp\msi38157.exe 2014-02-09 15:57:33 F3A75D13F93D183CE0EE4F92377DBDFC 285001 ----a-w- C:\Users\addy\AppData\Local\Temp\msi60348.exe 2014-02-08 20:03:17 E3AE8510AFDEC4EEE244674B207D8543 261913 ----a-w- C:\Users\addy\AppData\Local\Temp\msi24961.exe 2014-02-07 10:24:27 08C122DA2F16050B8C7CCE739319A81A 232548 ----a-w- C:\Users\addy\AppData\Local\Temp\msi5330.exe 2014-02-06 06:49:21 CD0EEF8C0F706D6A45B607F1AC4C64BB 229248 ----a-w- C:\Users\addy\AppData\Local\Temp\msi52069.exe 2014-02-05 23:52:34 87E741104502DD373DEC2248C4FC08D0 20808 ----a-w- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe 2014-02-05 23:52:24 AA2903E3EEE74D5A14846629822AD0AA 14152 ----a-w- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe 2014-02-05 23:52:24 9F99F151A79CB43A56B1A41A21B9DA9F 32584 ----a-w- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\defaults.exe 2014-02-05 23:52:12 61E4289E91E88C90478D7F4BEB10DCF7 59720 ----a-w- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe === C: other files == 2014-02-12 19:04:31 C932F40D347FA317D01428448B5701D1 38891 ----a-w- C:\Users\Public\Desktop\sample_12-02-2014_2004.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Windows\CurrentVersion\Run] "VoipBuster"="C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe -nosplash -minimized" "IncrediMail"="C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c" "Google Update"="C:\Users\addy\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Google Update"="C:\Users\addy\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"="C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "Desktop Disc Tool"="c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "Family Tree Builder Update"="C:\Users\addy\MyHeritage\Bin\FTBCheckUpdates.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "VoipBuster"="C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe -nosplash -minimized" "IncrediMail"="C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c" "Google Update"="C:\Users\addy\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Google Update"="C:\Users\addy\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Broadcom Wireless Manager UI"="C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" "QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] ==== Startup Folders ====================== 2014-01-27 07:34:51 299008 ----a-w- C:\Users\addy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe 2010-02-16 15:38:20 1928 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk 2010-02-16 15:38:20 1928 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-09-2010 15:39] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-09-2010 15:39] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498577065-2771047099-1131248301-1000Core.job --a------ C:\Users\addy\AppData\Local\Google\Update\GoogleUpdate.exe [29-10-2010 10:03] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498577065-2771047099-1131248301-1000UA.job --a------ C:\Users\addy\AppData\Local\Google\Update\GoogleUpdate.exe [29-10-2010 10:03] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2498577065-2771047099-1131248301-1000Core" [C:\Users\addy\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2498577065-2771047099-1131248301-1000UA" [C:\Users\addy\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{F5D58F96-A09A-491C-9C53-35FADE1375FB}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{07EA7F45-B5E6-44B8-961F-45A32BE42E49}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype] "C:\Windows\SysNative\tasks\{0BD8901C-645D-4311-8415-0C4EAD81743D}" [C:\Program Files (x86)\Skype\Phone\Skype.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\D50NJSJ1\Administrator - Start WLAN Tray Applet" [C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ocr@babylon.com"="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com" [] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dhkplhfnhceodhffomolpfigojocbpcb - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02-10-2012 12:14] Babylon Translator - addy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Skype Click to Call - addy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - addy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chrome Fix ====================== C:\Users\addy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage deleted successfully C:\Users\addy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully C:\Users\addy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" "Search Page"="Google" "Search Bar"="Upgrade to Google Chrome" "Default_Search_URL"="Upgrade to Google Chrome" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="%s - Google Search" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="Upgrade to Google Chrome" "Default_Search_URL"="Upgrade to Google Chrome" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="Bing" "Search Bar"="Bing" "Default_Search_URL"="Bing" "Start Page"="Google" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="Bing" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Users\addy\MyHeritage\Bin\FTBCheckUpdates.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized O4 - HKCU\..\Run: [incrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Google Update] "C:\Users\addy\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Google Update] "C:\Users\addy\AppData\Local\Google\Desktop\Install\{d652a17f-6c74-f36c-57b9-0473cbf775f7}\???\???\???\{d652a17f-6c74-f36c-57b9-0473cbf775f7}\GoogleUpdate.exe" > O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: EPUHelp.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing) O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - (no file) O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\addy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\addy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\addy\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\addy\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\addy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files= ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\addy\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\addy\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 12-02-2014 at 22:14:56,70 ======================

beste hier heeft u het logbestand Zoek.exe v5.0.0.0 Updated 10-February-2014 Tool run by addy on wo 12-02-2014 at 19:50:52,58. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\addy\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== ==== Empty Folders Check ====================== C:\Users\addy\AppData\Roaming\Creative deleted successfully C:\Users\addy\AppData\Roaming\The Complete Genealogy Reporter - FTB deleted successfully C:\Users\addy\AppData\Local\Conduit deleted successfully C:\Users\addy\AppData\Local\LogMeIn Rescue Applet deleted successfully ==== Creating Sample_12-02-2014_2004.zip ====================== Process iexplore.exe killed Copied file C:\ProgramData\msjcrakau.exe to sample\msjcrakau.exe sample\msjcrakau.exe renamed to 522B35B08B61239344F318BB1F8C4985 C:\Users\Public\Desktop\sample_12-02-2014_2004.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1A7CFB40-7B6F-4E81-AFA9-0B350690C108} deleted successfully HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Internet Explorer\SearchScopes\{206AE412-6BD8-46BA-8581-FD1919370908} deleted successfully HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96} deleted successfully HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully HKEY_USERS\S-1-5-21-2498577065-2771047099-1131248301-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully ==== Running Processes ====================== C:\Users\addy\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dsxmbztu deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Dsxmbztu deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvemeppw deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dvemeppw deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wcnoczmn deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wcnoczmn deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "29814"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AVworks"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Babylon Client"=- "msi62918"=- "msi3295"=- "msi19644"=- "msi36555"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "29814"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\BabylonToolbar deleted C:\Program Files (x86)\Babylon deleted C:\Users\addy\AppData\Local\AVworks deleted C:\ProgramData\Babylon deleted C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 deleted C:\PROGRA~2\NCH Software\Components\NCHToolbars deleted C:\Program Files\Babylon deleted C:\PROGRA~2\FilmFanaticEI deleted C:\PROGRA~2\Conduit deleted C:\Users\addy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk deleted C:\Users\addy\AppData\Roaming\Babylon deleted C:\ProgramData\Ask deleted C:\ProgramData\boost_interprocess deleted C:\Users\addy\AppData\Local\Babylon deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon deleted C:\Users\addy\AppData\LocalLow\Conduit deleted C:\ProgramData\msjcrakau.exe deleted

bedankt, hier heeft u het logbestand Logfile of random's system information tool 1.09 (written by random/random) Run by addy at 2014-02-12 17:54:07 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 162 GB (73%) free of 223 GB Total RAM: 3032 MB (71% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:54:12, on 12-2-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\trend micro\addy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file) O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Users\addy\MyHeritage\Bin\FTBCheckUpdates.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [msi62918] C:\Users\addy\AppData\Local\Temp\msi62918.exe O4 - HKLM\..\Run: [msi3295] C:\Users\addy\AppData\Local\Temp\msi3295.exe O4 - HKLM\..\Run: [msi19644] C:\Users\addy\AppData\Local\Temp\msi19644.exe O4 - HKLM\..\Run: [msi36555] C:\Users\addy\AppData\Local\Temp\msi36555.exe O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized O4 - HKCU\..\Run: [incrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Google Update] "C:\Users\addy\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Google Update] "C:\Users\addy\AppData\Local\Google\Desktop\Install\{d652a17f-6c74-f36c-57b9-0473cbf775f7}\???\???\???\{d652a17f-6c74-f36c-57b9-0473cbf775f7}\GoogleUpdate.exe" > O4 - HKCU\..\Run: [AVworks] regsvr32.exe C:\Users\addy\AppData\Local\AVworks\AsyncEnum8.dll O4 - HKLM\..\Policies\Explorer\Run: [29814] c:\progra~3\msjcrakau.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: EPUHelp.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - (no file) O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13999 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "c:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE ctfmon.exe C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:868 CREDAT:275457 /prefetch:2 C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:868 CREDAT:3028036 /prefetch:2 "C:\Users\addy\Downloads\RSITx64.exe" ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498577065-2771047099-1131248301-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498577065-2771047099-1131248301-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 6669000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-12 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2012-10-02 5748928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-16 43520] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] Babylon toolbar helper - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll [2012-12-18 242176] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 4171464] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-09-03 329712] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}] Babylon IE plugin - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2012-07-30 298136] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-12 194128] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02 4119744] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-09-03 59376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-12 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll [2012-12-18 314368] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-12 194128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-06-25 1808680] "SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2009-06-29 444416] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-06-30 165912] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-06-30 385560] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-06-30 365080] "Broadcom Wireless Manager UI"=C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [2009-07-17 4968960] "QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2009-07-02 3180624] "IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-05 186904] "MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "29814"=c:\progra~3\msjcrakau.exe [2009-06-09 75177] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "VoipBuster"=C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe [2014-01-24 19641152] "IncrediMail"=C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [2010-11-02 353736] "Google Update"=C:\Users\addy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-29 136176] "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14 20584608] "Google Update"=C:\Users\addy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-29 136176] "AVworks"=regsvr32.exe C:\Users\addy\AppData\Local\AVworks\AsyncEnum8.dll [] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"=C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-06-25 140520] "Desktop Disc Tool"=c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [2009-10-15 498160] "BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184] "Family Tree Builder Update"=C:\Users\addy\MyHeritage\Bin\FTBCheckUpdates.exe [2011-12-21 229376] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696] "Babylon Client"=C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe [2012-07-30 3460760] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392] "msi62918"=C:\Users\addy\AppData\Local\Temp\msi62918.exe [] "msi3295"=C:\Users\addy\AppData\Local\Temp\msi3295.exe [2014-02-05 248139] "msi19644"=C:\Users\addy\AppData\Local\Temp\msi19644.exe [] "msi36555"=C:\Users\addy\AppData\Local\Temp\msi36555.exe [2014-02-05 236875] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce] ""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe""=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [2011-10-08 559616] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "29814"=c:\progra~3\msjcrakau.exe [2009-06-09 75177] C:\Users\addy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup EPUHelp.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist] C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-06-03 257536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 6669000] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 4171464] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "TaskbarNoNotification"=0 "HideSCAHealth"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 "TaskbarNoNotification"=0 "HideSCAHealth"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-02-12 17:54:08 ----D---- C:\Program Files\trend micro 2014-02-12 17:54:07 ----D---- C:\rsit 2014-02-12 17:09:31 ----A---- C:\Windows\ntbtlog.txt 2014-02-05 19:39:16 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe 2014-01-15 07:43:43 ----A---- C:\Windows\system32\drivers\usbport.sys 2014-01-15 07:43:43 ----A---- C:\Windows\system32\drivers\usbehci.sys 2014-01-15 07:43:42 ----A---- C:\Windows\system32\drivers\usbuhci.sys 2014-01-15 07:43:42 ----A---- C:\Windows\system32\drivers\usbohci.sys 2014-01-15 07:43:42 ----A---- C:\Windows\system32\drivers\usbhub.sys 2014-01-15 07:43:42 ----A---- C:\Windows\system32\drivers\usbd.sys 2014-01-15 07:43:42 ----A---- C:\Windows\system32\drivers\usbccgp.sys 2014-01-15 07:43:41 ----A---- C:\Windows\system32\win32k.sys 2014-01-15 07:43:40 ----A---- C:\Windows\system32\drivers\netio.sys ======List of files/folders modified in the last 1 month====== 2014-02-12 17:54:08 ----RD---- C:\Program Files 2014-02-12 17:53:39 ----D---- C:\Windows\Temp 2014-02-12 17:11:10 ----HD---- C:\ProgramData 2014-02-12 17:11:10 ----D---- C:\Windows\SysWOW64 2014-02-12 17:09:31 ----D---- C:\Windows 2014-02-12 17:07:20 ----D---- C:\ProgramData\Babylon 2014-02-12 17:06:37 ----D---- C:\Program Files (x86)\Dell DataSafe Local Backup 2014-02-12 15:47:51 ----D---- C:\Windows\Prefetch 2014-02-12 15:47:42 ----D---- C:\Users\addy\AppData\Roaming\Skype 2014-02-11 14:18:09 ----D---- C:\Windows\system32\config 2014-02-11 14:18:07 ----D---- C:\Windows\Tasks 2014-02-11 14:18:07 ----D---- C:\Windows\system32\wfp 2014-02-11 14:18:07 ----D---- C:\Windows\system32\Tasks 2014-02-11 14:18:07 ----D---- C:\Windows\system32\DriverStore 2014-02-11 14:18:07 ----D---- C:\Windows\system32\CodeIntegrity 2014-02-11 14:18:07 ----D---- C:\Windows\system32\catroot2 2014-02-11 14:18:07 ----D---- C:\Windows\System32 2014-02-11 14:18:06 ----SHD---- C:\Windows\Installer 2014-02-11 14:18:05 ----D---- C:\Windows\inf 2014-02-11 14:18:04 ----D---- C:\ProgramData\Apple Computer 2014-02-11 14:18:04 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-02-11 14:18:04 ----D---- C:\Program Files\iTunes 2014-02-11 14:18:04 ----D---- C:\Program Files (x86)\iTunes 2014-02-11 14:17:58 ----D---- C:\Windows\registration 2014-02-11 14:17:53 ----D---- C:\Windows\system32\catroot 2014-02-11 14:17:38 ----D---- C:\ProgramData\Apple 2014-02-11 14:17:32 ----D---- C:\Program Files\iPod 2014-02-11 14:17:23 ----RD---- C:\Program Files (x86) 2014-02-11 14:15:09 ----SHD---- C:\System Volume Information 2014-02-11 03:10:13 ----D---- C:\Windows\system32\LogFiles 2014-02-05 19:39:39 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2014-02-01 11:26:30 ----A---- C:\Windows\MyHeritage.INI 2014-01-27 08:34:52 ----D---- C:\Users\addy\AppData\Roaming\Adobe 2014-01-24 18:15:57 ----D---- C:\Windows\Minidump 2014-01-19 08:33:29 ----N---- C:\Windows\system32\MpSigStub.exe 2014-01-16 03:23:02 ----D---- C:\Windows\winsxs 2014-01-16 03:19:57 ----D---- C:\Windows\system32\drivers 2014-01-16 03:04:04 ----D---- C:\Windows\system32\MRT 2014-01-16 03:01:51 ----A---- C:\Windows\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600] R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R3 BCM43XX;Stuurprogramma voor de Dell draadloze WLAN-kaart; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-07-17 2769400] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-05-08 215552] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-06-25 273456] S0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240] S1 dsxmbztu;dsxmbztu; \??\C:\Windows\system32\drivers\dsxmbztu.sys [] S1 dvemeppw;dvemeppw; \??\C:\Windows\system32\drivers\dvemeppw.sys [] S1 wcnoczmn;wcnoczmn; \??\C:\Windows\system32\drivers\wcnoczmn.sys [] S2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944] S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2009-07-17 22520] S3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [] S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-03 7333472] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2009-06-29 487424] S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-01 151656] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808] S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432] S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624] S2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 136176] S2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840] S2 SftService;SoftThinks Agent Service; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680] S2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [2009-06-29 240128] S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] S2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [2009-07-17 33280] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 257928] S3 GoToAssist;GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe [2010-02-16 16680] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-10-24 194032] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616] S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-03-09 30798512] S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-18 1255736] -----------------EOF-----------------

Beste, ik zit momenteel met een virus dat mijn computer telkens terug opnieuw opstart. Ik weet echter niet om welk virus dit gaat, hiervoor start de computer te snel weer op. Ik geraak echter wel zonder problemen in veilige modus. Wat stellen jullie voor dat ik doe? Alvast bedankt!

Super hard bedankt voor je hulp!!!

Ik was blijkbaar iets te snel, hier het volledig logbestand: Zoek.exe v5.0.0.0 Updated 25-January-2014 Tool run by 't Zuid on wo 29/01/2014 at 13:45:04,93. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\'t Zuid\Downloads\zoek (1).exe [scan all users] [script inserted] ==== System Restore Info ====================== 29/01/2014 13:47:49 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\Program Files\Symantec deleted successfully C:\ProgramData\PCSettings deleted successfully C:\Users\'t Zuid\AppData\Roaming\Media Player Classic deleted successfully C:\Users\'t Zuid\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1426115102-2163063257-641362550-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1426115102-2163063257-641362550-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5B291E6C-9A74-4034-971B-A4B007A0B315} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeiMeshdatamngr] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeiMeshtoolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\iMesh Applications deleted C:\extensions deleted C:\Users\'t Zuid\AppData\Roaming\AltShell.ini deleted C:\Users\'t Zuid\AppData\Roaming\Registry Mechanic deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted C:\ProgramData\rjv48odr.odd deleted C:\ProgramData\iMesh deleted C:\Users\'t Zuid\AppData\Local\iMesh deleted C:\Users\'t Zuid\AppData\LocalLow\wincoreimband deleted C:\Windows\wininit.ini deleted "C:\Windows\Installer\2f934f9.msi" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\'TZUID~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-01-26 18:44:33 F2BF71FCEAB8FB8A691408C478E2FF4C 3156480 ----a-w- C:\Windows\Sysnative\win32k.sys ====== C:\Windows\Sysnative\drivers ===== 2014-01-26 18:44:34 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys 2014-01-26 18:44:34 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys 2014-01-26 18:44:34 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys 2014-01-26 18:44:34 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2014-01-26 18:44:34 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys 2014-01-26 18:44:34 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2014-01-26 18:44:34 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys 2014-01-26 18:44:32 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-01-27 17:09:51 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\'t Zuid\AppData\Roaming ====== 2014-01-07 16:30:52 -------- d-----w- C:\Users\'t Zuid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup ====== C:\Users\'t Zuid ====== 2014-01-27 17:09:08 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\'t Zuid\Desktop\RSITx64.exe ====== C: exe-files == 2014-01-27 17:09:52 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\'t Zuid.exe 2014-01-27 17:09:08 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\'t Zuid\Desktop\RSITx64.exe 2014-01-27 13:28:18 981716D86BA53B87F9A4B9F837FC60C4 51512 ----a-w- C:\Program Files\SUPERAntiSpyware\sas_enum_cookies.exe 2014-01-27 13:28:18 35DA92670C06C15CF6F5C10708788554 59160 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERDelete.exe 2014-01-26 18:35:46 00C2D68C98FA311C1A80EE33ED846923 36500648 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.76\32.0.1700.76_chrome_installer.exe === C: other files == 2014-01-26 18:44:34 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2014-01-26 18:44:34 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2014-01-26 18:44:34 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2014-01-26 18:44:34 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2014-01-26 18:44:34 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2014-01-26 18:44:34 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2014-01-26 18:44:34 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2014-01-26 18:44:33 F2BF71FCEAB8FB8A691408C478E2FF4C 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-01-26 18:44:32 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\System32\drivers\netio.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-1426115102-2163063257-641362550-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe -update activex" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe -update activex" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AppleSyncNotifier" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DATAMNGR" "hkey"="HKLM" "command"="C:\\PROGRA~2\\iMesh Applications\\MediaBar\\Datamngr\\datamngrUI.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FlashPlayerUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="FlashPlayerUpdate" "hkey"="HKCU" "command"="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe -update activex" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" "hkey"="HKLM" "item"="iTunesHelper" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Malwarebytes Anti-Malware" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe /install /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" "hkey"="HKCU" "item"="msnmsgr" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NortonOnlineBackupReminder] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NortonOnlineBackupReminder" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\Activation\\NobuActivation.exe\" UNATTENDED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" "hkey"="HKLM" "item"="QuickTime Task" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\removeiMeshdatamngr] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="removeiMeshdatamngr" "hkey"="HKLM" "command"="cmd.exe /c RD /S /Q \"C:\\Program Files (x86)\\iMesh Applications\\MediaBar\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\removeiMeshtoolbar] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="removeiMeshtoolbar" "hkey"="HKLM" "command"="cmd.exe /c RD /S /Q \"C:\\Program Files (x86)\\iMesh Applications\\MediaBar\\Datamngr\\ToolBar\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\'t Zuid\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\'t Zuid\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SUPERAntiSpyware" "hkey"="HKCU" "command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" "hkey"="HKCU" "item"="swg" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "command"="\"C:\\Program Files (x86)\\uTorrent\\uTorrent.exe\" /MINIMIZED" "hkey"="HKCU" "item"="uTorrent" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "item"="McAfee Security Scan Plus" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\MCAFEE~1\\3.0.318\\SSScheduler.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^'t Zuid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] "item"="OneNote 2007 Schermopname en Snel starten" "path"="C:\\Users\\'t Zuid\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Schermopname en Snel starten.lnk" "backup"="C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\MICROS~1\\Office12\\ONENOTEM.EXE" ==== Startup Folders ====================== 2013-02-16 10:48:00 1063 ----a-w- C:\Users\'t Zuid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2010-01-02 23:18:10 2111 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/12/2013 15:01] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/01/2010 10:54] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/01/2010 10:54] C:\Windows\tasks\ShareazaNAG.job --a------ C:\Users\TZUID1\AppData\Local\Temp\Shareaza_setup.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe"] "C:\Windows\SysNative\tasks\ShareazaNAG" [C:\Users\'TZUID~1\AppData\Local\Temp\Shareaza_setup.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe] "C:\Windows\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe] "C:\Windows\SysNative\tasks\Recovery Management\Burn Notification" [C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Notification.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [17/01/2010 16:34] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx[28/11/2013 14:56] Norton Identity Protection - 't Zuid\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" "Default_Page_URL"="iGoogle Redirect" "Search Page"="Google" "Search Bar"="Upgrade to Google Chrome" "Default_Search_URL"="Upgrade to Google Chrome" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="%s - Google Search" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="Upgrade to Google Chrome" "Default_Search_URL"="Upgrade to Google Chrome" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="Bing" "Search Bar"="Bing" "Default_Search_URL"="Bing" "Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" "Start Page"="Google" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="Bing" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="{searchTerms} - Google Search" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeiMeshdatamngr deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeiMeshtoolbar deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\'t Zuid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\'t Zuid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\'t Zuid\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=442 folders=66 146358094 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\'t Zuid\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\'TZUID~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 29/01/2014 at 14:05:07,50 ======================

beste, hieronder vindt u het logje: Zoek.exe v5.0.0.0 Updated 25-January-2014 Tool run by 't Zuid on wo 29/01/2014 at 13:45:04,93. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\'t Zuid\Downloads\zoek (1).exe [scan all users] [script inserted] ===== Runcheck 13:47:18,32 ===== --- Create Environment Variables 13:47:18,84 --- Create System Restore Point 13:47:29,17 --- Checking Input 13:47:51,60 --- AU AppData Check 13:48:26,28 --- Remove From Windows Installer 13:48:30,13 --- Empty Folders Check 13:50:13,65 --- IE Startpage Check 13:50:22,10 --- Program Files DB Check 13:51:00,52 --- C:\Users\'t Zuid\AppData\Roaming DB Check 13:51:32,58 --- C:\Users\Default\AppData\Roaming DB Check 13:51:32,58 --- C:\Users\Default User\AppData\Roaming DB Check 13:51:32,58 --- C:\Users\UpdatusUser\AppData\Roaming DB Check 13:51:32,58 --- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 13:51:32,58 --- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 13:51:32,58 --- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 13:51:32,58 --- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 13:51:32,58 --- C:\Users\'t Zuid DB Check 13:53:06,67 --- C:\ProgramData DB Check 13:53:18,63 --- C:\Users\'t Zuid\AppData\Local DB Check 13:53:19,33 --- C:\Users\Default\AppData\Local DB Check 13:53:19,33 --- C:\Users\Default User\AppData\Local DB Check 13:53:19,33 --- C:\Users\UpdatusUser\AppData\Local DB Check 13:53:19,33 --- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 13:53:19,33 --- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 13:53:19,33 --- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 13:53:19,33 --- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 13:53:19,33

bedankt, hierbij het logje: Logfile of random's system information tool 1.09 (written by random/random) Run by 't Zuid at 2014-01-27 18:09:51 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 201 GB (58%) free of 350 GB Total RAM: 3839 MB (64% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:09:55, on 27/01/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Users\'t Zuid\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\'t Zuid\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\trend micro\'t Zuid.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = 't Zuid\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13279 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch "C:\Windows\system32\nvvsvc.exe" "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" "c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe" "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files\Bonjour\mDNSResponder.exe" "C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe" C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt "C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll" /prefetch:1 C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 1740 "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe" "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe" C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3fcce843-35aa-4278-ac7c-8783a3e9e3d4 -SystemEventPortName:HostProcess-bda190c5-e7db-40b5-98fe-78c036306090 -IoCancelEventPortName:HostProcess-1645dd4a-c172-4146-9c2d-8790e6eadde7 -NonStateChangingEventPortName:HostProcess-9a9da9aa-bf94-45c0-bcbf-5afaca2b7f61 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:837c54b7-44b4-4eec-9b9f-1d7480eaf89d -DeviceGroupId:WpdFsGroup "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" C:\Windows\system32\nvvsvc.exe -session -first C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Windows Media Player\wmpnetwk.exe" "taskhost.exe" "C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe" /c /a /s UserSession "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" "C:\Users\'t Zuid\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe" "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 "C:\Users\'t Zuid\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup "C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\iTunes\iTunesHelper.exe" C:\Windows\splwow64.exe 8192 "C:\Program Files\iPod\bin\iPodService.exe" "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F4500 series#1262474564" -Startup "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding C:\Windows\system32\svchost.exe -k SDRSVC "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /UPDATERESULTS:"" "taskhost.exe" C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv taskeng.exe {A1AF5F65-F70A-4A6D-B3C2-5422BC8748C0} C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1426115102-2163063257-641362550-100010_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1426115102-2163063257-641362550-100010 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1" C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe -Embedding C:\Windows\System32\svchost.exe -k WerSvcGroup "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5484 CREDAT:1709327 /prefetch:2 "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe11_ Global\UsGthrCtrlFltPipeMssGthrPipe11 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536 "C:\Users\'t Zuid\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF} ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\ShareazaNAG.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-14 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}] MSS+ Identifier - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll [2013-05-30 509776] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL [2013-04-08 387040] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-14 194128] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-21 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] !{98889811-442D-49dd-99D7-DC866BE87DBC} {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-14 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] !{98889811-442D-49dd-99D7-DC866BE87DBC} {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll [2013-05-30 509776] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-14 194128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-20 7981088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-11-02 59240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR] C:\PROGRA~2\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe -update activex [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-09 54840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-05-31 152392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [2009-07-25 588648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeiMeshdatamngr] cmd.exe /c RD /S /Q C:\Program Files (x86)\iMesh Applications\MediaBar [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeiMeshtoolbar] cmd.exe /c RD /S /Q C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] C:\Users\'t Zuid\AppData\Roaming\Spotify\Spotify.exe [2013-12-17 5951488] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] C:\Users\'t Zuid\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-12-17 1168896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2014-01-27 6563608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2013-04-21 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-02-25 740216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] C:\PROGRA~2\MCAFEE~1\3.0.318\SSScheduler.exe [2013-02-05 272248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^'t Zuid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] C:\PROGRA~2\MICROS~1\Office12\ONENOTEM.EXE [2009-02-26 97680] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "beid"=C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe [2011-05-23 2068480] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\'t Zuid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\'t Zuid\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoInstrumentation"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-01-27 18:09:51 ----D---- C:\rsit 2014-01-27 18:09:51 ----D---- C:\Program Files\trend micro 2014-01-26 19:44:34 ----A---- C:\Windows\system32\drivers\usbuhci.sys 2014-01-26 19:44:34 ----A---- C:\Windows\system32\drivers\usbport.sys 2014-01-26 19:44:34 ----A---- C:\Windows\system32\drivers\usbohci.sys 2014-01-26 19:44:34 ----A---- C:\Windows\system32\drivers\usbhub.sys 2014-01-26 19:44:34 ----A---- C:\Windows\system32\drivers\usbehci.sys 2014-01-26 19:44:34 ----A---- C:\Windows\system32\drivers\usbd.sys 2014-01-26 19:44:34 ----A---- C:\Windows\system32\drivers\usbccgp.sys 2014-01-26 19:44:33 ----A---- C:\Windows\system32\win32k.sys 2014-01-26 19:44:32 ----A---- C:\Windows\system32\drivers\netio.sys 2014-01-20 19:27:38 ----D---- C:\Windows\system32\%LOCALAPPDATA% 2014-01-06 20:23:36 ----A---- C:\Windows\SYSWOW64\GPhotos.scr ======List of files/folders modified in the last 1 month====== 2014-01-27 18:09:51 ----RD---- C:\Program Files 2014-01-27 18:09:45 ----D---- C:\Windows\Temp 2014-01-27 15:04:15 ----SHD---- C:\System Volume Information 2014-01-27 14:56:53 ----D---- C:\Windows\system32\config 2014-01-27 14:34:07 ----D---- C:\Windows\pss 2014-01-27 14:32:08 ----D---- C:\Users\'t Zuid\AppData\Roaming\Media Player Classic 2014-01-27 14:31:54 ----D---- C:\Windows\Panther 2014-01-27 14:31:54 ----D---- C:\Windows\inf 2014-01-27 14:31:53 ----D---- C:\Windows\Logs 2014-01-27 14:31:53 ----D---- C:\Windows\debug 2014-01-27 14:31:53 ----D---- C:\Windows 2014-01-27 14:30:49 ----D---- C:\Program Files\CCleaner 2014-01-27 14:28:18 ----D---- C:\Program Files\SUPERAntiSpyware 2014-01-27 14:20:47 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-27 14:20:41 ----D---- C:\Windows\system32\drivers 2014-01-27 14:18:26 ----D---- C:\Users\'t Zuid\AppData\Roaming\Dropbox 2014-01-27 14:16:39 ----D---- C:\Windows\winsxs 2014-01-27 14:14:45 ----D---- C:\ProgramData\NVIDIA 2014-01-27 14:12:50 ----D---- C:\Windows\System32 2014-01-27 14:12:49 ----D---- C:\Windows\system32\DriverStore 2014-01-27 04:15:16 ----D---- C:\Windows\Tasks 2014-01-27 04:15:16 ----D---- C:\Windows\system32\catroot2 2014-01-27 04:15:15 ----D---- C:\Windows\system32\wfp 2014-01-27 04:15:14 ----D---- C:\Windows\system32\drivers\UMDF 2014-01-27 04:15:14 ----D---- C:\Windows\system32\CodeIntegrity 2014-01-27 04:15:05 ----D---- C:\ProgramData\Norton 2014-01-27 04:15:02 ----D---- C:\Windows\system32\wbem 2014-01-27 04:15:01 ----D---- C:\Windows\registration 2014-01-27 04:14:13 ----HD---- C:\ProgramData 2014-01-26 22:43:56 ----SHD---- C:\Windows\Installer 2014-01-26 22:43:56 ----HD---- C:\Config.Msi 2014-01-26 22:43:51 ----D---- C:\ProgramData\Microsoft Help 2014-01-26 22:41:43 ----D---- C:\Windows\system32\MRT 2014-01-26 22:41:36 ----A---- C:\Windows\system32\MRT.exe 2014-01-26 19:39:39 ----A---- C:\Windows\wininit.ini 2014-01-26 19:36:51 ----D---- C:\Windows\SysWOW64 2014-01-16 03:00:52 ----D---- C:\Users\'t Zuid\AppData\Roaming\Spotify 2014-01-15 11:55:40 ----D---- C:\Windows\Prefetch 2014-01-15 10:32:47 ----D---- C:\Windows\system32\catroot 2014-01-14 09:36:00 ----A---- C:\Windows\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-04-29 239136] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS [2013-05-20 493656] R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS [2013-05-22 1139800] R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140121.001_614\BHDrvx64.sys [2014-01-21 1526488] R1 ccSet_N360;Norton 360 Settings Manager; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [2013-04-15 169048] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2013-11-21 484952] R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140124.001_6bb\IDSvia64.sys [2014-01-24 521944] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [2013-03-04 36952] R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [2013-03-04 224416] R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [2013-04-24 433752] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-20 1831968] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140126.024\ENG64.SYS [2014-01-25 126040] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140126.024\EX64.SYS [2014-01-25 2099288] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-18 189288] R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-08-12 350952] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-04-24 28704] R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [2013-05-15 796760] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2013-09-01 177312] R3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664] S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2010-06-15 44672] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 19968] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456] S3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\drivers\serscan.sys [2009-07-14 12288] S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-01-05 37888] S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2013-01-05 42328] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-09 169312] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-04-19 625184] R2 Greg_Service;GRegService; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496] R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [2013-05-20 144368] R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-04-19 207904] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] R2 Updater Service;Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-05-31 641352] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664] S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136] S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-25 1260320] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-30 651720] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-12 194032] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-28 935208] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2013-08-22 37176] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1255736] -----------------EOF-----------------

zeer raar, maar na het systeemherstel zijn er geen kwaadaardige objecten gevonden wanneer ik scan met MBAM. Wilt dit zeggen dat ik nu volledig verlost ben van het virus?

Met opstartherstel ben ik er ondertussen in geslaagd om de computer weer normaal op te starten (het bureaublad met al zijn iconen is gewoon terug, ik kan terug op internet,...). Wat zijn de stappen die ik moet ondernemen om er zeker van te zijn dat alles verwijderd is?