BJHM

log2.txt - - - Updated - - - Lijkt dat het nu gelukt is (zelfs 2 keer). Dank voor uw hulp.

Hasllo Kape. Heb het bestand (log2.txt) geüpload. Hoop dat het gelukt is. Vr gr. BJHM

Hallo Kape. "Meer opties" zie ik staan, maar beheer bijlagen kan ik niet vinden. Excuus voor de vertraging. - - - Updated - - - Heb nog even een bijkomende vraag: als alles OK zou zijn kan ik de mail dan simpelweg verwijderen met de "verwijder"-knop? Of evtl. met een ander programma? Dank voor uw adviezen. Groeten BJHM

Goedemiddag Kape. Dank voor bericht. Krijg het log niet naar u verzonden. Weet niet wat ik doen moet. Vr gr BJHM - - - Updated - - - Heb het log met rtx-format. Kopiëren en plakken. Is het mss te lang? Vr gr BJHM

Goedemorgen. Zou ik aub nog weer een keer om uw hulp resp. zienswijze mogen vragen aub? Het volgende is er aan de hand: Jl zondag ontving ik een mailtje van:support@salesforce.com. Het was geschreven in het duits. Mozilla Thunderbird oormerkte deze e-mail als ongewenst. Even gekeken om te kijken wat het aan de buitenkant behelst. Er zitten bijlagen bij maar die heb ik niet geopend. Wel de geschreven mededeling zelf, die ongeveer luidde (ik durf hem eigenlijk niet nog een keer te bekijken, heb er wat schrik van): Onderwerp: Wichtige Information zu Ihrer Mitgliedschaf bei Amazon Prime. Tekst in de body ongeveer: Herzlichen Dank für Ihre Bestellung. Im Anhang senden wir Ihnen Ihre Rechnung. Wat opviel is dat deze mail tegelijk was gericht aan 4 of 5 e-mail-adressen, alle met "chello.nl". De achtervoeging chello.nl gebruik ik al zeer geruimte tijd niet meer, vrijwel alles staat op upcmail.nl (behoudens enkele die ik eigelijk nooit gebruik). Als het een bestelling mijnerzijds zou zijn (is het pertinent niet) zou het toch alleen aan mij gezonden moeten zijn? Ik heb even gegoogled op Salesforce en Amazon Prime. Dat schijnt CRM te zijn (weet totaal niet wat dat betekent). Ik krijg de indruk dat dat oplossingen zijn voor bedrijven. Ik ben ruim 65+ en niet meer werkzaam of anderszins zakelijk bezig. Heb er dus totaal geen raakvlakken mee. Ik ben bang dat dat weer een van de manieren is om data van mijn PC en die van anderen te stelen en voorts ben ik bang dat ik dan in de nabije toekomst ineens een onwelkome officiële bezoeker krijg die middels een gerechtelijk bevel geld van me wil. Zoals gezegd durf ik de bijlagen (dacht dat het er 2 waren) niet te openen. Vooral het feit dat de mail als ongewenst was geoormerkt, en dat het aan 4 of 5 verschillende geadresseerden was verzonden (staan allemaal achter elkaar achter elkaar in de adresregel) maakt me kopschuw. Zoudt u mij aub kunnen zeggen of deze materie bij u bekend is en wat ik best kan doen? Bij voorbaat dank. Vriendelijke groet BJHM

Goeienavond Kape. In uw laatste reactie van 14 juli schreef u dat Emsisoft door u was ingeschakeld om de zaak te onderzoeken. Ik heb daarom regelmatig de computer met Emsisoft gescanned. Op 15 augustus nog met het resultaat als tevoren, nl. 26 items. Deze lieten zich nog steeds niet verwijderen of in quarantaine plaatsen. Vorige week donderdag de 22e echter werden er ineens geen 26 maar 13 items gescanned, deze lieten zich toen ook in quarantaine plaatsen. Vandaag heb ik nogmaals gescanned, ditmaal een diepe scan, en er bleken toen geen bedreigingen meer te worden gedetecteerd. Ik neem aan dat dit resultaat is behaald op basis van uw informatie aan Emsisoft, waarvoor mijn hartelijke dank. Onderstaand de logs van 15, 22 en vandaag 25 augustus. Log 15-08: Emsisoft Anti-Malware - Versie 8.0 Laatste Update: 15-8-2013 14:33:28 Gebruikersaccount: DELL\Bart Scaninstellingen: Scanmodus: Snelle scan Objecten: Rootkits, Geheugen, Sporen Detecteer riskware: Uit Scan archieven: Uit ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 15-8-2013 14:33:51 Value: HKEY_CLASSES_ROOT\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Gescand: 321113 Gevonden: 26 Scan geëindigd: 15-8-2013 14:35:16 Scantijd: 0:01:25 In quarantaine geplaatst 0 Log 22-08: Emsisoft Anti-Malware - Versie 8.1 Laatste Update: 22-8-2013 17:54:01 Gebruikersaccount: DELL\Bart Scaninstellingen: Scanmodus: Snelle scan Objecten: Rootkits, Geheugen, Sporen Detecteer PUPs: Uit Scan archieven: Uit ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 22-8-2013 18:05:57 Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Gescand: 321273 Gevonden: 13 Scan geëindigd: 22-8-2013 18:08:06 Scantijd: 0:02:09 Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) In quarantaine geplaatst 13 Log 25-08: Emsisoft Anti-Malware - Versie 8.1 Laatste Update: 25-8-2013 18:34:31 Gebruikersaccount: DELL\Bart Scaninstellingen: Scanmodus: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, E:\, Q:\ Detecteer PUPs: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 25-8-2013 18:36:01 Gescand: 577422 Gevonden: 0 Scan geëindigd: 25-8-2013 21:34:05 Scantijd: 2:58:04 Vriendelijke groet BJHM

Goedemorgen Kape. Dank voor de info. Ik wacht nadere mededelingen af. Vriendelijke groet BJHM

Hallo Kape. Helaas. Ik moet melden dat ze alle 26 nog steeds gedetecteerd staan. Onderstaande het - inmiddels overberbekende - log. Emsisoft Anti-Malware - Versie 8.0 Laatste Update: 13-7-2013 15:22:30 Gebruikersaccount: DELL\Bart Scaninstellingen: Scanmodus: Snelle scan Objecten: Rootkits, Geheugen, Sporen Detecteer riskware: Uit Scan archieven: Uit ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 13-7-2013 15:23:05 Value: HKEY_CLASSES_ROOT\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Gescand 320619 Gevonden 26 Scan geëindigd: 13-7-2013 15:24:35 Scantijd: 0:01:30 Vriendelijke groet BJHM

Goeiemiddag Kape. Onderstaand het log van de Eset Online Scanner: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=90523ebffe86564798edd34b16e8de5b # engine=14370 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-07-13 12:44:35 # local_time=2013-07-13 02:44:35 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1045 16777213 100 87 68778 60853459 0 0 # compatibility_mode=5893 16776574 100 94 180735 125349325 0 0 # scanned=272119 # found=17 # cleaned=17 # scan_time=25692 sh=9C1D72EFBA9D87637E0569CCFAA9D7C3C847BB10 ft=1 fh=dcbf1753c7e69840 vn="Win32/Adware.Linkular.AC application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\otshot\OtShot_postinstallOffer.exe" sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe" sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" sh=1E8E4450AE0FA1AB8B61CD79BC9B9137A94072DC ft=1 fh=87bb5ad8ec7f99ad vn="Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\AppData\Roaming\ZalmanInstaller_otshot\otshotcomponent.exe" sh=3A35D861D3EEB3901C75151E39DDA299CE3B90B8 ft=1 fh=8e9ca01650a84f28 vn="a variant of Win32/OpenInstall application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\AVGSecureSearchInstaller.exe" sh=D5E5CFB9E08FD9FD501710C9E401D8C43FCE377D ft=1 fh=bb1f3b8fba28d9c0 vn="a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\cnet2_b-vob-to-avi-converter-setup_exe.exe" sh=897FD37A4F97BA9BBC92108AA1FB16C970EACBF0 ft=1 fh=58662848aaacab1c vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\FreeYouTubeDownload.exe" sh=211432DD59337840D61255DBFD29A52B79318F24 ft=1 fh=56c17d0ba4f92e30 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\installer_powerdvd_10_mark_ii_Nederlands_Dutch (1).exe" sh=A1EDCA86A5A103B3C014A19C4405E938DADB75D5 ft=1 fh=5ebef66471443d44 vn="Win32/Toggle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\installer_powerdvd_10_mark_ii_Nederlands_Dutch.exe" sh=DEFFDF34CBAD582454D47FCAFE799DE3C8451DE6 ft=1 fh=62a8fd980c3aacd4 vn="Win32/Toggle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\installer_powerdvd_10_Nederlands_Dutch.exe" sh=346FFEDDB6BA6479445F5D68ED6D36A7CB72D6E1 ft=1 fh=f6ded855089a7f91 vn="Win32/Toggle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\installer_winzip_14_5_Nederlands_Dutch (1).exe" sh=312ADCC544AAF912093EB7F27EA6E839D28251F8 ft=1 fh=249ea17d07ba5907 vn="Win32/Toggle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\installer_winzip_14_5_Nederlands_Dutch.exe" sh=7087C953775EA1D34D17DC7F3B4111645A01B942 ft=1 fh=063ce02e621659c7 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\kmp.exe" sh=6E9541BD83859540D2F81638583F22412C595FC9 ft=1 fh=9fe9e8a0e29522c0 vn="Win32/OpenCandy application (deleted - quarantined)" ac=C fn="C:\Users\Bart\Downloads\winzip155.exe" sh=4DFC6AAD6130ACA9B6AB2ACE6156CD9F6D4C2EA8 ft=1 fh=303993671b650ac3 vn="a variant of Win32/OpenInstall application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\WinZip170.exe" sh=2FD26E58F23569D8089482ED22546F992CE0ADA9 ft=1 fh=813f9ccd3040740b vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\yosetup(1).exe" sh=D2FE97C758D67B2E6A5608EC498F4CA51912B27F ft=1 fh=29a2de13b826bdd7 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\yosetup(5).exe" Vriendelijke groet BJHM

Goeiemiddag Kape. Dank voor de instructies. Ik heb ze uitgevoerd. Er werd alleen de express-scan uitgevoerd, waarbij het resultaat was "During scanning no threads were detected". Op het scherm waren toen verder geen vervolgstappen zichtbaar, het hield op na de express-scan. Ik weet even niet hoe het verder moet, Vriendelijke groet BJHM

Hallo Kape. Snelle scan met Emsisoft geeft de malware nog steeds aan. Onderstaand het log: Emsisoft Anti-Malware - Versie 8.0 Laatste Update: 12-7-2013 11:15:41 Gebruikersaccount: DELL\Bart Scaninstellingen: Scanmodus: Snelle scan Objecten: Rootkits, Geheugen, Sporen Detecteer riskware: Uit Scan archieven: Uit ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 12-7-2013 11:15:58 Value: HKEY_CLASSES_ROOT\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Gescand 320556 Gevonden 26 Scan geëindigd: 12-7-2013 11:17:29 Scantijd: 0:01:31 Vriendelijke groet BJHM

Hallo Kape. Dank voor de info. Aansluitend het log van zoek.exe: Zoek.exe Version 4.0.0.4 Updated 10-July-2013 Tool run by Bart on vr 12-07-2013 at 7:24:18,93. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgfws.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\x86\LinkAdvisor\CIDLinkAdvisorService.exe C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Silvercrest OM1008 driver\KMWDSrv.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\NDAS\System\ndassvc.exe C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Windows\System32\igfxtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Users\Bart\Desktop\Toepassingen\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Silvercrest OM1008 driver\StartAutorun.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\EMET\EMET_notifier.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files\NDAS\System\ndasmgmt.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Silvercrest OM1008 driver\KMConfig.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files (x86)\Silvercrest OM1008 driver\KMProcess.exe C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\explorer.exe C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe c:\PROGRA~2\mcafee\siteadvisor\saui.exe C:\Windows\system32\taskhost.exe C:\Users\Bart\Downloads\zoek(2).exe C:\Windows\system32\conhost.exe ==== System Restore Info ====================== 12-7-2013 7:25:48 Zoek.exe System Restore Point Created Succesfully. ==== Creating Sample_12-07-2013_0738.zip ====================== Process firefox.exe killed Process rundll32.exe killed Copied file C:\Users\Bart\AppData\Roaming\LoJackSetup.exe to sample\LoJackSetup.exe Copied file C:\Users\Bart\ctmweb.exe to sample\ctmweb.exe Copied file C:\Users\Bart\ntagent.exe to sample\ntagent.exe sample\ctmweb.exe renamed to 4C663D9819F666339D250852392C9679 sample\LoJackSetup.exe renamed to 31DB773CB9FCA16AA016F876D4417F08 sample\ntagent.exe renamed to 4417F64111FECC0E767A68A6C830E626 C:\Users\Public\Desktop\sample_12-07-2013_0738.zip created successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 7-Zip 9.20 ABN AMRO e.dentifier2 software ACSI Camp Site Guide Europe 2011 Adobe AIR Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) - Nederlands Advertising Center Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft WebCam Companion 3 AVG 2013 AVG PC TuneUp AVG PC TuneUp Language Pack (nl-NL) AviSynth 2.5 Bonjour calibre CallingID LinkAdvisor 2.0 (2.0.0.295) Canon Easy-WebPrint EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 3.0 Canon MP250 series MP Drivers Canon MP270 series MP Drivers Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu CardRecovery 5.20 CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibiliteitspakket voor het 2007 Microsoft Office system CVE-2012-1889 D3DX10 Dell DataSafe Local Backup - Support Software Dell DataSafe Local Backup Dell DataSafe Online Dell Dock Dell Driver Download Manager Dell Edoc Viewer Dell Getting Started Guide Dell Touchpad Dell Wireless WLAN Card Utility EASEUS Partition Master 9.0.0 Home Edition EASEUS Todo Backup Free 2.5.1 eBook Reader EMET Emsisoft Anti-Malware FastStone Photo Resizer 3.1 FileASSASSIN Free Studio version 4.8 Free YouTube Download version 3.1.42.1212 Gebruikersregistratie voor Canon MP250 series Gebruikersregistratie voor Canon MP270 series GemistDownloader Google Earth Google Update Helper HiJackThis Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) iCloud Intel® Graphics Media Accelerator Driver Intel® Rapid Storage Technology Intel© Matrix Storage Manager iTunes Java 7 Update 21 Java 7 Update 21 (64-bit) Java 6 Update 45 Junk Mail filter update K-Lite Codec Pack 5.9.0 (Basic) Malwarebytes Anti-Malware versie 1.75.0.1300 McAfee Security Scan Plus McAfee SiteAdvisor Memeo AutoSync Memeo Instant Backup Mesh Runtime Messenger Companion Microsoft-invoegtoepassing Opslaan als PDF voor 2007 Microsoft Office-programma's Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft Antimalware Service NL-NL Language Pack Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Klik-en-Klaar 2010 Microsoft Office PowerPoint Viewer 2007 (Dutch) Microsoft Office Starter 2010 - Nederlands Microsoft Office Word Viewer 2003 Microsoft PowerPoint Viewer Microsoft Security Client Microsoft Security Client NL-NL Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MioMore Desktop 7.30 MobileMe Control Panel Moyea FLV Player version: 2.0.2.96 Mozilla Firefox 21.0 (x86 nl) Mozilla Maintenance Service Mozilla Thunderbird 17.0.7 (x86 nl) MSVCRT MSVCRT_amd64 Multi-Card Reader & Flash Disk MyFreeCodec NDAS-Software 3.72.2080 Nero ControlCenter Nero Installer Nero MediaHome 4 Nero MediaHome 4 Essentials Nero MediaHome 4 Help Nero Online Upgrade Newsoft H264 Decoder Nitro PDF Reader Nokia Connectivity Cable Driver OLYMPUS CAMEDIA Master 4.2 Opera 12.15 PC Connectivity Solution PC Tools Registry Mechanic 11.1 PCHand Media Converter Free 1.3.0.1 Picasa 3 Quickset64 QuickTime Rapport Roxio Burn Safari Samsung Kies SAMSUNG USB Driver for Mobile Phones Seagate Dashboard Secunia PSI (3.0.0.4001) Secure Eraser Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663) Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) Ship Simulator 2006 Silvercrest OM1008 driver Simnet UnInstaller 2011 SmartSound Quicktracks Plugin Speccy Spelling Dictionaries Support For Adobe Reader 9 Spotify Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD TomTom HOME TomTom HOME Visual Studio Merge Modules Ulead VideoStudio 11 SE DVD Uninstall 1.0.0.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) VideoStudio Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Windows Media Player Firefox Plugin Youtube Downloader HD v. 2.2 ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\prefs.js: Added to C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\prefs.js: Added to C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\prefs.js: user_pref("browser.startup.homepage", "www.upc.nl/live"); Added to C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js: Added to C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\Default User\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Added to C:\Users\Default User\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js: Added to C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Deleting Files \ Folders ====================== "C:\Program Files (x86)\Mozilla Firefox\searchplugins\SafeSearch.xml" deleted "C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted "C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted "C:\Windows\Syswow64\sho437A.tmp" deleted "C:\Windows\Syswow64\sho9BD1.tmp" deleted "C:\Windows\Syswow64\shoA7A7.tmp" deleted "C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\searchplugins\SafeSearch.xml" deleted "C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\searchplugins\SafeSearch.xml" deleted "C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\searchplugins\SafeSearch.xml" deleted "C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\default\searchplugins\SafeSearch.xml" deleted "C:\Users\Default User\AppData\Roaming\Mozilla\Firefox\Profiles\default\searchplugins\SafeSearch.xml" deleted "C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\searchplugins\SafeSearch.xml" deleted "C:\Users\Bart\AppData\Roaming\LoJackSetup.exe" deleted "C:\Users\Bart\ctmweb.exe" deleted "C:\Users\Bart\ntagent.exe" deleted "C:\Users\Bart\AppData\Roaming\Temp" deleted "C:\Program Files (x86)\Uninstall Information\ib_uninst_567" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted "C:\Users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers" deleted "C:\Users\Bart\AppData\Local\CRE" deleted "C:\Users\Bart\AppData\Local\PackageAware" deleted "C:\Windows\SysWow64\searchplugins" deleted "C:\Windows\SysWow64\Extensions" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-07-11 11:00:41 AA87D8963C094E83D879BC2F60DAE09D 260 ------w- C:\Windows\Dit.INI 2013-07-11 11:00:41 14EAAE5F968F8CB2195AF1899080D88D 266240 ------w- C:\Windows\Dit.DLL 2013-07-11 11:00:39 B24E5AA43071071AF839783A6CF9C4AD 61440 ----a-w- C:\Windows\DitExp.exe 2013-07-11 10:59:06 99EF409FED5B34CF62A47A72000FE7BF 507 ------w- C:\Windows\ICCLR.INF ====== C:\Users\Bart\AppData\Local\Temp ==== ====== C:\Windows\SysWOW64 ===== 2013-07-11 10:08:18 BF1D2CFAE91C1E835902ECA27F8F7470 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 10:08:17 6A32A12A2C76B729D6485D04FCFB2175 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-07-11 10:08:15 B6A67646BD7E3A0AF2515703CBBD9A1C 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-07-11 10:08:14 F4A608A800C1BB6838797390CBBC1269 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-07-11 10:08:14 0D2F075863C2FA4F84FB95AC00B95151 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-11 10:08:13 FE29131E35902038066C924CF9C59DF8 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-07-11 10:08:13 DED7DCF831A05D21F49510EA03F8F2C5 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-07-11 10:08:10 EED047A0C528813D6AAF4F4F8B2C40C4 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-07-11 10:08:09 52F71A5790E1B6FFC34648F3B311EEE1 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-07-11 10:08:07 CB811C14C225DD07B98E676DFB0221E6 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-07-11 10:08:06 225D276C730DF08CC83EABAC407F0D75 1141248 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-07-11 10:08:03 AC9A9B64AF7005E488390E38AE00D117 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-07-11 10:08:02 9BF7C7654EFD098EE3A27B49492A382A 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-07-11 10:07:59 CC3FD6DEEE458D0BE9A69241E0749717 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-07-11 10:07:51 AF31E7D2C385F647ADFD5F5736B3BA64 14329856 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-07-11 09:49:48 56D61BE56DA22334829E14CDE6A8C1FE 1620480 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 09:49:47 674EB817CF6E43B7DF3EC26E06E98D98 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll 2013-07-11 09:49:28 1C0E369575F387460E2A5F28269B2CC4 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-07-11 10:08:19 C9EC09E4BF3290331C25F0D12C93CEBF 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-07-11 10:08:17 17B4359BB4BD72F8EB4F92B1DC4E4EB5 526336 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-07-11 10:08:14 CDB7670A5C0F7D230ADC72F542D41AD8 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-07-11 10:08:14 AC127B02DD2C8FD41AC4162BA738F2ED 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-07-11 10:08:14 34EACF2330282CCABA61F8DC43F16FD5 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-07-11 10:08:13 6E1803473B6BCBA4C2FB31582DE12D7D 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-07-11 10:08:13 557F4ACCA6426112E28F19AAD734C971 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-07-11 10:08:12 9E0D8010D7368856617D3FE0FA5DA58F 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-07-11 10:08:10 5A41FA3CB4E47560A26B183429F41D73 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-07-11 10:08:10 4A3D82F996C5B700D42ACCA94C2B9ABD 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-07-11 10:08:08 BEFD16482A3859071F563D2614EE2484 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-07-11 10:08:05 792685A9538424CC1F3FA6A816FE147C 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-07-11 10:08:03 B7B4D3A39BE24D7ABC69C06F44FCC5B1 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-07-11 10:08:01 FAF6EC2460AD5FBBD38D8E1AE28B0D77 2241024 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-07-11 10:07:56 391CD109EF28629644C267C855314DEE 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-07-11 10:07:55 9586EC4E1CC39CCBA26A5E7DFE774C9E 19238912 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-07-11 09:49:48 8B6CBE2FA2BAEDE2A3F5C96733481911 1887744 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL 2013-07-11 09:49:47 A3EC566925BEC505E2418C1AC14E541E 624128 ----a-w- C:\Windows\Sysnative\qedit.dll 2013-07-11 09:49:28 DD85F00EC31F77315AE992B7B0411D65 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll 2013-07-11 09:49:25 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys ====== C:\Windows\Sysnative\drivers ===== 2013-06-12 17:52:47 9849EA3843A2ADBDD1497E97A85D8CAE 1910632 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys ====== C:\Windows\Tasks ====== 2013-06-26 15:45:45 E7169BF52C33D1B083F40E7EF64C22EE 2762 ----a-w- C:\Windows\Sysnative\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 2013-06-24 17:08:10 772096B1533565D97B73C65131B7AA23 3694 ----a-w- C:\Windows\Sysnative\Tasks\Adobe-online actualiseringsprogramma 2013-06-24 17:08:09 DABB44E391D3E3726A365C14BDB27809 3762 ----a-w- C:\Windows\Sysnative\Tasks\ArcSoft Connect Daemon 2013-06-15 06:49:34 0FE564B98FC4089E2E26815A80C888B7 2968 ----a-w- C:\Windows\Sysnative\Tasks\{4C08762B-BCB7-4FEC-BB18-F56B801FEB33} 2013-06-15 06:49:22 0FE564B98FC4089E2E26815A80C888B7 2968 ----a-w- C:\Windows\Sysnative\Tasks\{2067DFCE-FF33-437B-835A-5890DCB6AFFE} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-06-13 17:11:17 -------- d-----w- C:\Program Files\iPod 2013-06-13 17:11:16 -------- d-----w- C:\Program Files\iTunes ======= C:\Program Files (x86) ===== 2013-06-28 09:51:01 -------- d-----w- C:\Program Files (x86)\Mozilla Thunderbird 2013-06-13 17:11:16 -------- d-----w- C:\Program Files (x86)\iTunes 2013-06-13 17:03:49 -------- d-----w- C:\Program Files (x86)\QuickTime ======= C: ===== ====== C:\Users\Bart\AppData\Roaming ====== 2013-07-11 20:05:35 -------- d-----w- C:\users\Public\AppData\Local\temp 2013-07-11 20:05:35 -------- d-----w- C:\users\NeroMediaHomeUser.4\AppData\Local\temp 2013-07-11 20:05:35 -------- d-----w- C:\users\Default\AppData\Local\temp 2013-07-11 20:05:35 -------- d-----w- C:\users\Default User\AppData\Local\temp 2013-07-11 20:05:35 -------- d-----w- C:\users\AppData\AppData\Local\temp ====== C:\Users\Bart ====== 2013-07-11 20:05:35 -------- d-----w- C:\Users\Public\AppData 2013-07-11 20:05:35 -------- d-----w- C:\Users\AppData\AppData 2013-07-11 11:00:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi-Card Reader & Flash Disk 2013-07-08 17:34:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2013-06-24 17:00:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2013-06-24 16:58:39 -------- d-----w- C:\ProgramData\AVG 2013-06-24 16:57:35 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-06-13 17:12:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2013-06-13 17:11:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-13 17:04:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime ====== C: exe-files == 2013-07-11 11:00:38 1AEB989E361AF85F5099DE3DA25457F4 56320 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe 2013-07-11 10:08:11 98C6F2A9A981A54222602B87C6310BDE 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-07-11 10:08:11 30E7CA4620500FE012EB464F0E1DE91E 770648 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2013-07-10 16:47:54 C3190BA6ED6220369EEEED081A14DDFC 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe 2013-07-10 16:47:54 1017788353D8349BF6086B9CDDC8CB7B 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateBroker.exe 2013-07-10 16:47:52 5F42FBCE3A8D9ED552E9852A23CA382F 800024 ----a-w- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateSetup.exe 2013-07-10 16:47:35 CA35155F6B4C4DB2513AAAA868BAFF47 324488 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exe 2013-07-10 16:47:34 09C87F376507122A5FE1CBE06E015512 239496 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe 2013-07-10 16:47:33 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdate.exe 2013-07-10 16:47:28 5F42FBCE3A8D9ED552E9852A23CA382F 800024 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.149\GoogleUpdateSetup.exe 2013-07-08 17:28:52 0E10142276BE74CF0D6E91C0140F1274 7626512 ----a-w- C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe === C: other files == 2013-07-12 05:38:28 E1A2482774B313CE34F827D7F5F3A8E6 10976040 ----a-w- C:\Users\Public\Desktop\sample_12-07-2013_0738.zip 2013-07-11 11:06:24 21CA1F2CD8D5D64F07E8740E6BF1D228 38629 ----a-w- C:\ProgramData\AVG2013\IDS\quarantine\de493fdd-dc28-47d3-923f-d15cc5f14ae3.zip 2013-07-11 09:49:25 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-07-08 17:35:20 D3191AD18930121834D0BF89A7AB9568 1389145 ----a-w- C:\Program Files (x86)\AVG\AVG2013\banners\banners.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Nero MediaHome 4"="C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN" "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "Spotify Web Helper"="C:\Users\Bart\Desktop\Toepassingen\Data\SpotifyWebHelper.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" "Spotify"="C:\Users\Bart\Desktop\Toepassingen\Spotify.exe /uri spotify:autostart" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1003\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe /m" "KMCONFIG"="C:\Program Files (x86)\Silvercrest OM1008 driver\StartAutorun.exe KMConfig.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "SSDMonitor"="C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" "EMET Notifier"="C:\Program Files (x86)\EMET\EMET_notifier.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY" "Memeo Instant Backup"="C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui" "Memeo AutoSync"="C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent" "Seagate Dashboard"="C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "emsisoft anti-malware"="C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe /d=60" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Nero MediaHome 4"="C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN" "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "Spotify Web Helper"="C:\Users\Bart\Desktop\Toepassingen\Data\SpotifyWebHelper.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" "Spotify"="C:\Users\Bart\Desktop\Toepassingen\Spotify.exe /uri spotify:autostart" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Broadcom Wireless Manager UI"="C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "ArcSoft Connection Service"="C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "hkey"="HKLM" "item"="Adobe ARM" "key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "hkey"="HKLM" "item"="Adobe Reader Speed Launcher" "key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier] "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe" "hkey"="HKLM" "item"="AppleSyncNotifier" "key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desktop Disc Tool] "command"="\"c:\\Program Files (x86)\\Roxio\\Roxio Burn\\RoxioBurnLauncher.exe\"" "hkey"="HKLM" "item"="Desktop Disc Tool" "key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Tray] "command"="\"C:\\Program Files (x86)\\EASEUS\\Todo Backup\\bin\\TrayNotify.exe\"" "hkey"="HKLM" "item"="EaseUs Tray" "key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Watch] "command"="\"C:\\Program Files (x86)\\EASEUS\\Todo Backup\\bin\\EuWatch.exe\"" "hkey"="HKLM" "item"="EaseUs Watch" "key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif] "command"="C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" "hkey"="HKLM" "item"="IAAnotif" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" "hkey"="HKLM" "item"="iTunesHelper" "key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nero MediaHome 4] "command"="\"C:\\Program Files (x86)\\Nero\\Nero MediaHome 4\\NeroMediaHome.exe\" /AUTORUN" "hkey"="HKLM" "item"="Nero MediaHome 4" "key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" "hkey"="HKLM" "item"="QuickTime Task" "key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\"" "hkey"="HKCU" "item"="TomTomHOME.exe" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UVS11 Preload] "command"="C:\\Program Files (x86)\\Ulead Systems\\Ulead VideoStudio 11 SE DVD\\uvPL.exe" "hkey"="HKLM" "item"="UVS11 Preload" "key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Bart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk] "backup"="C:\\Windows\\pss\\Dell Dock.lnkStartup" "command"="C:\\Program Files (x86)\\Dell\\DellDock\\DellDock.exe " "item"="Dell Dock" "path"="C:\\Users\\Bart\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dell Dock.lnk" "backupExtension"="Startup" ==== Startup Folders ====================== 2010-07-04 10:25:44 2000 ----a-w- C:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk 2010-07-04 10:25:44 2000 ----a-w- C:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk 2012-02-28 16:08:31 2000 ----a-w- C:\users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk 2012-03-18 15:16:14 2251 ----a-w- C:\users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk 2012-05-05 05:36:14 2056 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11-07-2013 10:38] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-07-2010 19:40] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-07-2010 19:40] C:\Windows\tasks\RMAutoUpdate.job --a------ C:\Program Files (x86)\Registry Mechanic\SULauncher.exe [21-08-2012 15:44] C:\Windows\tasks\RMSchedule.job --a------ C:\Program Files (x86)\Registry Mechanic\RegMech.exe [21-08-2012 15:43] C:\Windows\tasks\ROC_REG_JAN_DELETE.job --a------ [undetermined Task] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default - Undetermined - %ProfilePath%\extensions\{72cabc40-64b2-46ed-8648-26d831761150} ProfilePath: C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922 - McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor AppDir: C:\Program Files (x86)\Mozilla Firefox - Undetermined - %AppDir%\extensions\staged - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} ==== Firefox Plugins ====================== Profilepath: C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922 0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions abdnighfgafbeighondbgepoenlnpcef - No path found[] fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[22-05-2013 10:24] gkeciodhggpcngbhlhiiphbhlddbaafl - No path found[] jmfkcklnlgedgbglfkkgedjfmejoahla - No path found[] ndibdjnfmopecpmkdieinmbadjfpblof - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[12-12-2012 19:51] CallingID LinkAdvisor 2.0 Toolbar - Bart - Default\Extensions\abdnighfgafbeighondbgepoenlnpcef SiteAdvisor - Bart - Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho CallingID LinkAdvisor 2.0 - Bart - Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl DVDVideoSoft Browser Extension - Bart - Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp ==== Chrome Fix ====================== C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef deleted successfully C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.upc.nl/live" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.upc.nl/live" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {78BABCD0-C71F-405E-9E6F-BBAAE6B92462} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=" {8564538E-B1C7-4B8B-B8A7-DA57A7C7FA1A} Unknown Url="Not_Found" {8A8DE9FB-091D-4EB5-BDAF-3BFF98F11202} Unknown Url="Not_Found" {AE59E6A3-2679-4D6B-A3D0-5D31FFDCC8DE} CallingID Safe Search Url="http://search.callingid.com/search.aspx?q={searchTerms}&cx=000976018278371213697:d_pbn3nwah0&l={language}&ie={inputEncoding}&oe={outputEncoding}&cl=ie&p=bi&cid=yes" {BE28C22E-F666-424d-B5FD-125C4AFEE34E} Zoeken Url="http://search.myheritage.com?orig=ds&q={searchTerms}" {EB898A1F-3EC7-423C-9A3E-48BCE4242339} Secure-zoeken Url="http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}" ==== Reset Google Chrome ====================== C:\users\Bart\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8564538E-B1C7-4B8B-B8A7-DA57A7C7FA1A} deleted successfully HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8A8DE9FB-091D-4EB5-BDAF-3BFF98F11202} deleted successfully HKEY_CLASSES_ROOT\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully HKEY_CLASSES_ROOT\CLSID\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Bart\Desktop\ACSI Campinggids Europa 2011 - Snelkoppeling.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACSI Campinggids Europa 2011 C:\Users\Bart\Desktop\DELL - Snelkoppeling.lnk - \\DELL C:\Users\Bart\Desktop\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe C:\Users\Bart\Desktop\Free YouTube Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe C:\Users\Bart\Desktop\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Bart\Desktop\Browsers\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Bart\Desktop\Browsers\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Users\Bart\Desktop\Browsers\Opera.lnk - C:\Program Files (x86)\Opera\opera.exe C:\Users\Bart\Desktop\Browsers\Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe C:\Users\Bart\Desktop\Cleaning\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Users\Bart\Desktop\Cleaning\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe C:\Users\Bart\Desktop\Cleaning\Emsisoft Anti-Malware.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe C:\Users\Bart\Desktop\Cleaning\FileASSASSIN.lnk - C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe C:\Users\Bart\Desktop\Cleaning\HiJackThis.lnk - C:\Users\Bart\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe C:\Users\Bart\Desktop\Cleaning\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Bart\Desktop\Cleaning\McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\mcuicnt.exe SecurityScanner.dll C:\Users\Bart\Desktop\Cleaning\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\Users\Bart\Desktop\Cleaning\PC Tools Registry Mechanic.lnk - C:\Program Files (x86)\Registry Mechanic\RegMech.exe C:\Users\Bart\Desktop\Cleaning\Secure Eraser.lnk - C:\Program Files (x86)\ASCOMP Software\Secure Eraser\sEraser.exe C:\Users\Bart\Desktop\Printer 250\Canon Easy-PhotoPrint EX.lnk - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE C:\Users\Bart\Desktop\Printer 250\Canon MP Navigator EX 3.0.lnk - C:\Program Files (x86)\Canon\MP Navigator EX 3.0\mpnex30.exe C:\Users\Bart\Desktop\Printer 250\Canon MP250 series Online handleiding.lnk - C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MP250 SERIES\Dutch\Info.egv" C:\Users\Bart\Desktop\Printer 250\Canon My Printer.lnk - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE /dt C:\Users\Bart\Desktop\Printer 250\Canon Solution Menu.lnk - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE C:\Users\Bart\Desktop\Printer 250\Gebruikersregistratie voor Canon MP250 series.LNK - C:\Program Files (x86)\Canon\IJEREG\MP250 series\IJEREG.exe C:\Users\Bart\Desktop\Printer 270\Canon Easy-PhotoPrint EX.lnk - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE C:\Users\Bart\Desktop\Printer 270\Canon MP Navigator EX 3.0.lnk - C:\Program Files (x86)\Canon\MP Navigator EX 3.0\mpnex30.exe C:\Users\Bart\Desktop\Printer 270\Canon MP270 series Online handleiding.lnk - C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MP270 SERIES\Dutch\Info.egv" C:\Users\Bart\Desktop\Printer 270\Canon My Printer.lnk - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE /dt C:\Users\Bart\Desktop\Printer 270\Canon Solution Menu.lnk - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE C:\Users\Bart\Desktop\Printer 270\Gebruikersregistratie voor Canon MP270 series.LNK - C:\Program Files (x86)\Canon\IJEREG\MP270 series\IJEREG.exe C:\Users\Bart\Desktop\Toepassingen\7-Zip File Manager.lnk - C:\Program Files (x86)\7-Zip\7zFM.exe C:\Users\Bart\Desktop\Toepassingen\Adobe Digital Editions.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions\digitaleditions.exe C:\Users\Bart\Desktop\Toepassingen\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Bart\Desktop\Toepassingen\calibre - E-book management.lnk - C:\Program Files (x86)\Calibre2\calibre.exe C:\Users\Bart\Desktop\Toepassingen\CAMEDIA Master.lnk - C:\Program Files (x86)\OLYMPUS\CAMEDIA Master 4.1\CAMEDIA Master.exe C:\Users\Bart\Desktop\Toepassingen\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe C:\Users\Bart\Desktop\Toepassingen\EASEUS Partition Master 9.0.0 Home Edition.lnk - C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.0.0 Home Edition\bin\epm0.exe C:\Users\Bart\Desktop\Toepassingen\EASEUS Todo Backup Free 2.5.1.lnk - C:\Program Files (x86)\EASEUS\Todo Backup\bin\Loader.exe C:\Users\Bart\Desktop\Toepassingen\GemistDownloader.lnk - C:\Program Files (x86)\GemistDownloader\GemistDownloader.exe C:\Users\Bart\Desktop\Toepassingen\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Bart\Desktop\Toepassingen\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Bart\Desktop\Toepassingen\Microsoft PowerPoint Viewer .lnk - C:\Windows\Installer\{95140000-00AF-0413-0000-0000000FF1CE}\ppvwicon.exe C:\Users\Bart\Desktop\Toepassingen\MioMore Desktop 7.30.lnk - C:\Program Files (x86)\Mio\MioMore Desktop 7.30\MioMore.exe C:\Users\Bart\Desktop\Toepassingen\Moyea FLV Player.lnk - C:\Program Files (x86)\Moyea\FLV Player\FLV Player.exe C:\Users\Bart\Desktop\Toepassingen\Nero MediaHome 4.lnk - C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe -ScParameter=30005 C:\Users\Bart\Desktop\Toepassingen\Nitro PDF Reader.lnk - C:\Program Files (x86)\Nitro PDF\Reader\NitroPDFReader.exe C:\Users\Bart\Desktop\Toepassingen\PCHand Media Converter Free.lnk - C:\Program Files (x86)\PCHand\Media Converter Free\MediaConverter.exe C:\Users\Bart\Desktop\Toepassingen\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Bart\Desktop\Toepassingen\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Bart\Desktop\Toepassingen\Roxio - Snelkoppeling.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio C:\Users\Bart\Desktop\Toepassingen\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite C:\Users\Bart\Desktop\Toepassingen\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe C:\Users\Bart\Desktop\Toepassingen\Ship Simulator 2006.lnk - C:\Program Files (x86)\Vstep\ShipSim2006\ShipSim.exe C:\Users\Bart\Desktop\Toepassingen\Simnet UnInstaller 2011.lnk - C:\Program Files (x86)\Simnet\UnInstaller\UnInstaller.exe C:\Users\Bart\Desktop\Toepassingen\Snelkoppeling naar photorescue.lnk - C:\Users\Bart\Desktop\Toepassingen\Photorescue\photorescue.exe C:\Users\Bart\Desktop\Toepassingen\Speccy.lnk - C:\Program Files (x86)\Speccy\Speccy.exe C:\Users\Bart\Desktop\Toepassingen\TomTom HOME 2.lnk - C:\Program Files (x86)\TomTom HOME 2\TomTomHOME.exe "" C:\Users\Bart\Desktop\Toepassingen\Ulead VideoStudio 11 SE DVD.lnk - C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE DVD\vstudio.exe C:\Users\Bart\Desktop\Toepassingen\Windows DVD Maker.lnk - C:\Users\Bart\Desktop\Toepassingen\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe C:\Users\Bart\Desktop\Toepassingen\Youtube Downloader HD.lnk - C:\Program Files (x86)\Youtube Downloader HD\YouTubeDownloaderHD.exe C:\Users\Bart\Desktop\Toepassingen\Google Earth\Google Earth starten in DirectX-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX C:\Users\Bart\Desktop\Toepassingen\Google Earth\Google Earth starten in OpenGL-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setOGL C:\Users\Bart\Desktop\Toepassingen\Google Earth\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Bart\Desktop\VAN STICK\Windows Easy Transfer.lnk - C:\Users\Bart\Desktop\VAN STICK\Windows Easy Transfer\x86\MigSetup.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\AVG 1-klik Onderhoud.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe C:\Users\Public\Desktop\AVG PC TuneUp.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe C:\Users\Public\Desktop\CardRecovery.lnk - C:\Program Files (x86)\CardRecovery\CardRecovery.exe C:\Users\Public\Desktop\FastStone Photo Resizer.lnk - C:\Program Files (x86)\FastStone Photo Resizer\FSResizer.exe C:\Users\Public\Desktop\Seagate Dashboard.lnk - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe C:\Users\Public\Desktop\WebCam Companion 3.lnk - C:\Program Files (x86)\ArcSoft\WebCam Companion 3\uWebCam.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\AVG PC TuneUp.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Help AVG PC TuneUp.lnk - C:\ProgramData\AVG\AWL2012\nl-NL\main_vista_7.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG 1-klik Onderhoud.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Disk Doctor.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DiskDoctor.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Disk Space Explorer.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DiskExplorer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Drive Defrag.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DriveDefrag.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Economy-modus.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\EnergyOptimizer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Gain Disk Space.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe /gaindiskspace C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Live-optimalisatie.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SettingCenter.exe /live C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Process Manager.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\ProcessManager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Program Deactivator.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\ProgramDeactivator.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Registry Cleaner.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RegistryCleaner.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Registry Defrag.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RegistryDefrag.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Registry Editor.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RegistryEditor.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Repair Wizard.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RepairWizard.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Rescue Center.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RescueCenter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Setting Center.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SettingCenter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Shortcut Cleaner.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\ShortcutCleaner.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Shredder.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Shredder.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG StartUp Manager.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\StartUpManager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG StartUp Optimizer.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\StartupOptimizer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Styler.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Styler.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG System Control.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SystemControl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG System Information.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SystemInformation.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Undelete.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Undelete.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Uninstall Manager.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\UninstallManager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Update Wizard.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\UpdateWizard.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG-optimalisatierapport.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Report.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files (x86)\CCleaner\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi-Card Reader & Flash Disk\Uninstall Multi-Card Reader & Flash Disk.lnk - C:\Program Files (x86)\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe -wShortCut C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Over QuickTime.lnk - C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\RichText.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk - C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\PictureViewer.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime deïnstalleren.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\QTPlayer.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport\Rapport Console.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -config C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport\Rapport starten.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -userstart C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport\Rapport stoppen.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -shutdown ==== shortcuts in Quick Launch ====================== C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions\digitaleditions.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Moyea FLV Player.lnk - C:\Program Files (x86)\Moyea\FLV Player\FLV Player.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG PC TuneUp.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Nero MediaHome 4.lnk - C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe -ScParameter=30005 C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera11.50 1074.lnk - C:\Program Files (x86)\Opera\opera.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Secunia PSI.lnk - C:\Program Files (x86)\Secunia\PSI\psi.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk - C:\Users\Bart\Desktop\Toepassingen\spotify.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Moyea FLV Player.lnk - C:\Program Files (x86)\Moyea\FLV Player\FLV Player.exe C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\abdnighfgafbeighondbgepoenlnpcef deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\users\Bart\AppData\Local\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\users\Bart\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Bart\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 12-07-2013 at 8:01:27,54 ====================== Vriendelijke groet BJHM

Goedemorgen Kape. Bij mijn bovenstaande reactie vergat ik te melden dat ik AVG en Microsoft Security Essentials wel uitgeschakeld kreeg maar MBAM en Emsisoft niet. Zou dit misschien de oorzaak kunnen zijn van het feit dat de malware niet verwijderd is? (Heb later wel MBAM uitgeschakeld gekregen maar Emsisoft niet). Vriendelijke groet BJHM

Hallo Kape. Dank voor de info. Heb Emsisoft gedraaid en gezien dat de 26 bedreigingen (met gemiddeld risico) nog worden gedetecteerd. Onderstaand het log: Emsisoft Anti-Malware - Versie 8.0 Laatste Update: 11-7-2013 22:50:52 Gebruikersaccount: DELL\Bart Scaninstellingen: Scanmodus: Snelle scan Objecten: Rootkits, Geheugen, Sporen Detecteer riskware: Uit Scan archieven: Uit ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 11-7-2013 22:51:05 Value: HKEY_CLASSES_ROOT\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Gescand 320474 Gevonden 26 Scan geëindigd: 11-7-2013 22:52:39 Scantijd: 0:01:34 Vriendelijke groet BJHM

Hallo Kape. ComboFix gedraaid, onderstaand het log: (Mag ik aannemen dat ik de uitschakeling van de diverse antivirus- en antispywareprogramma's weer ongedaan kan maken?): ComboFix 13-07-11.03 - Bart 11-07-2013 21:33:41.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4056.1907 [GMT 2:00] Gestart vanuit: c:\users\Bart\Downloads\ComboFix.exe AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\LoJackNotifier.txt c:\users\Bart\javahelper.exe c:\windows\SysWow64\muzapp.exe c:\windows\SysWow64\System32\MASetupCleaner.exe c:\windows\SysWow64\System32\muzapp.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_BCMWLTRY.EXE pid: 1992 578: c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE -------\Service_conhost.exe pid: 1968 24: c:\windows\System32\nl-NL\conhost.exe.mui -------\Service_conhost.exe pid: 6660 24: c:\windows\System32\nl-NL\conhost.exe.mui -------\Service_Copyright © 1997-2008 Mark Russinovich -------\Service_Handle v3.42 -------\Service_lsm.exe pid: 872 250: c:\windows\System32\nl-NL\lsm.exe.mui -------\Service_MsMpEng.exe pid: 1052 36C: c:\program files\Microsoft Security Client\MpCmdRun.exe -------\Service_MsMpEng.exe pid: 1052 39C: c:\program files\Microsoft Security Client\NisSrv.exe -------\Service_rundll32.exe pid: 2784 30: c:\windows\System32\nl-NL\rundll32.exe.mui -------\Service_rundll32.exe pid: 2800 30: c:\windows\System32\nl-NL\rundll32.exe.mui -------\Service_rundll32.exe pid: 2824 58: c:\windows\SysWOW64\nl-NL\rundll32.exe.mui -------\Service_SftService.exe pid: 4208 A4: c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE.20130711130416_1.log -------\Service_STService.exe pid: 4736 F4: c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STSERVICE.EXE.20130711130419_1.log -------\Service_Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources -------\Service_wlanext.exe pid: 1960 44: c:\windows\System32\nl-NL\wlanext.exe.mui -------\Service_wmpnetwk.exe pid: 6200 3C: c:\program files\Windows Media Player\nl-NL\wmpnetwk.exe.mui . . (((((((((((((((((((( Bestanden Gemaakt van 2013-06-11 to 2013-07-11 )))))))))))))))))))))))))))))) . . 2013-07-11 19:48 . 2013-07-11 19:52 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp 2013-07-11 19:48 . 2013-07-11 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-11 11:00 . 2003-12-12 11:16 266240 ------w- c:\windows\Dit.DLL 2013-07-11 11:00 . 2003-07-11 08:31 61440 ----a-w- c:\windows\DitExp.exe 2013-07-11 10:07 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-07-11 10:07 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll 2013-07-11 09:50 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-11 09:50 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-11 09:50 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-11 09:50 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll 2013-07-11 09:50 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll 2013-07-11 09:50 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll 2013-07-11 09:50 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll 2013-07-11 09:49 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-11 09:49 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-11 09:49 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll 2013-07-11 09:49 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-07-11 09:49 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-07-11 09:49 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-07-11 09:49 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-07-11 09:49 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-11 09:49 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-11 09:49 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 09:49 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-11 09:49 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-06-28 09:51 . 2013-06-30 15:28 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-06-24 17:00 . 2012-08-23 09:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe 2013-06-24 17:00 . 2012-08-23 09:31 26488 ----a-w- c:\windows\system32\authuitu.dll 2013-06-24 17:00 . 2012-08-23 09:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll 2013-06-24 16:58 . 2013-06-24 17:00 -------- d-----w- c:\programdata\AVG 2013-06-24 16:57 . 2013-06-24 16:57 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-06-13 17:11 . 2013-06-13 17:11 -------- d-----w- c:\program files\iPod 2013-06-13 17:11 . 2013-06-13 17:12 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-13 17:11 . 2013-06-13 17:12 -------- d-----w- c:\program files\iTunes 2013-06-13 17:11 . 2013-06-13 17:12 -------- d-----w- c:\program files (x86)\iTunes 2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll 2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll 2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll 2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll 2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll 2013-06-13 17:03 . 2013-06-13 17:04 -------- d-----w- c:\program files (x86)\QuickTime 2013-06-12 17:51 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-06-12 17:51 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-11 12:12 . 2013-07-11 12:12 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8121BFCF-AA66-42C3-9AAF-78695A5C6A53}\offreg.dll 2013-07-11 10:10 . 2010-07-09 19:09 78185248 ----a-w- c:\windows\system32\MRT.exe 2013-07-11 08:38 . 2012-03-30 19:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-11 08:38 . 2011-05-21 11:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-21 14:47 . 2013-06-21 14:48 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CE04BD2-86DA-48EE-8BAD-2ABCAEB8AA70}\gapaengine.dll 2013-06-18 14:14 . 2012-10-09 10:31 236688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys 2013-06-12 03:08 . 2013-07-11 12:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8121BFCF-AA66-42C3-9AAF-78695A5C6A53}\mpengine.dll 2013-06-12 03:08 . 2013-07-11 10:48 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-23 06:13 . 2012-10-06 05:48 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-11 16:51 . 2012-07-12 12:59 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 15:29 . 2011-02-15 17:15 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2013-04-30 12:26 . 2013-04-30 12:26 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-30 12:26 . 2012-06-13 20:23 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-04-30 12:26 . 2010-07-04 10:05 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-30 12:19 . 2013-04-30 12:19 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-04-30 12:19 . 2013-04-30 12:20 311200 ----a-w- c:\windows\system32\javaws.exe 2013-04-30 12:19 . 2013-04-30 12:19 188832 ----a-w- c:\windows\system32\javaw.exe 2013-04-30 12:19 . 2013-04-30 12:19 188320 ----a-w- c:\windows\system32\java.exe 2013-04-30 12:19 . 2012-10-24 11:00 1092512 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-04-30 12:19 . 2010-07-04 10:06 971680 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-13 05:49 . 2013-05-16 13:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-16 13:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-16 13:18 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-16 13:18 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-16 13:18 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 13:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296] "Spotify Web Helper"="c:\users\Bart\Desktop\Toepassingen\Data\SpotifyWebHelper.exe" [2013-05-12 1105408] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104] "KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560] "Spotify"="c:\users\Bart\Desktop\Toepassingen\Spotify.exe" [2013-05-12 4573184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "KMCONFIG"="c:\program files (x86)\Silvercrest OM1008 driver\StartAutorun.exe" [2008-05-29 212992] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120] "EMET Notifier"="c:\program files (x86)\EMET\EMET_notifier.exe" [2012-05-09 152152] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368] "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2012-04-14 131072] "Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280] "emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2013-07-11 2928040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-12 559616] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] NDAS Geräte-Manager.lnk - c:\program files\NDAS\System\ndasmgmt.exe /startup [2010-1-13 389608] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-16 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CallingID\CallingIDLinkAdvisor2.0\x86\LinkAdvisor\CIDLinkAdvisor.dll" [2013-06-26 3684888] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys;c:\windows\SYSNATIVE\DRIVERS\btcomport.sys [x] R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys;c:\windows\SYSNATIVE\Drivers\btcombus.sys [x] R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x] R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x] R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys;c:\windows\SYSNATIVE\DRIVERS\aabed2.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x] S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys;c:\windows\SYSNATIVE\drivers\eufs.sys [x] S0 ndasfs;ndasfs;c:\windows\system32\DRIVERS\ndasfs.sys;c:\windows\SYSNATIVE\DRIVERS\ndasfs.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x] S1 archlp;archlp;SysWOW64\drivers\archlp.sys;SysWOW64\drivers\archlp.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x] S1 ndasfat;NDAS FAT File System Service;c:\windows\system32\DRIVERS\ndasfat.sys;c:\windows\SYSNATIVE\DRIVERS\ndasfat.sys [x] S1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\DRIVERS\ndasrofs.sys;c:\windows\SYSNATIVE\DRIVERS\ndasrofs.sys [x] S1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [x] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x] S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [x] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] S2 CIDLinkAdvisorService;CIDLinkAdvisorService;c:\program files\CallingID\CallingIDLinkAdvisor2.0\x86\LinkAdvisor\CIDLinkAdvisorService.exe;c:\program files\CallingID\CallingIDLinkAdvisor2.0\x86\LinkAdvisor\CIDLinkAdvisorService.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x] S2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe [x] S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Silvercrest OM1008 driver\KMWDSrv.exe;c:\program files (x86)\Silvercrest OM1008 driver\KMWDSrv.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\siteadvisor\mcsacore.exe;c:\progra~2\mcafee\siteadvisor\mcsacore.exe [x] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x] S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [x] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x] S3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys;c:\windows\SYSNATIVE\drivers\eudisk.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:38] . 2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-11 17:40] . 2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-11 17:40] . 2013-07-11 c:\windows\Tasks\RMAutoUpdate.job - c:\program files (x86)\Registry Mechanic\SULauncher.exe [2012-11-08 13:44] . 2013-07-11 c:\windows\Tasks\RMSchedule.job - c:\program files (x86)\Registry Mechanic\RegMech.exe [2012-11-08 13:43] . 2013-01-29 c:\windows\Tasks\ROC_REG_JAN_DELETE.job - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-28 21:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-06 384296] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll" [2013-06-26 4332056] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.upc.nl/live uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube Download - c:\users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to Mp3 Converter - c:\users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 FF - ProfilePath - c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\ FF - prefs.js: browser.startup.homepage - UPC Live - UPC Nederland FF - ExtSQL: 2013-06-13 05:46; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-AVG_TRAY - (no file) SafeBoot-CleanHlp SafeBoot-CleanHlp.sys SafeBoot-SolutoService HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCMLogon] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCMWLTRY.EXE pid: 1992 578: C:] -- "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe pid: 1968 24: C:] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe pid: 6660 24: C:] -- "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe pid: 872 250: C:] -- "ImagePath"="system32\drivers\MSKSSRV.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpEng.exe pid: 1052 36C: C:] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpEng.exe pid: 1052 39C: C:] -- "ImagePath"="System32\Drivers\RtsUStor.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rundll32.exe pid: 2784 30: C:] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rundll32.exe pid: 2800 30: C:] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rundll32.exe pid: 2824 58: C:] -- "ImagePath"="\"c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SftService.exe pid: 4208 A4: C:] -- "ServiceDll"="%SystemRoot%\System32\wiaservc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\STService.exe pid: 4736 F4: C:] -- "ImagePath"="system32\DRIVERS\WinUsb.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlanext.exe pid: 1960 44: C:] -- "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe pid: 6200 3C: C:] . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Voltooingstijd: 2013-07-11 22:05:31 - machine werd herstart ComboFix-quarantined-files.txt 2013-07-11 20:05 . Pre-Run: 91.588.640.768 bytes beschikbaar Post-Run: 90.807.947.264 bytes beschikbaar . - - End Of File - - 920F2B4A151A131B501C7EE4E0FD5524 D41D8CD98F00B204E9800998ECF8427E Vriendelijke groet BJHM

Goedenavond Kape. Dank voor de instructies. Heb MBAM gedraaid, deze detecteerde geen malware, Onderstaand het log: Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2013.07.11.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Bart :: DELL [administrator] 11-7-2013 20:36:52 mbam-log-2013-07-11 (20-36-52).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 246628 Verstreken tijd: 10 minuut/minuten, 4 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Vriendelijke groet BJHM

Goedenavond. Sinds kort heb ik malware op mijn computer dat Emsisoft onder de noemer: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) benoemt. Ik zou u willen verzoeken mij te willen helpen bij het verwijderen van die malware. Heb geprobeerd deze via Emsisoft te verwijderen of op zijn minst in quarantaire te plaatsen maar dat lukt slechts zeer gedeeltelijk. Onderstaand het log van Emsisoft: Emsisoft Anti-Malware - Versie 8.0 Laatste Update: 11-7-2013 14:22:27 Gebruikersaccount: DELL\Bart Scaninstellingen: Scanmodus: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, E:\, Q:\ Detecteer riskware: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 11-7-2013 14:22:39 Value: HKEY_CLASSES_ROOT\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_CLASSES_ROOT\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) Gescand 585284 Gevonden 26 Scan geëindigd: 11-7-2013 18:21:52 Scantijd: 3:59:13 Ik hoop van u te mogen vernemen wat iki moet doen bij het verwijderen. Bij voorbaat dank. Vriendelijke groet BJHM

Dank voor de info. Ik had nu de CD zeer geruime tijd laten staan op het enkele blauwe blokje op de voorgangsbalk. Tot mijn verbazing begon hij na die tijd (een kwartier of zo) ineens weer te lopen en heeft het programma nu toch geinstalleerd. Hoe zich dat verhoudt tot de eerdere vruchteloze pogingen en de opgetreden foutmelding snap ik niet helemaal. Je zou zeggen (voor een leek als ik) dat er dan toch iets niet in orde moeten zijn. Als het bij eventuele andere nieuwe programma's weer optreedt zal ik waarschijnlijk met de adviespagina die je me stuurde verder gaan komen. Veel dank en vriendelijke groet. BJHM

Goeiemiddag. Zojuist tijdens wederom trachten te installeren kwam er inderdaad een foutmelding, die ik - naar ik me nu herinner - wel eerder gezien heb, maar niet alle keren. Die melding kwam na het opstarten van Install Shield, dat nmm niet geheel wordt afgemaakt. De foutmelding: 1607: Kan InstallShield Scripting Runtime niet installeren. - - - Updated - - - Nog wat info: Ik heb na de foutmelding toch nog maar eens op het InstallShield icoontje geklikt, hij lijkt - zoals eerder vermeld - dan wel op te starten, maar blijft weer hangen bij: Valideren van de installatie. Het enkele blauwe blokje verschijnt weer en zo blijft het ook voor langere tijd, er gebeurt niets meer.

Nee, dat geeft exact hetzelfde beeld als boven omschreven.

Hallo. Het gaat over de ACSI campinggids Europa, die ik graag op de laptop zou willen zetten.

Goedemorgen. Graag vraag ik uw hulp bij het oplossen van het navolgende probleem: Mijn laptop draait op Windows 7 64-bit. Vorige week trachtte ik een programma te installeren op mijn computer met een CD-rom. De installatie lukte niet, het verloop was als volgt: Na het invoeren van de CD-rom startte Install Shield op, het icoontje verscheen onder in de taakbalk. Verder gebeurde er niets automatisch, de installatie startte niet automatisch door. Na aanklikken van het icoontje kwam de Install Shield Wizard welkom- en installatieboodschap van het gewenste programma. Hierna volgden: Doelmapselectie, type installatie, daarna status van setup, die ook gewoon begon. Echter: bij "valideren van de installatie" stopte het. De loopgeluiden van de CD-rom stopten. Na enige tijd verscheen er één blauw blokje op de voortgangsbalk, daarna is het geheel en al afgelopen. Ik heb het programma daarna geinstalleerd op een desktop Windows XP computer, dat leverde totaal geen probleem op. In de system-requirements van het programma staat ook gewoon Windows 7 vermeld, dus het zou wel moeten werken op de laptop. Ik heb daarna op de MS-websites gezocht naar oplossingen, en het volgende gedaan: Gekeken naar de Windows-Installer-versies voor Windows 7 en heb (misschien wel de totaal verkeerde, kon niet goed zien welke de juiste was) WindowsServer2003-KB942288-V4-1a64.exe gedownload en uitgevoerd. Dat hielp niet. Ik kwam toen tegen dat het mogelijk aan de registerinstellingen lag, en vond op de MS-site een tekstbestand dat kon worden gedownload en gewijzigd naar filenaam Msirepair.reg. Dat heb ik uitgevoerd maar ook dat hielp niets. Zoudt u mij willen helpen deze situatie te corrigeren aub? Bij voorbaat dank. Vriendelijke groet BJHM

Goedemiddag Kape. In IE en Chrome komt Conduit nu niet meer voor in de zoekbalk. Ik merk op het moment verder geen probleem meer. Heel hartelijk dank voor de hulp. Vriendelijke groet. BJHM

Hallo Kape. Bijgaand het log van AdwCleaner. Ik moet erbij zeggen dat ik abusievelijk niet als administrator heb uitgevoerd maar gewoon rechtstreeks. Ik hoop niet dat dat van invloed is. Het log: # AdwCleaner v2.110 - Verslag gemaakt op 05/02/2013 om 11:55:23 # Geactualiseerd op 03/02/2013 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruiker : Bart - DELL # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Bart\Downloads\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : C:\END File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Verwijdert : C:\user.js File Verwijdert : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Verwijdert : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal File Verwijdert : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\searchplugins\safesearch.xml File Verwijdert : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\searchplugins\safesearch.xml File Verwijdert : C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\searchplugins\safesearch.xml File Verwijdert : C:\Windows\SysWOW64\searchplugins\bProtect.xml Map Verwijdert : C:\Program Files (x86)\AutocompletePro Map Verwijdert : C:\Program Files (x86)\Conduit Map Verwijdert : C:\Program Files (x86)\ConduitEngine Map Verwijdert : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Map Verwijdert : C:\Program Files (x86)\PHPNukeDU Map Verwijdert : C:\Program Files (x86)\Softonic Map Verwijdert : C:\ProgramData\AVG Security Toolbar Map Verwijdert : C:\ProgramData\Babylon Map Verwijdert : C:\Users\Bart\AppData\Local\AVG Security Toolbar Map Verwijdert : C:\Users\Bart\AppData\Local\Conduit Map Verwijdert : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb Map Verwijdert : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje Map Verwijdert : C:\Users\Bart\AppData\Local\OpenCandy Map Verwijdert : C:\Users\Bart\AppData\Local\Savings Sidekick Map Verwijdert : C:\Users\Bart\AppData\LocalLow\AVG Security Toolbar Map Verwijdert : C:\Users\Bart\AppData\LocalLow\BabylonToolbar Map Verwijdert : C:\Users\Bart\AppData\LocalLow\Claro LTD Map Verwijdert : C:\Users\Bart\AppData\LocalLow\Conduit Map Verwijdert : C:\Users\Bart\AppData\LocalLow\ConduitEngine Map Verwijdert : C:\Users\Bart\AppData\LocalLow\PHPNukeDU Map Verwijdert : C:\Users\Bart\AppData\LocalLow\Softonic Map Verwijdert : C:\Users\Bart\AppData\Roaming\Babylon Map Verwijdert : C:\Users\Bart\AppData\Roaming\BrowserCompanion Map Verwijdert : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} Map Verwijdert : C:\Users\Bart\AppData\Roaming\OpenCandy ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\conduitEngine Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Crossrider Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\PHPNukeDU Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Savings Sidekick Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar Sleutel Verwijdert : HKCU\Software\bProtector Sleutel Verwijdert : HKCU\Software\BrowserCompanion Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKCU\Software\Cr_Installer Sleutel Verwijdert : HKCU\Software\DataMngr Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46735DEE-F862-49D1-876D-6382794DC625} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKCU\Software\Softonic Sleutel Verwijdert : HKLM\Software\AVG Secure Search Sleutel Verwijdert : HKLM\Software\Babylon Sleutel Verwijdert : HKLM\Software\bProtector Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Softonic.dskBnd Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SoftonicApp.appCore Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc Sleutel Verwijdert : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2865317 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Sleutel Verwijdert : HKLM\Software\Conduit Sleutel Verwijdert : HKLM\Software\conduitEngine Sleutel Verwijdert : HKLM\Software\DataMngr Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS Sleutel Verwijdert : HKLM\Software\PHPNukeDU Sleutel Verwijdert : HKLM\Software\Softonic Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A8EB2B-B8E4-4741-B008-8C12D8A58AD9} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF37226B-52F0-4EA6-8357-6979D300AB49} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PHPNukeDU Toolbar Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{46735DEE-F862-49D1-876D-6382794DC625}] Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{46735DEE-F862-49D1-876D-6382794DC625}] ***** [browsers] ***** -\\ Internet Explorer v9.0.8112.16457 Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN11202507321093214&ctid=CT2865317 --> hxxp://www.google.com -\\ Mozilla Firefox v18.0.1 (nl) File : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\prefs.js Verwijdert : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Verwijdert : user_pref("browser.search.selectedEngine", "AVG Secure Search"); Verwijdert : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={482EBAA0-E1B7-42D2-BD70-AE710B57[...] File : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\xcdfy9o1.default-1359979634083\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. File : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\prefs.js Verwijdert : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Verwijdert : user_pref("browser.search.selectedEngine", "AVG Secure Search"); Verwijdert : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={482EBAA0-E1B7-42D2-BD70-AE710B57[...] File : C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v24.0.1312.57 File : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Preferences Verwijdert [l.14] : homepage = "hxxp://search.conduit.com/?CUI=&ctid=CT2865317&SearchSource=48", Verwijdert [l.18] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=&ctid=CT2865317&SearchSourc[...] Verwijdert [l.57] : icon_url = "hxxps://isearch.avg.com/favicon.ico", Verwijdert [l.60] : keyword = "isearch.avg.com", Verwijdert [l.63] : search_url = "hxxps://isearch.avg.com/search?cid={482EBAA0-E1B7-42D2-BD70-AE710B57408E}&mid=8[...] Verwijdert [l.1842] : homepage = "hxxp://search.conduit.com/?CUI=&ctid=CT2865317&SearchSource=48", Verwijdert [l.2187] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=&ctid=CT2865317&SearchSource=4[...] -\\ Opera v12.12.1707.0 File : C:\Users\Bart\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[R1].txt - [17580 octets] - [05/02/2013 11:53:58] AdwCleaner[s1].txt - [17154 octets] - [05/02/2013 11:55:23] ########## EOF - C:\AdwCleaner[s1].txt - [17215 octets] ########## Groet BJHM

Goedemorgen Kape. Bijgaand het log van MBAM: Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free anti-malware download Databaseversie: v2013.02.05.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bart :: DELL [administrator] 5-2-2013 10:24:10 mbam-log-2013-02-05 (10-24-10).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 244625 Verstreken tijd: 8 minuut/minuten, 32 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Groeten BJHM