BJHM
-
Items
30 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door BJHM
-
-
Hasllo Kape. Heb het bestand (log2.txt) geüpload. Hoop dat het gelukt is. Vr gr.
BJHM
-
Hallo Kape. "Meer opties" zie ik staan, maar beheer bijlagen kan ik niet vinden. Excuus voor de vertraging.
- - - Updated - - -
Heb nog even een bijkomende vraag: als alles OK zou zijn kan ik de mail dan simpelweg verwijderen met de "verwijder"-knop? Of evtl. met een ander programma?
Dank voor uw adviezen.
Groeten
BJHM
-
Goedemiddag Kape. Dank voor bericht. Krijg het log niet naar u verzonden. Weet niet wat ik doen moet.
Vr gr
BJHM
- - - Updated - - -
Heb het log met rtx-format. Kopiëren en plakken. Is het mss te lang? Vr gr BJHM
-
Goedemorgen.
Zou ik aub nog weer een keer om uw hulp resp. zienswijze mogen vragen aub? Het volgende is er aan de hand:
Jl zondag ontving ik een mailtje van:support@salesforce.com. Het was geschreven in het duits.
Mozilla Thunderbird oormerkte deze e-mail als ongewenst. Even gekeken om te kijken wat het aan de buitenkant behelst. Er zitten bijlagen bij maar die heb ik niet geopend.
Wel de geschreven mededeling zelf, die ongeveer luidde (ik durf hem eigenlijk niet nog een keer te bekijken, heb er wat schrik van): Onderwerp: Wichtige Information zu Ihrer Mitgliedschaf bei Amazon Prime. Tekst in de body ongeveer: Herzlichen Dank für Ihre Bestellung. Im Anhang senden wir Ihnen Ihre Rechnung.
Wat opviel is dat deze mail tegelijk was gericht aan 4 of 5 e-mail-adressen, alle met "chello.nl". De achtervoeging chello.nl gebruik ik al zeer geruimte tijd niet meer, vrijwel alles staat op upcmail.nl (behoudens enkele die ik eigelijk nooit gebruik).
Als het een bestelling mijnerzijds zou zijn (is het pertinent niet) zou het toch alleen aan mij gezonden moeten zijn?
Ik heb even gegoogled op Salesforce en Amazon Prime. Dat schijnt CRM te zijn (weet totaal niet wat dat betekent). Ik krijg de indruk dat dat oplossingen zijn voor bedrijven. Ik ben ruim 65+ en niet meer werkzaam of anderszins zakelijk bezig. Heb er dus totaal geen raakvlakken mee.
Ik ben bang dat dat weer een van de manieren is om data van mijn PC en die van anderen te stelen en voorts ben ik bang dat ik dan in de nabije toekomst
ineens een onwelkome officiële bezoeker krijg die middels een gerechtelijk bevel geld van me wil.
Zoals gezegd durf ik de bijlagen (dacht dat het er 2 waren) niet te openen.
Vooral het feit dat de mail als ongewenst was geoormerkt, en dat het aan 4 of 5 verschillende geadresseerden was verzonden (staan allemaal achter elkaar
achter elkaar in de adresregel) maakt me kopschuw.
Zoudt u mij aub kunnen zeggen of deze materie bij u bekend is en wat ik best kan doen?
Bij voorbaat dank.
Vriendelijke groet
BJHM
-
Goeienavond Kape.
In uw laatste reactie van 14 juli schreef u dat Emsisoft door u was ingeschakeld om de zaak te onderzoeken. Ik heb daarom regelmatig de computer met Emsisoft gescanned.
Op 15 augustus nog met het resultaat als tevoren, nl. 26 items. Deze lieten zich nog steeds niet verwijderen of in quarantaine plaatsen.
Vorige week donderdag de 22e echter werden er ineens geen 26 maar 13 items gescanned, deze lieten zich toen ook in quarantaine plaatsen.
Vandaag heb ik nogmaals gescanned, ditmaal een diepe scan, en er bleken toen geen bedreigingen meer te worden gedetecteerd. Ik neem aan dat dit resultaat is behaald op basis van uw informatie aan Emsisoft, waarvoor mijn hartelijke dank.
Onderstaand de logs van 15, 22 en vandaag 25 augustus.
Log 15-08:
Emsisoft Anti-Malware - Versie 8.0
Laatste Update: 15-8-2013 14:33:28
Gebruikersaccount: DELL\Bart
Scaninstellingen:
Scanmodus: Snelle scan
Objecten: Rootkits, Geheugen, Sporen
Detecteer riskware: Uit
Scan archieven: Uit
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
Scan gestart: 15-8-2013 14:33:51
Value: HKEY_CLASSES_ROOT\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Gescand: 321113
Gevonden: 26
Scan geëindigd: 15-8-2013 14:35:16
Scantijd: 0:01:25
In quarantaine geplaatst 0
Log 22-08:
Emsisoft Anti-Malware - Versie 8.1
Laatste Update: 22-8-2013 17:54:01
Gebruikersaccount: DELL\Bart
Scaninstellingen:
Scanmodus: Snelle scan
Objecten: Rootkits, Geheugen, Sporen
Detecteer PUPs: Uit
Scan archieven: Uit
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
Scan gestart: 22-8-2013 18:05:57
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Gescand: 321273
Gevonden: 13
Scan geëindigd: 22-8-2013 18:08:06
Scantijd: 0:02:09
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID In quarantaine geplaatst Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
In quarantaine geplaatst 13
Log 25-08:
Emsisoft Anti-Malware - Versie 8.1
Laatste Update: 25-8-2013 18:34:31
Gebruikersaccount: DELL\Bart
Scaninstellingen:
Scanmodus: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, E:\, Q:\
Detecteer PUPs: Uit
Scan archieven: Aan
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
Scan gestart: 25-8-2013 18:36:01
Gescand: 577422
Gevonden: 0
Scan geëindigd: 25-8-2013 21:34:05
Scantijd: 2:58:04
Vriendelijke groet
BJHM
-
Goedemorgen Kape. Dank voor de info. Ik wacht nadere mededelingen af.
Vriendelijke groet
BJHM
-
Hallo Kape. Helaas. Ik moet melden dat ze alle 26 nog steeds gedetecteerd staan. Onderstaande het - inmiddels overberbekende - log.
Emsisoft Anti-Malware - Versie 8.0
Laatste Update: 13-7-2013 15:22:30
Gebruikersaccount: DELL\Bart
Scaninstellingen:
Scanmodus: Snelle scan
Objecten: Rootkits, Geheugen, Sporen
Detecteer riskware: Uit
Scan archieven: Uit
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
Scan gestart: 13-7-2013 15:23:05
Value: HKEY_CLASSES_ROOT\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Gescand 320619
Gevonden 26
Scan geëindigd: 13-7-2013 15:24:35
Scantijd: 0:01:30
Vriendelijke groet
BJHM
-
Goeiemiddag Kape.
Onderstaand het log van de Eset Online Scanner:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=90523ebffe86564798edd34b16e8de5b
# engine=14370
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-13 12:44:35
# local_time=2013-07-13 02:44:35 (+0100, West-Europa (zomertijd))
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1045 16777213 100 87 68778 60853459 0 0
# compatibility_mode=5893 16776574 100 94 180735 125349325 0 0
# scanned=272119
# found=17
# cleaned=17
# scan_time=25692
sh=9C1D72EFBA9D87637E0569CCFAA9D7C3C847BB10 ft=1 fh=dcbf1753c7e69840 vn="Win32/Adware.Linkular.AC application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\otshot\OtShot_postinstallOffer.exe"
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=1E8E4450AE0FA1AB8B61CD79BC9B9137A94072DC ft=1 fh=87bb5ad8ec7f99ad vn="Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\AppData\Roaming\ZalmanInstaller_otshot\otshotcomponent.exe"
sh=3A35D861D3EEB3901C75151E39DDA299CE3B90B8 ft=1 fh=8e9ca01650a84f28 vn="a variant of Win32/OpenInstall application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\AVGSecureSearchInstaller.exe"
sh=D5E5CFB9E08FD9FD501710C9E401D8C43FCE377D ft=1 fh=bb1f3b8fba28d9c0 vn="a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\cnet2_b-vob-to-avi-converter-setup_exe.exe"
sh=897FD37A4F97BA9BBC92108AA1FB16C970EACBF0 ft=1 fh=58662848aaacab1c vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\FreeYouTubeDownload.exe"
sh=211432DD59337840D61255DBFD29A52B79318F24 ft=1 fh=56c17d0ba4f92e30 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\installer_powerdvd_10_mark_ii_Nederlands_Dutch (1).exe"
sh=A1EDCA86A5A103B3C014A19C4405E938DADB75D5 ft=1 fh=5ebef66471443d44 vn="Win32/Toggle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\installer_powerdvd_10_mark_ii_Nederlands_Dutch.exe"
sh=DEFFDF34CBAD582454D47FCAFE799DE3C8451DE6 ft=1 fh=62a8fd980c3aacd4 vn="Win32/Toggle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\installer_powerdvd_10_Nederlands_Dutch.exe"
sh=346FFEDDB6BA6479445F5D68ED6D36A7CB72D6E1 ft=1 fh=f6ded855089a7f91 vn="Win32/Toggle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\installer_winzip_14_5_Nederlands_Dutch (1).exe"
sh=312ADCC544AAF912093EB7F27EA6E839D28251F8 ft=1 fh=249ea17d07ba5907 vn="Win32/Toggle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\installer_winzip_14_5_Nederlands_Dutch.exe"
sh=7087C953775EA1D34D17DC7F3B4111645A01B942 ft=1 fh=063ce02e621659c7 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\kmp.exe"
sh=6E9541BD83859540D2F81638583F22412C595FC9 ft=1 fh=9fe9e8a0e29522c0 vn="Win32/OpenCandy application (deleted - quarantined)" ac=C fn="C:\Users\Bart\Downloads\winzip155.exe"
sh=4DFC6AAD6130ACA9B6AB2ACE6156CD9F6D4C2EA8 ft=1 fh=303993671b650ac3 vn="a variant of Win32/OpenInstall application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\WinZip170.exe"
sh=2FD26E58F23569D8089482ED22546F992CE0ADA9 ft=1 fh=813f9ccd3040740b vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\yosetup(1).exe"
sh=D2FE97C758D67B2E6A5608EC498F4CA51912B27F ft=1 fh=29a2de13b826bdd7 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bart\Downloads\yosetup(5).exe"
Vriendelijke groet
BJHM
-
Goeiemiddag Kape.
Dank voor de instructies. Ik heb ze uitgevoerd. Er werd alleen de express-scan uitgevoerd, waarbij het resultaat was "During scanning no threads were
detected". Op het scherm waren toen verder geen vervolgstappen zichtbaar, het hield op na de express-scan. Ik weet even niet hoe het verder moet,
Vriendelijke groet
BJHM
-
Hallo Kape. Snelle scan met Emsisoft geeft de malware nog steeds aan. Onderstaand het log:
Emsisoft Anti-Malware - Versie 8.0
Laatste Update: 12-7-2013 11:15:41
Gebruikersaccount: DELL\Bart
Scaninstellingen:
Scanmodus: Snelle scan
Objecten: Rootkits, Geheugen, Sporen
Detecteer riskware: Uit
Scan archieven: Uit
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
Scan gestart: 12-7-2013 11:15:58
Value: HKEY_CLASSES_ROOT\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Gescand 320556
Gevonden 26
Scan geëindigd: 12-7-2013 11:17:29
Scantijd: 0:01:31
Vriendelijke groet
BJHM
-
Hallo Kape. Dank voor de info. Aansluitend het log van zoek.exe:
Zoek.exe Version 4.0.0.4 Updated 10-July-2013
Tool run by Bart on vr 12-07-2013 at 7:24:18,93.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Running Processes ======================
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\x86\LinkAdvisor\CIDLinkAdvisorService.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Silvercrest OM1008 driver\KMWDSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Bart\Desktop\Toepassingen\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Silvercrest OM1008 driver\StartAutorun.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\EMET\EMET_notifier.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Silvercrest OM1008 driver\KMConfig.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Silvercrest OM1008 driver\KMProcess.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
c:\PROGRA~2\mcafee\siteadvisor\saui.exe
C:\Windows\system32\taskhost.exe
C:\Users\Bart\Downloads\zoek(2).exe
C:\Windows\system32\conhost.exe
==== System Restore Info ======================
12-7-2013 7:25:48 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample_12-07-2013_0738.zip ======================
Process firefox.exe killed
Process rundll32.exe killed
Copied file C:\Users\Bart\AppData\Roaming\LoJackSetup.exe to sample\LoJackSetup.exe
Copied file C:\Users\Bart\ctmweb.exe to sample\ctmweb.exe
Copied file C:\Users\Bart\ntagent.exe to sample\ntagent.exe
sample\ctmweb.exe renamed to 4C663D9819F666339D250852392C9679
sample\LoJackSetup.exe renamed to 31DB773CB9FCA16AA016F876D4417F08
sample\ntagent.exe renamed to 4417F64111FECC0E767A68A6C830E626
C:\Users\Public\Desktop\sample_12-07-2013_0738.zip created successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Installed Programs ======================
7-Zip 9.20
ABN AMRO e.dentifier2 software
ACSI Camp Site Guide Europe 2011
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03) - Nederlands
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 3
AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (nl-NL)
AviSynth 2.5
Bonjour
calibre
CallingID LinkAdvisor 2.0 (2.0.0.295)
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP270 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CardRecovery 5.20
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibiliteitspakket voor het 2007 Microsoft Office system
CVE-2012-1889
D3DX10
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
Dell Touchpad
Dell Wireless WLAN Card Utility
EASEUS Partition Master 9.0.0 Home Edition
EASEUS Todo Backup Free 2.5.1
eBook Reader
EMET
Emsisoft Anti-Malware
FastStone Photo Resizer 3.1
FileASSASSIN
Free Studio version 4.8
Free YouTube Download version 3.1.42.1212
Gebruikersregistratie voor Canon MP250 series
Gebruikersregistratie voor Canon MP270 series
GemistDownloader
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
iCloud
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Intel© Matrix Storage Manager
iTunes
Java 7 Update 21
Java 7 Update 21 (64-bit)
Java 6 Update 45
Junk Mail filter update
K-Lite Codec Pack 5.9.0 (Basic)
Malwarebytes Anti-Malware versie 1.75.0.1300
McAfee Security Scan Plus
McAfee SiteAdvisor
Memeo AutoSync
Memeo Instant Backup
Mesh Runtime
Messenger Companion
Microsoft-invoegtoepassing Opslaan als PDF voor 2007 Microsoft Office-programma's
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft Antimalware Service NL-NL Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Klik-en-Klaar 2010
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Office Starter 2010 - Nederlands
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Client NL-NL Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MioMore Desktop 7.30
MobileMe Control Panel
Moyea FLV Player version: 2.0.2.96
Mozilla Firefox 21.0 (x86 nl)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.7 (x86 nl)
MSVCRT
MSVCRT_amd64
Multi-Card Reader & Flash Disk
MyFreeCodec
NDAS-Software 3.72.2080
Nero ControlCenter
Nero Installer
Nero MediaHome 4
Nero MediaHome 4 Essentials
Nero MediaHome 4 Help
Nero Online Upgrade
Newsoft H264 Decoder
Nitro PDF Reader
Nokia Connectivity Cable Driver
OLYMPUS CAMEDIA Master 4.2
Opera 12.15
PC Connectivity Solution
PC Tools Registry Mechanic 11.1
PCHand Media Converter Free 1.3.0.1
Picasa 3
Quickset64
QuickTime
Rapport
Roxio Burn
Safari
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Seagate Dashboard
Secunia PSI (3.0.0.4001)
Secure Eraser
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Ship Simulator 2006
Silvercrest OM1008 driver
Simnet UnInstaller 2011
SmartSound Quicktracks Plugin
Speccy
Spelling Dictionaries Support For Adobe Reader 9
Spotify
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Ulead VideoStudio 11 SE DVD
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VideoStudio
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Youtube Downloader HD v. 2.2
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\prefs.js:
Added to C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\prefs.js:
Added to C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\prefs.js:
user_pref("browser.startup.homepage", "www.upc.nl/live");
Added to C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js:
Added to C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\Default User\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Default User\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js:
Added to C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\SafeSearch.xml" deleted
"C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted
"C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted
"C:\Windows\Syswow64\sho437A.tmp" deleted
"C:\Windows\Syswow64\sho9BD1.tmp" deleted
"C:\Windows\Syswow64\shoA7A7.tmp" deleted
"C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\searchplugins\SafeSearch.xml" deleted
"C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\searchplugins\SafeSearch.xml" deleted
"C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\searchplugins\SafeSearch.xml" deleted
"C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\default\searchplugins\SafeSearch.xml" deleted
"C:\Users\Default User\AppData\Roaming\Mozilla\Firefox\Profiles\default\searchplugins\SafeSearch.xml" deleted
"C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\searchplugins\SafeSearch.xml" deleted
"C:\Users\Bart\AppData\Roaming\LoJackSetup.exe" deleted
"C:\Users\Bart\ctmweb.exe" deleted
"C:\Users\Bart\ntagent.exe" deleted
"C:\Users\Bart\AppData\Roaming\Temp" deleted
"C:\Program Files (x86)\Uninstall Information\ib_uninst_567" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted
"C:\Users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers" deleted
"C:\Users\Bart\AppData\Local\CRE" deleted
"C:\Users\Bart\AppData\Local\PackageAware" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-07-11 11:00:41 AA87D8963C094E83D879BC2F60DAE09D 260 ------w- C:\Windows\Dit.INI
2013-07-11 11:00:41 14EAAE5F968F8CB2195AF1899080D88D 266240 ------w- C:\Windows\Dit.DLL
2013-07-11 11:00:39 B24E5AA43071071AF839783A6CF9C4AD 61440 ----a-w- C:\Windows\DitExp.exe
2013-07-11 10:59:06 99EF409FED5B34CF62A47A72000FE7BF 507 ------w- C:\Windows\ICCLR.INF
====== C:\Users\Bart\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-07-11 10:08:18 BF1D2CFAE91C1E835902ECA27F8F7470 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 10:08:17 6A32A12A2C76B729D6485D04FCFB2175 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-07-11 10:08:15 B6A67646BD7E3A0AF2515703CBBD9A1C 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2013-07-11 10:08:14 F4A608A800C1BB6838797390CBBC1269 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2013-07-11 10:08:14 0D2F075863C2FA4F84FB95AC00B95151 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 10:08:13 FE29131E35902038066C924CF9C59DF8 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-07-11 10:08:13 DED7DCF831A05D21F49510EA03F8F2C5 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 10:08:10 EED047A0C528813D6AAF4F4F8B2C40C4 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 10:08:09 52F71A5790E1B6FFC34648F3B311EEE1 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-07-11 10:08:07 CB811C14C225DD07B98E676DFB0221E6 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-07-11 10:08:06 225D276C730DF08CC83EABAC407F0D75 1141248 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-07-11 10:08:03 AC9A9B64AF7005E488390E38AE00D117 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 10:08:02 9BF7C7654EFD098EE3A27B49492A382A 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-07-11 10:07:59 CC3FD6DEEE458D0BE9A69241E0749717 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-07-11 10:07:51 AF31E7D2C385F647ADFD5F5736B3BA64 14329856 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-07-11 09:49:48 56D61BE56DA22334829E14CDE6A8C1FE 1620480 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 09:49:47 674EB817CF6E43B7DF3EC26E06E98D98 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll
2013-07-11 09:49:28 1C0E369575F387460E2A5F28269B2CC4 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-07-11 10:08:19 C9EC09E4BF3290331C25F0D12C93CEBF 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-07-11 10:08:17 17B4359BB4BD72F8EB4F92B1DC4E4EB5 526336 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-07-11 10:08:14 CDB7670A5C0F7D230ADC72F542D41AD8 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll
2013-07-11 10:08:14 AC127B02DD2C8FD41AC4162BA738F2ED 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll
2013-07-11 10:08:14 34EACF2330282CCABA61F8DC43F16FD5 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2013-07-11 10:08:13 6E1803473B6BCBA4C2FB31582DE12D7D 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-07-11 10:08:13 557F4ACCA6426112E28F19AAD734C971 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll
2013-07-11 10:08:12 9E0D8010D7368856617D3FE0FA5DA58F 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-07-11 10:08:10 5A41FA3CB4E47560A26B183429F41D73 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-07-11 10:08:10 4A3D82F996C5B700D42ACCA94C2B9ABD 855552 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-07-11 10:08:08 BEFD16482A3859071F563D2614EE2484 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-07-11 10:08:05 792685A9538424CC1F3FA6A816FE147C 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-07-11 10:08:03 B7B4D3A39BE24D7ABC69C06F44FCC5B1 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-07-11 10:08:01 FAF6EC2460AD5FBBD38D8E1AE28B0D77 2241024 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-07-11 10:07:56 391CD109EF28629644C267C855314DEE 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-07-11 10:07:55 9586EC4E1CC39CCBA26A5E7DFE774C9E 19238912 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-07-11 09:49:48 8B6CBE2FA2BAEDE2A3F5C96733481911 1887744 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL
2013-07-11 09:49:47 A3EC566925BEC505E2418C1AC14E541E 624128 ----a-w- C:\Windows\Sysnative\qedit.dll
2013-07-11 09:49:28 DD85F00EC31F77315AE992B7B0411D65 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll
2013-07-11 09:49:25 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys
====== C:\Windows\Sysnative\drivers =====
2013-06-12 17:52:47 9849EA3843A2ADBDD1497E97A85D8CAE 1910632 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
====== C:\Windows\Tasks ======
2013-06-26 15:45:45 E7169BF52C33D1B083F40E7EF64C22EE 2762 ----a-w- C:\Windows\Sysnative\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012
2013-06-24 17:08:10 772096B1533565D97B73C65131B7AA23 3694 ----a-w- C:\Windows\Sysnative\Tasks\Adobe-online actualiseringsprogramma
2013-06-24 17:08:09 DABB44E391D3E3726A365C14BDB27809 3762 ----a-w- C:\Windows\Sysnative\Tasks\ArcSoft Connect Daemon
2013-06-15 06:49:34 0FE564B98FC4089E2E26815A80C888B7 2968 ----a-w- C:\Windows\Sysnative\Tasks\{4C08762B-BCB7-4FEC-BB18-F56B801FEB33}
2013-06-15 06:49:22 0FE564B98FC4089E2E26815A80C888B7 2968 ----a-w- C:\Windows\Sysnative\Tasks\{2067DFCE-FF33-437B-835A-5890DCB6AFFE}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-06-13 17:11:17 -------- d-----w- C:\Program Files\iPod
2013-06-13 17:11:16 -------- d-----w- C:\Program Files\iTunes
======= C:\Program Files (x86) =====
2013-06-28 09:51:01 -------- d-----w- C:\Program Files (x86)\Mozilla Thunderbird
2013-06-13 17:11:16 -------- d-----w- C:\Program Files (x86)\iTunes
2013-06-13 17:03:49 -------- d-----w- C:\Program Files (x86)\QuickTime
======= C: =====
====== C:\Users\Bart\AppData\Roaming ======
2013-07-11 20:05:35 -------- d-----w- C:\users\Public\AppData\Local\temp
2013-07-11 20:05:35 -------- d-----w- C:\users\NeroMediaHomeUser.4\AppData\Local\temp
2013-07-11 20:05:35 -------- d-----w- C:\users\Default\AppData\Local\temp
2013-07-11 20:05:35 -------- d-----w- C:\users\Default User\AppData\Local\temp
2013-07-11 20:05:35 -------- d-----w- C:\users\AppData\AppData\Local\temp
====== C:\Users\Bart ======
2013-07-11 20:05:35 -------- d-----w- C:\Users\Public\AppData
2013-07-11 20:05:35 -------- d-----w- C:\Users\AppData\AppData
2013-07-11 11:00:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi-Card Reader & Flash Disk
2013-07-08 17:34:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2013-06-24 17:00:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2013-06-24 16:58:39 -------- d-----w- C:\ProgramData\AVG
2013-06-24 16:57:35 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-13 17:12:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2013-06-13 17:11:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-13 17:04:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
====== C: exe-files ==
2013-07-11 11:00:38 1AEB989E361AF85F5099DE3DA25457F4 56320 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe
2013-07-11 10:08:11 98C6F2A9A981A54222602B87C6310BDE 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-07-11 10:08:11 30E7CA4620500FE012EB464F0E1DE91E 770648 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-07-10 16:47:54 C3190BA6ED6220369EEEED081A14DDFC 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe
2013-07-10 16:47:54 1017788353D8349BF6086B9CDDC8CB7B 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateBroker.exe
2013-07-10 16:47:52 5F42FBCE3A8D9ED552E9852A23CA382F 800024 ----a-w- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateSetup.exe
2013-07-10 16:47:35 CA35155F6B4C4DB2513AAAA868BAFF47 324488 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exe
2013-07-10 16:47:34 09C87F376507122A5FE1CBE06E015512 239496 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe
2013-07-10 16:47:33 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdate.exe
2013-07-10 16:47:28 5F42FBCE3A8D9ED552E9852A23CA382F 800024 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.149\GoogleUpdateSetup.exe
2013-07-08 17:28:52 0E10142276BE74CF0D6E91C0140F1274 7626512 ----a-w- C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
=== C: other files ==
2013-07-12 05:38:28 E1A2482774B313CE34F827D7F5F3A8E6 10976040 ----a-w- C:\Users\Public\Desktop\sample_12-07-2013_0738.zip
2013-07-11 11:06:24 21CA1F2CD8D5D64F07E8740E6BF1D228 38629 ----a-w- C:\ProgramData\AVG2013\IDS\quarantine\de493fdd-dc28-47d3-923f-d15cc5f14ae3.zip
2013-07-11 09:49:25 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-08 17:35:20 D3191AD18930121834D0BF89A7AB9568 1389145 ----a-w- C:\Program Files (x86)\AVG\AVG2013\banners\banners.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN"
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"Spotify Web Helper"="C:\Users\Bart\Desktop\Toepassingen\Data\SpotifyWebHelper.exe"
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"
"Spotify"="C:\Users\Bart\Desktop\Toepassingen\Spotify.exe /uri spotify:autostart"
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
[HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe /m"
"KMCONFIG"="C:\Program Files (x86)\Silvercrest OM1008 driver\StartAutorun.exe KMConfig.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SSDMonitor"="C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
"EMET Notifier"="C:\Program Files (x86)\EMET\EMET_notifier.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY"
"Memeo Instant Backup"="C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui"
"Memeo AutoSync"="C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent"
"Seagate Dashboard"="C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"emsisoft anti-malware"="C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe /d=60"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN"
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"Spotify Web Helper"="C:\Users\Bart\Desktop\Toepassingen\Data\SpotifyWebHelper.exe"
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"
"Spotify"="C:\Users\Bart\Desktop\Toepassingen\Spotify.exe /uri spotify:autostart"
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Broadcom Wireless Manager UI"="C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"ArcSoft Connection Service"="C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe"
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"hkey"="HKLM"
"item"="Adobe ARM"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"hkey"="HKLM"
"item"="Adobe Reader Speed Launcher"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier]
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe"
"hkey"="HKLM"
"item"="AppleSyncNotifier"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desktop Disc Tool]
"command"="\"c:\\Program Files (x86)\\Roxio\\Roxio Burn\\RoxioBurnLauncher.exe\""
"hkey"="HKLM"
"item"="Desktop Disc Tool"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Tray]
"command"="\"C:\\Program Files (x86)\\EASEUS\\Todo Backup\\bin\\TrayNotify.exe\""
"hkey"="HKLM"
"item"="EaseUs Tray"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Watch]
"command"="\"C:\\Program Files (x86)\\EASEUS\\Todo Backup\\bin\\EuWatch.exe\""
"hkey"="HKLM"
"item"="EaseUs Watch"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif]
"command"="C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"hkey"="HKLM"
"item"="IAAnotif"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"item"="iTunesHelper"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nero MediaHome 4]
"command"="\"C:\\Program Files (x86)\\Nero\\Nero MediaHome 4\\NeroMediaHome.exe\" /AUTORUN"
"hkey"="HKLM"
"item"="Nero MediaHome 4"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"hkey"="HKLM"
"item"="QuickTime Task"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\""
"hkey"="HKCU"
"item"="TomTomHOME.exe"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UVS11 Preload]
"command"="C:\\Program Files (x86)\\Ulead Systems\\Ulead VideoStudio 11 SE DVD\\uvPL.exe"
"hkey"="HKLM"
"item"="UVS11 Preload"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Bart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
"backup"="C:\\Windows\\pss\\Dell Dock.lnkStartup"
"command"="C:\\Program Files (x86)\\Dell\\DellDock\\DellDock.exe "
"item"="Dell Dock"
"path"="C:\\Users\\Bart\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dell Dock.lnk"
"backupExtension"="Startup"
==== Startup Folders ======================
2010-07-04 10:25:44 2000 ----a-w- C:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2010-07-04 10:25:44 2000 ----a-w- C:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2012-02-28 16:08:31 2000 ----a-w- C:\users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2012-03-18 15:16:14 2251 ----a-w- C:\users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
2012-05-05 05:36:14 2056 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11-07-2013 10:38]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-07-2010 19:40]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-07-2010 19:40]
C:\Windows\tasks\RMAutoUpdate.job --a------ C:\Program Files (x86)\Registry Mechanic\SULauncher.exe [21-08-2012 15:44]
C:\Windows\tasks\RMSchedule.job --a------ C:\Program Files (x86)\Registry Mechanic\RegMech.exe [21-08-2012 15:43]
C:\Windows\tasks\ROC_REG_JAN_DELETE.job --a------ [undetermined Task]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default
- Undetermined - %ProfilePath%\extensions\{72cabc40-64b2-46ed-8648-26d831761150}
ProfilePath: C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\extensions\staged
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922
0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
abdnighfgafbeighondbgepoenlnpcef - No path found[]
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[22-05-2013 10:24]
gkeciodhggpcngbhlhiiphbhlddbaafl - No path found[]
jmfkcklnlgedgbglfkkgedjfmejoahla - No path found[]
ndibdjnfmopecpmkdieinmbadjfpblof - No path found[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[12-12-2012 19:51]
CallingID LinkAdvisor 2.0 Toolbar - Bart - Default\Extensions\abdnighfgafbeighondbgepoenlnpcef
SiteAdvisor - Bart - Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
CallingID LinkAdvisor 2.0 - Bart - Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl
DVDVideoSoft Browser Extension - Bart - Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
==== Chrome Fix ======================
C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef deleted successfully
C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.upc.nl/live"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.upc.nl/live"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{78BABCD0-C71F-405E-9E6F-BBAAE6B92462} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta="
{8564538E-B1C7-4B8B-B8A7-DA57A7C7FA1A} Unknown Url="Not_Found"
{8A8DE9FB-091D-4EB5-BDAF-3BFF98F11202} Unknown Url="Not_Found"
{AE59E6A3-2679-4D6B-A3D0-5D31FFDCC8DE} CallingID Safe Search Url="http://search.callingid.com/search.aspx?q={searchTerms}&cx=000976018278371213697:d_pbn3nwah0&l={language}&ie={inputEncoding}&oe={outputEncoding}&cl=ie&p=bi&cid=yes"
{BE28C22E-F666-424d-B5FD-125C4AFEE34E} Zoeken Url="http://search.myheritage.com?orig=ds&q={searchTerms}"
{EB898A1F-3EC7-423C-9A3E-48BCE4242339} Secure-zoeken Url="http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}"
==== Reset Google Chrome ======================
C:\users\Bart\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully
HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully
HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully
HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully
HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully
HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully
HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8564538E-B1C7-4B8B-B8A7-DA57A7C7FA1A} deleted successfully
HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8A8DE9FB-091D-4EB5-BDAF-3BFF98F11202} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Bart\Desktop\ACSI Campinggids Europa 2011 - Snelkoppeling.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACSI Campinggids Europa 2011
C:\Users\Bart\Desktop\DELL - Snelkoppeling.lnk - \\DELL
C:\Users\Bart\Desktop\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe
C:\Users\Bart\Desktop\Free YouTube Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
C:\Users\Bart\Desktop\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Bart\Desktop\Browsers\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Bart\Desktop\Browsers\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Bart\Desktop\Browsers\Opera.lnk - C:\Program Files (x86)\Opera\opera.exe
C:\Users\Bart\Desktop\Browsers\Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
C:\Users\Bart\Desktop\Cleaning\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Users\Bart\Desktop\Cleaning\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Bart\Desktop\Cleaning\Emsisoft Anti-Malware.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
C:\Users\Bart\Desktop\Cleaning\FileASSASSIN.lnk - C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe
C:\Users\Bart\Desktop\Cleaning\HiJackThis.lnk - C:\Users\Bart\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\Bart\Desktop\Cleaning\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Bart\Desktop\Cleaning\McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\mcuicnt.exe SecurityScanner.dll
C:\Users\Bart\Desktop\Cleaning\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe
C:\Users\Bart\Desktop\Cleaning\PC Tools Registry Mechanic.lnk - C:\Program Files (x86)\Registry Mechanic\RegMech.exe
C:\Users\Bart\Desktop\Cleaning\Secure Eraser.lnk - C:\Program Files (x86)\ASCOMP Software\Secure Eraser\sEraser.exe
C:\Users\Bart\Desktop\Printer 250\Canon Easy-PhotoPrint EX.lnk - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE
C:\Users\Bart\Desktop\Printer 250\Canon MP Navigator EX 3.0.lnk - C:\Program Files (x86)\Canon\MP Navigator EX 3.0\mpnex30.exe
C:\Users\Bart\Desktop\Printer 250\Canon MP250 series Online handleiding.lnk - C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MP250 SERIES\Dutch\Info.egv"
C:\Users\Bart\Desktop\Printer 250\Canon My Printer.lnk - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE /dt
C:\Users\Bart\Desktop\Printer 250\Canon Solution Menu.lnk - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
C:\Users\Bart\Desktop\Printer 250\Gebruikersregistratie voor Canon MP250 series.LNK - C:\Program Files (x86)\Canon\IJEREG\MP250 series\IJEREG.exe
C:\Users\Bart\Desktop\Printer 270\Canon Easy-PhotoPrint EX.lnk - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE
C:\Users\Bart\Desktop\Printer 270\Canon MP Navigator EX 3.0.lnk - C:\Program Files (x86)\Canon\MP Navigator EX 3.0\mpnex30.exe
C:\Users\Bart\Desktop\Printer 270\Canon MP270 series Online handleiding.lnk - C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MP270 SERIES\Dutch\Info.egv"
C:\Users\Bart\Desktop\Printer 270\Canon My Printer.lnk - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE /dt
C:\Users\Bart\Desktop\Printer 270\Canon Solution Menu.lnk - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
C:\Users\Bart\Desktop\Printer 270\Gebruikersregistratie voor Canon MP270 series.LNK - C:\Program Files (x86)\Canon\IJEREG\MP270 series\IJEREG.exe
C:\Users\Bart\Desktop\Toepassingen\7-Zip File Manager.lnk - C:\Program Files (x86)\7-Zip\7zFM.exe
C:\Users\Bart\Desktop\Toepassingen\Adobe Digital Editions.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions\digitaleditions.exe
C:\Users\Bart\Desktop\Toepassingen\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Bart\Desktop\Toepassingen\calibre - E-book management.lnk - C:\Program Files (x86)\Calibre2\calibre.exe
C:\Users\Bart\Desktop\Toepassingen\CAMEDIA Master.lnk - C:\Program Files (x86)\OLYMPUS\CAMEDIA Master 4.1\CAMEDIA Master.exe
C:\Users\Bart\Desktop\Toepassingen\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe
C:\Users\Bart\Desktop\Toepassingen\EASEUS Partition Master 9.0.0 Home Edition.lnk - C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.0.0 Home Edition\bin\epm0.exe
C:\Users\Bart\Desktop\Toepassingen\EASEUS Todo Backup Free 2.5.1.lnk - C:\Program Files (x86)\EASEUS\Todo Backup\bin\Loader.exe
C:\Users\Bart\Desktop\Toepassingen\GemistDownloader.lnk - C:\Program Files (x86)\GemistDownloader\GemistDownloader.exe
C:\Users\Bart\Desktop\Toepassingen\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Bart\Desktop\Toepassingen\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Bart\Desktop\Toepassingen\Microsoft PowerPoint Viewer .lnk - C:\Windows\Installer\{95140000-00AF-0413-0000-0000000FF1CE}\ppvwicon.exe
C:\Users\Bart\Desktop\Toepassingen\MioMore Desktop 7.30.lnk - C:\Program Files (x86)\Mio\MioMore Desktop 7.30\MioMore.exe
C:\Users\Bart\Desktop\Toepassingen\Moyea FLV Player.lnk - C:\Program Files (x86)\Moyea\FLV Player\FLV Player.exe
C:\Users\Bart\Desktop\Toepassingen\Nero MediaHome 4.lnk - C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe -ScParameter=30005
C:\Users\Bart\Desktop\Toepassingen\Nitro PDF Reader.lnk - C:\Program Files (x86)\Nitro PDF\Reader\NitroPDFReader.exe
C:\Users\Bart\Desktop\Toepassingen\PCHand Media Converter Free.lnk - C:\Program Files (x86)\PCHand\Media Converter Free\MediaConverter.exe
C:\Users\Bart\Desktop\Toepassingen\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Bart\Desktop\Toepassingen\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Bart\Desktop\Toepassingen\Roxio - Snelkoppeling.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
C:\Users\Bart\Desktop\Toepassingen\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite
C:\Users\Bart\Desktop\Toepassingen\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
C:\Users\Bart\Desktop\Toepassingen\Ship Simulator 2006.lnk - C:\Program Files (x86)\Vstep\ShipSim2006\ShipSim.exe
C:\Users\Bart\Desktop\Toepassingen\Simnet UnInstaller 2011.lnk - C:\Program Files (x86)\Simnet\UnInstaller\UnInstaller.exe
C:\Users\Bart\Desktop\Toepassingen\Snelkoppeling naar photorescue.lnk - C:\Users\Bart\Desktop\Toepassingen\Photorescue\photorescue.exe
C:\Users\Bart\Desktop\Toepassingen\Speccy.lnk - C:\Program Files (x86)\Speccy\Speccy.exe
C:\Users\Bart\Desktop\Toepassingen\TomTom HOME 2.lnk - C:\Program Files (x86)\TomTom HOME 2\TomTomHOME.exe ""
C:\Users\Bart\Desktop\Toepassingen\Ulead VideoStudio 11 SE DVD.lnk - C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE DVD\vstudio.exe
C:\Users\Bart\Desktop\Toepassingen\Windows DVD Maker.lnk -
C:\Users\Bart\Desktop\Toepassingen\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
C:\Users\Bart\Desktop\Toepassingen\Youtube Downloader HD.lnk - C:\Program Files (x86)\Youtube Downloader HD\YouTubeDownloaderHD.exe
C:\Users\Bart\Desktop\Toepassingen\Google Earth\Google Earth starten in DirectX-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX
C:\Users\Bart\Desktop\Toepassingen\Google Earth\Google Earth starten in OpenGL-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setOGL
C:\Users\Bart\Desktop\Toepassingen\Google Earth\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Bart\Desktop\VAN STICK\Windows Easy Transfer.lnk - C:\Users\Bart\Desktop\VAN STICK\Windows Easy Transfer\x86\MigSetup.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\AVG 1-klik Onderhoud.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
C:\Users\Public\Desktop\AVG PC TuneUp.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe
C:\Users\Public\Desktop\CardRecovery.lnk - C:\Program Files (x86)\CardRecovery\CardRecovery.exe
C:\Users\Public\Desktop\FastStone Photo Resizer.lnk - C:\Program Files (x86)\FastStone Photo Resizer\FSResizer.exe
C:\Users\Public\Desktop\Seagate Dashboard.lnk - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe
C:\Users\Public\Desktop\WebCam Companion 3.lnk - C:\Program Files (x86)\ArcSoft\WebCam Companion 3\uWebCam.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\AVG PC TuneUp.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Help AVG PC TuneUp.lnk - C:\ProgramData\AVG\AWL2012\nl-NL\main_vista_7.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG 1-klik Onderhoud.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Disk Doctor.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DiskDoctor.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Disk Space Explorer.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DiskExplorer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Drive Defrag.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DriveDefrag.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Economy-modus.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\EnergyOptimizer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Gain Disk Space.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe /gaindiskspace
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Live-optimalisatie.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SettingCenter.exe /live
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Process Manager.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\ProcessManager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Program Deactivator.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\ProgramDeactivator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Registry Cleaner.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RegistryCleaner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Registry Defrag.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RegistryDefrag.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Registry Editor.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RegistryEditor.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Repair Wizard.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RepairWizard.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Rescue Center.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RescueCenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Setting Center.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SettingCenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Shortcut Cleaner.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\ShortcutCleaner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Shredder.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Shredder.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG StartUp Manager.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\StartUpManager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG StartUp Optimizer.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\StartupOptimizer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Styler.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Styler.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG System Control.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SystemControl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG System Information.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SystemInformation.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Undelete.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Undelete.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Uninstall Manager.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\UninstallManager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Update Wizard.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\UpdateWizard.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG-optimalisatierapport.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Report.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files (x86)\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi-Card Reader & Flash Disk\Uninstall Multi-Card Reader & Flash Disk.lnk - C:\Program Files (x86)\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe -wShortCut
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Over QuickTime.lnk - C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk - C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\PictureViewer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime deïnstalleren.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport\Rapport Console.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -config
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport\Rapport starten.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -userstart
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport\Rapport stoppen.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -shutdown
==== shortcuts in Quick Launch ======================
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions\digitaleditions.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Moyea FLV Player.lnk - C:\Program Files (x86)\Moyea\FLV Player\FLV Player.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG PC TuneUp.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Nero MediaHome 4.lnk - C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe -ScParameter=30005
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera11.50 1074.lnk - C:\Program Files (x86)\Opera\opera.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Secunia PSI.lnk - C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk - C:\Users\Bart\Desktop\Toepassingen\spotify.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Moyea FLV Player.lnk - C:\Program Files (x86)\Moyea\FLV Player\FLV Player.exe
C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\abdnighfgafbeighondbgepoenlnpcef deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\Bart\AppData\Local\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\Bart\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Bart\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on vr 12-07-2013 at 8:01:27,54 ======================
Vriendelijke groet
BJHM
-
Goedemorgen Kape.
Bij mijn bovenstaande reactie vergat ik te melden dat ik AVG en Microsoft Security Essentials wel uitgeschakeld kreeg maar MBAM en Emsisoft niet. Zou dit misschien de oorzaak kunnen zijn van het feit dat de malware niet verwijderd is? (Heb later wel MBAM uitgeschakeld gekregen maar Emsisoft niet).
Vriendelijke groet
BJHM
-
Hallo Kape.
Dank voor de info. Heb Emsisoft gedraaid en gezien dat de 26 bedreigingen (met gemiddeld risico) nog worden gedetecteerd. Onderstaand het log:
Emsisoft Anti-Malware - Versie 8.0
Laatste Update: 11-7-2013 22:50:52
Gebruikersaccount: DELL\Bart
Scaninstellingen:
Scanmodus: Snelle scan
Objecten: Rootkits, Geheugen, Sporen
Detecteer riskware: Uit
Scan archieven: Uit
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
Scan gestart: 11-7-2013 22:51:05
Value: HKEY_CLASSES_ROOT\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Gescand 320474
Gevonden 26
Scan geëindigd: 11-7-2013 22:52:39
Scantijd: 0:01:34
Vriendelijke groet
BJHM
-
Hallo Kape. ComboFix gedraaid, onderstaand het log: (Mag ik aannemen dat ik de uitschakeling van de diverse antivirus- en antispywareprogramma's weer ongedaan
kan maken?):
ComboFix 13-07-11.03 - Bart 11-07-2013 21:33:41.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4056.1907 [GMT 2:00]
Gestart vanuit: c:\users\Bart\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\LoJackNotifier.txt
c:\users\Bart\javahelper.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BCMWLTRY.EXE pid: 1992 578: c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
-------\Service_conhost.exe pid: 1968 24: c:\windows\System32\nl-NL\conhost.exe.mui
-------\Service_conhost.exe pid: 6660 24: c:\windows\System32\nl-NL\conhost.exe.mui
-------\Service_Copyright © 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_lsm.exe pid: 872 250: c:\windows\System32\nl-NL\lsm.exe.mui
-------\Service_MsMpEng.exe pid: 1052 36C: c:\program files\Microsoft Security Client\MpCmdRun.exe
-------\Service_MsMpEng.exe pid: 1052 39C: c:\program files\Microsoft Security Client\NisSrv.exe
-------\Service_rundll32.exe pid: 2784 30: c:\windows\System32\nl-NL\rundll32.exe.mui
-------\Service_rundll32.exe pid: 2800 30: c:\windows\System32\nl-NL\rundll32.exe.mui
-------\Service_rundll32.exe pid: 2824 58: c:\windows\SysWOW64\nl-NL\rundll32.exe.mui
-------\Service_SftService.exe pid: 4208 A4: c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE.20130711130416_1.log
-------\Service_STService.exe pid: 4736 F4: c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STSERVICE.EXE.20130711130419_1.log
-------\Service_Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources
-------\Service_wlanext.exe pid: 1960 44: c:\windows\System32\nl-NL\wlanext.exe.mui
-------\Service_wmpnetwk.exe pid: 6200 3C: c:\program files\Windows Media Player\nl-NL\wmpnetwk.exe.mui
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-06-11 to 2013-07-11 ))))))))))))))))))))))))))))))
.
.
2013-07-11 19:48 . 2013-07-11 19:52 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2013-07-11 19:48 . 2013-07-11 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-11 11:00 . 2003-12-12 11:16 266240 ------w- c:\windows\Dit.DLL
2013-07-11 11:00 . 2003-07-11 08:31 61440 ----a-w- c:\windows\DitExp.exe
2013-07-11 10:07 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-07-11 10:07 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-07-11 09:50 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 09:50 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-11 09:50 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-11 09:50 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 09:50 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 09:50 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 09:50 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 09:49 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 09:49 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 09:49 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 09:49 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-11 09:49 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-11 09:49 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 09:49 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 09:49 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 09:49 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 09:49 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 09:49 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 09:49 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-06-28 09:51 . 2013-06-30 15:28 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-06-24 17:00 . 2012-08-23 09:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe
2013-06-24 17:00 . 2012-08-23 09:31 26488 ----a-w- c:\windows\system32\authuitu.dll
2013-06-24 17:00 . 2012-08-23 09:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-06-24 16:58 . 2013-06-24 17:00 -------- d-----w- c:\programdata\AVG
2013-06-24 16:57 . 2013-06-24 16:57 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-13 17:11 . 2013-06-13 17:11 -------- d-----w- c:\program files\iPod
2013-06-13 17:11 . 2013-06-13 17:12 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-13 17:11 . 2013-06-13 17:12 -------- d-----w- c:\program files\iTunes
2013-06-13 17:11 . 2013-06-13 17:12 -------- d-----w- c:\program files (x86)\iTunes
2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-13 17:03 . 2013-06-13 17:04 -------- d-----w- c:\program files (x86)\QuickTime
2013-06-12 17:51 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 17:51 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 12:12 . 2013-07-11 12:12 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8121BFCF-AA66-42C3-9AAF-78695A5C6A53}\offreg.dll
2013-07-11 10:10 . 2010-07-09 19:09 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-11 08:38 . 2012-03-30 19:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-11 08:38 . 2011-05-21 11:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-21 14:47 . 2013-06-21 14:48 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CE04BD2-86DA-48EE-8BAD-2ABCAEB8AA70}\gapaengine.dll
2013-06-18 14:14 . 2012-10-09 10:31 236688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2013-06-12 03:08 . 2013-07-11 12:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8121BFCF-AA66-42C3-9AAF-78695A5C6A53}\mpengine.dll
2013-06-12 03:08 . 2013-07-11 10:48 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-23 06:13 . 2012-10-06 05:48 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-11 16:51 . 2012-07-12 12:59 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2011-02-15 17:15 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-30 12:26 . 2013-04-30 12:26 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-30 12:26 . 2012-06-13 20:23 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-30 12:26 . 2010-07-04 10:05 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-30 12:19 . 2013-04-30 12:19 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-30 12:19 . 2013-04-30 12:20 311200 ----a-w- c:\windows\system32\javaws.exe
2013-04-30 12:19 . 2013-04-30 12:19 188832 ----a-w- c:\windows\system32\javaw.exe
2013-04-30 12:19 . 2013-04-30 12:19 188320 ----a-w- c:\windows\system32\java.exe
2013-04-30 12:19 . 2012-10-24 11:00 1092512 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-30 12:19 . 2010-07-04 10:06 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-13 05:49 . 2013-05-16 13:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 13:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 13:18 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 13:18 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 13:18 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 13:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296]
"Spotify Web Helper"="c:\users\Bart\Desktop\Toepassingen\Data\SpotifyWebHelper.exe" [2013-05-12 1105408]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
"Spotify"="c:\users\Bart\Desktop\Toepassingen\Spotify.exe" [2013-05-12 4573184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"KMCONFIG"="c:\program files (x86)\Silvercrest OM1008 driver\StartAutorun.exe" [2008-05-29 212992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"EMET Notifier"="c:\program files (x86)\EMET\EMET_notifier.exe" [2012-05-09 152152]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2012-04-14 131072]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2013-07-11 2928040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-12 559616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
NDAS Geräte-Manager.lnk - c:\program files\NDAS\System\ndasmgmt.exe /startup [2010-1-13 389608]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CallingID\CallingIDLinkAdvisor2.0\x86\LinkAdvisor\CIDLinkAdvisor.dll" [2013-06-26 3684888]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys;c:\windows\SYSNATIVE\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys;c:\windows\SYSNATIVE\Drivers\btcombus.sys [x]
R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys;c:\windows\SYSNATIVE\DRIVERS\aabed2.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys;c:\windows\SYSNATIVE\drivers\eufs.sys [x]
S0 ndasfs;ndasfs;c:\windows\system32\DRIVERS\ndasfs.sys;c:\windows\SYSNATIVE\DRIVERS\ndasfs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S1 archlp;archlp;SysWOW64\drivers\archlp.sys;SysWOW64\drivers\archlp.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 ndasfat;NDAS FAT File System Service;c:\windows\system32\DRIVERS\ndasfat.sys;c:\windows\SYSNATIVE\DRIVERS\ndasfat.sys [x]
S1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\DRIVERS\ndasrofs.sys;c:\windows\SYSNATIVE\DRIVERS\ndasrofs.sys [x]
S1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 CIDLinkAdvisorService;CIDLinkAdvisorService;c:\program files\CallingID\CallingIDLinkAdvisor2.0\x86\LinkAdvisor\CIDLinkAdvisorService.exe;c:\program files\CallingID\CallingIDLinkAdvisor2.0\x86\LinkAdvisor\CIDLinkAdvisorService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe [x]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Silvercrest OM1008 driver\KMWDSrv.exe;c:\program files (x86)\Silvercrest OM1008 driver\KMWDSrv.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\siteadvisor\mcsacore.exe;c:\progra~2\mcafee\siteadvisor\mcsacore.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys;c:\windows\SYSNATIVE\drivers\eudisk.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:38]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-11 17:40]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-11 17:40]
.
2013-07-11 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\Registry Mechanic\SULauncher.exe [2012-11-08 13:44]
.
2013-07-11 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2012-11-08 13:43]
.
2013-01-29 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-28 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-06 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll" [2013-06-26 4332056]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.upc.nl/live
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
FF - ProfilePath - c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\
FF - prefs.js: browser.startup.homepage - UPC Live - UPC Nederland
FF - ExtSQL: 2013-06-13 05:46; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-AVG_TRAY - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-SolutoService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCMLogon]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCMWLTRY.EXE pid: 1992 578: C:]
--
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe pid: 1968 24: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe pid: 6660 24: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe pid: 872 250: C:]
--
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpEng.exe pid: 1052 36C: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpEng.exe pid: 1052 39C: C:]
--
"ImagePath"="System32\Drivers\RtsUStor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rundll32.exe pid: 2784 30: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rundll32.exe pid: 2800 30: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rundll32.exe pid: 2824 58: C:]
--
"ImagePath"="\"c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SftService.exe pid: 4208 A4: C:]
--
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\STService.exe pid: 4736 F4: C:]
--
"ImagePath"="system32\DRIVERS\WinUsb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlanext.exe pid: 1960 44: C:]
--
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe pid: 6200 3C: C:]
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Voltooingstijd: 2013-07-11 22:05:31 - machine werd herstart
ComboFix-quarantined-files.txt 2013-07-11 20:05
.
Pre-Run: 91.588.640.768 bytes beschikbaar
Post-Run: 90.807.947.264 bytes beschikbaar
.
- - End Of File - - 920F2B4A151A131B501C7EE4E0FD5524
D41D8CD98F00B204E9800998ECF8427E
Vriendelijke groet
BJHM
-
Goedenavond Kape.
Dank voor de instructies. Heb MBAM gedraaid, deze detecteerde geen malware,
Onderstaand het log:
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download
Databaseversie: v2013.07.11.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Bart :: DELL [administrator]
11-7-2013 20:36:52
mbam-log-2013-07-11 (20-36-52).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 246628
Verstreken tijd: 10 minuut/minuten, 4 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Vriendelijke groet
BJHM
-
Goedenavond.
Sinds kort heb ik malware op mijn computer dat Emsisoft onder de noemer: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) benoemt.
Ik zou u willen verzoeken mij te willen helpen bij het verwijderen van die malware. Heb geprobeerd deze via Emsisoft te verwijderen
of op zijn minst in quarantaire te plaatsen maar dat lukt slechts zeer gedeeltelijk.
Onderstaand het log van Emsisoft:
Emsisoft Anti-Malware - Versie 8.0
Laatste Update: 11-7-2013 14:22:27
Gebruikersaccount: DELL\Bart
Scaninstellingen:
Scanmodus: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, E:\, Q:\
Detecteer riskware: Uit
Scan archieven: Aan
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
Scan gestart: 11-7-2013 14:22:39
Value: HKEY_CLASSES_ROOT\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_CLASSES_ROOT\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)
Gescand 585284
Gevonden 26
Scan geëindigd: 11-7-2013 18:21:52
Scantijd: 3:59:13
Ik hoop van u te mogen vernemen wat iki moet doen bij het verwijderen. Bij voorbaat dank.
Vriendelijke groet
BJHM
-
Dank voor de info. Ik had nu de CD zeer geruime tijd laten staan op het enkele blauwe blokje op de voorgangsbalk. Tot mijn verbazing begon hij na die tijd (een kwartier of zo) ineens weer te lopen en heeft het programma nu toch geinstalleerd. Hoe
zich dat verhoudt tot de eerdere vruchteloze pogingen en de opgetreden foutmelding snap ik niet helemaal. Je zou zeggen (voor een leek als ik) dat er dan toch iets niet in orde moeten zijn. Als het bij eventuele andere nieuwe programma's weer optreedt zal ik waarschijnlijk met de adviespagina die je me stuurde verder gaan komen. Veel dank en vriendelijke groet. BJHM
-
Goeiemiddag. Zojuist tijdens wederom trachten te installeren kwam er inderdaad een foutmelding, die ik - naar ik me nu herinner - wel eerder gezien heb, maar niet alle keren. Die melding kwam na het opstarten van Install Shield, dat nmm niet geheel wordt afgemaakt. De foutmelding: 1607: Kan InstallShield Scripting Runtime niet installeren.
- - - Updated - - -
Nog wat info: Ik heb na de foutmelding toch nog maar eens op het InstallShield icoontje geklikt, hij lijkt - zoals eerder vermeld - dan wel op te starten, maar blijft weer hangen bij: Valideren van de installatie. Het enkele blauwe blokje verschijnt weer en zo blijft het ook voor langere tijd, er gebeurt niets meer.
-
Nee, dat geeft exact hetzelfde beeld als boven omschreven.
-
Hallo. Het gaat over de ACSI campinggids Europa, die ik graag op de laptop zou willen zetten.
-
Goedemorgen.
Graag vraag ik uw hulp bij het oplossen van het navolgende probleem:
Mijn laptop draait op Windows 7 64-bit. Vorige week trachtte ik een programma te installeren op mijn computer met een CD-rom.
De installatie lukte niet, het verloop was als volgt:
Na het invoeren van de CD-rom startte Install Shield op, het icoontje verscheen onder in de taakbalk. Verder
gebeurde er niets automatisch, de installatie startte niet automatisch door.
Na aanklikken van het icoontje kwam de Install Shield Wizard welkom- en installatieboodschap van het gewenste programma.
Hierna volgden: Doelmapselectie, type installatie, daarna status van setup, die ook gewoon begon. Echter: bij "valideren van de installatie" stopte het. De loopgeluiden van de CD-rom stopten. Na enige tijd verscheen er één blauw blokje op de voortgangsbalk, daarna is het geheel en al afgelopen.
Ik heb het programma daarna geinstalleerd op een desktop Windows XP computer, dat leverde totaal geen probleem op. In de system-requirements van het programma staat ook gewoon Windows 7 vermeld, dus het zou wel moeten werken op de laptop.
Ik heb daarna op de MS-websites gezocht naar oplossingen, en het volgende gedaan:
Gekeken naar de Windows-Installer-versies voor Windows 7 en heb (misschien wel de totaal verkeerde, kon
niet goed zien welke de juiste was) WindowsServer2003-KB942288-V4-1a64.exe gedownload en uitgevoerd.
Dat hielp niet. Ik kwam toen tegen dat het mogelijk aan de registerinstellingen lag, en vond op de MS-site een tekstbestand dat kon worden gedownload en gewijzigd naar filenaam Msirepair.reg. Dat heb ik uitgevoerd maar ook dat hielp niets.
Zoudt u mij willen helpen deze situatie te corrigeren aub? Bij voorbaat dank.
Vriendelijke groet
BJHM
-
Goedemiddag Kape. In IE en Chrome komt Conduit nu niet meer voor in de zoekbalk. Ik merk op het moment verder geen probleem meer. Heel hartelijk dank voor de hulp. Vriendelijke groet. BJHM
-
Hallo Kape. Bijgaand het log van AdwCleaner. Ik moet erbij zeggen dat ik abusievelijk niet als administrator heb uitgevoerd maar gewoon rechtstreeks. Ik hoop niet dat dat van invloed is.
Het log:
# AdwCleaner v2.110 - Verslag gemaakt op 05/02/2013 om 11:55:23
# Geactualiseerd op 03/02/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Bart - DELL
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Bart\Downloads\adwcleaner.exe
# Optie [Verwijderen]
***** [Diensten] *****
***** [Files / Mappen] *****
File Verwijdert : C:\END
File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Verwijdert : C:\user.js
File Verwijdert : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Verwijdert : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Verwijdert : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\searchplugins\safesearch.xml
File Verwijdert : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\searchplugins\safesearch.xml
File Verwijdert : C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\searchplugins\safesearch.xml
File Verwijdert : C:\Windows\SysWOW64\searchplugins\bProtect.xml
Map Verwijdert : C:\Program Files (x86)\AutocompletePro
Map Verwijdert : C:\Program Files (x86)\Conduit
Map Verwijdert : C:\Program Files (x86)\ConduitEngine
Map Verwijdert : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Map Verwijdert : C:\Program Files (x86)\PHPNukeDU
Map Verwijdert : C:\Program Files (x86)\Softonic
Map Verwijdert : C:\ProgramData\AVG Security Toolbar
Map Verwijdert : C:\ProgramData\Babylon
Map Verwijdert : C:\Users\Bart\AppData\Local\AVG Security Toolbar
Map Verwijdert : C:\Users\Bart\AppData\Local\Conduit
Map Verwijdert : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
Map Verwijdert : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Map Verwijdert : C:\Users\Bart\AppData\Local\OpenCandy
Map Verwijdert : C:\Users\Bart\AppData\Local\Savings Sidekick
Map Verwijdert : C:\Users\Bart\AppData\LocalLow\AVG Security Toolbar
Map Verwijdert : C:\Users\Bart\AppData\LocalLow\BabylonToolbar
Map Verwijdert : C:\Users\Bart\AppData\LocalLow\Claro LTD
Map Verwijdert : C:\Users\Bart\AppData\LocalLow\Conduit
Map Verwijdert : C:\Users\Bart\AppData\LocalLow\ConduitEngine
Map Verwijdert : C:\Users\Bart\AppData\LocalLow\PHPNukeDU
Map Verwijdert : C:\Users\Bart\AppData\LocalLow\Softonic
Map Verwijdert : C:\Users\Bart\AppData\Roaming\Babylon
Map Verwijdert : C:\Users\Bart\AppData\Roaming\BrowserCompanion
Map Verwijdert : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Map Verwijdert : C:\Users\Bart\AppData\Roaming\OpenCandy
***** [Register] *****
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\conduitEngine
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Crossrider
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\PHPNukeDU
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Savings Sidekick
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar
Sleutel Verwijdert : HKCU\Software\bProtector
Sleutel Verwijdert : HKCU\Software\BrowserCompanion
Sleutel Verwijdert : HKCU\Software\Conduit
Sleutel Verwijdert : HKCU\Software\Cr_Installer
Sleutel Verwijdert : HKCU\Software\DataMngr
Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46735DEE-F862-49D1-876D-6382794DC625}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKCU\Software\Softonic
Sleutel Verwijdert : HKLM\Software\AVG Secure Search
Sleutel Verwijdert : HKLM\Software\Babylon
Sleutel Verwijdert : HKLM\Software\bProtector
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Sleutel Verwijdert : HKLM\Software\Conduit
Sleutel Verwijdert : HKLM\Software\conduitEngine
Sleutel Verwijdert : HKLM\Software\DataMngr
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Sleutel Verwijdert : HKLM\Software\PHPNukeDU
Sleutel Verwijdert : HKLM\Software\Softonic
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A8EB2B-B8E4-4741-B008-8C12D8A58AD9}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF37226B-52F0-4EA6-8357-6979D300AB49}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PHPNukeDU Toolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{46735DEE-F862-49D1-876D-6382794DC625}]
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{46735DEE-F862-49D1-876D-6382794DC625}]
***** [browsers] *****
-\\ Internet Explorer v9.0.8112.16457
Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN11202507321093214&ctid=CT2865317 --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.1 (nl)
File : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\prefs.js
Verwijdert : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Verwijdert : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Verwijdert : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={482EBAA0-E1B7-42D2-BD70-AE710B57[...]
File : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\xcdfy9o1.default-1359979634083\prefs.js
[OK] De file bevat geen enkele ongeoorloofde invoer.
File : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\prefs.js
Verwijdert : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Verwijdert : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Verwijdert : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={482EBAA0-E1B7-42D2-BD70-AE710B57[...]
File : C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js
[OK] De file bevat geen enkele ongeoorloofde invoer.
-\\ Google Chrome v24.0.1312.57
File : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Preferences
Verwijdert [l.14] : homepage = "hxxp://search.conduit.com/?CUI=&ctid=CT2865317&SearchSource=48",
Verwijdert [l.18] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=&ctid=CT2865317&SearchSourc[...]
Verwijdert [l.57] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Verwijdert [l.60] : keyword = "isearch.avg.com",
Verwijdert [l.63] : search_url = "hxxps://isearch.avg.com/search?cid={482EBAA0-E1B7-42D2-BD70-AE710B57408E}&mid=8[...]
Verwijdert [l.1842] : homepage = "hxxp://search.conduit.com/?CUI=&ctid=CT2865317&SearchSource=48",
Verwijdert [l.2187] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=&ctid=CT2865317&SearchSource=4[...]
-\\ Opera v12.12.1707.0
File : C:\Users\Bart\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner[R1].txt - [17580 octets] - [05/02/2013 11:53:58]
AdwCleaner[s1].txt - [17154 octets] - [05/02/2013 11:55:23]
########## EOF - C:\AdwCleaner[s1].txt - [17215 octets] ##########
Groet
BJHM
-
Goedemorgen Kape. Bijgaand het log van MBAM:
Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free anti-malware download
Databaseversie: v2013.02.05.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bart :: DELL [administrator]
5-2-2013 10:24:10
mbam-log-2013-02-05 (10-24-10).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 244625
Verstreken tijd: 8 minuut/minuten, 32 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Groeten
BJHM
Mitgliedschaft Amazon Prime.
in Archief Bestrijding malware & virussen
Geplaatst:
log2.txt
- - - Updated - - -
Lijkt dat het nu gelukt is (zelfs 2 keer). Dank voor uw hulp.