Ga naar inhoud

Lucas

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    42

  • Registratiedatum

  • Laatst bezocht

Over Lucas

  • Verjaardag 07-10-1981

Lucas's prestaties

Bijdrager

Bijdrager (5/14)

  • Eerste post
  • Actief
  • Gespreksstarter
  • Week één klaar
  • Een maand later

Recente badges

0

Reputatie

  1. Lucas
    Ik heb een Verbatim 2TB externe HD, die ik via USB aan mijn mediaplayer (Dune HD) heb gekoppeld. Nu lukt het mij echter niet om grote bestanden naa deze HD te krijgen, niet via de mediaplayer maar ook niet via USB aan de laptop pc. Tot iets van 3 Gb lukt het wel, maar vanaf 4-5 Gb geeft hij steeds de melding dat het bestand te groot is voor het doel. Er is echter nog 1,5 Tb vrij... De schijf is al NTFS geformatteerd en ik heb er eerder ook al een backup van mijn laptop op geplaatst. Ik hoop dat jullie mij kunnen helpen! Veel dank alvast!!
  2. Lucas
    Helaas heb ik alle eerder genoemde problemen nog .
  3. Lucas
    Nee, bij 100% was het klaar. Wat nu?
  4. Lucas
    Ik heb de scan uitgevoerd, maar ik krijg geen log te zien. Als hij klaar is sluit hij zich automatisch.
  5. Lucas
    Thanx, Kape! Helaas geen veranderingen erna. Hier het log: # AdwCleaner v3.018 - Report created 10/02/2014 at 23:34:15 # Updated 28/01/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Lucas - LAPTOP-LUCAS # Running from : C:\Users\Lucas\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AGI ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject Key Deleted : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_spss_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_spss_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_flv-player_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_flv-player_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_utorrent_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_utorrent_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_vlc-media-player_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_vlc-media-player_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_windows-live-movie-maker-2011_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_windows-live-movie-maker-2011_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4260E0CC-0F75-462E-88A3-1E05C248BF4C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\smartbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\Vittalia Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vittalia ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (nl) [ File : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [5306 octets] - [10/02/2014 23:33:05] AdwCleaner[s0].txt - [5169 octets] - [10/02/2014 23:34:15] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5229 octets] ##########
  6. Lucas
    Helaas niet . De eerder genoemde punten zijn er nog steeds (openen van Safari (al opnieuw geinstalleerd, maar hielp niet), het verversen van pagina's zoals Windows Verkenner (als ik iets verwijder of toevoeg of aanpas, krijg ik dat niet te zien, enkel als ik een pagina voor- of achteruit ga en dan weer terug), Windows Media Player die altijd vastloopt, verbinden met extern bureaublad wat meestal ook niet meer lukt), evenals een vergeten probleem, het misvormen van tekst als ik scroll in Firefox. Hoop dat je nog suggesties hebt!
  7. Lucas
    Zoek.exe v5.0.0.0 Updated 07-February-2014 Tool run by Lucas on zo 09-02-2014 at 22:05:04,80. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Lucas\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 9-2-2014 22:21:17 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\7-Zip deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Winamp deleted successfully C:\ProgramData\Canon IJ Network Tool deleted successfully C:\ProgramData\CanonEPP deleted successfully C:\ProgramData\CanonIJEPPEX2 deleted successfully C:\ProgramData\Socusoft deleted successfully C:\Users\Lucas\AppData\Roaming\Ywluav deleted successfully C:\Users\Lucas\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully C:\Users\Lucas\AppData\Local\Conduit deleted successfully C:\Users\Lucas\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-673483106-1733627115-3832817272-1000\Software\Microsoft\Internet Explorer\SearchScopes\{997F2068-1E3B-4A31-9EEE-DE01444DBBD9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default user.js not found ---- Lines CT2865317 removed from prefs.js ---- user_pref("CT2865317.1000234.TWC_TMP_city", ""); user_pref("CT2865317.1000234.TWC_TMP_country", "NL"); user_pref("CT2865317.1000234.TWC_locId", "USNY0996"); user_pref("CT2865317.1000234.TWC_location", "New York, NY"); user_pref("CT2865317.1000234.TWC_region", "OT"); user_pref("CT2865317.1000234.TWC_temp_dis", "c"); user_pref("CT2865317.1000234.TWC_wind_dis", "kmh"); user_pref("CT2865317.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"7°C\",\"temperatureClear\":\"7°C\",\"highTemperature\":\"13°C\", user_pref("CT2865317.CBOpenMAMSettings.enc", "MA=="); user_pref("CT2865317.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.FirstTime", "true"); user_pref("CT2865317.FirstTimeFF3", "true"); user_pref("CT2865317.LoginRevertSettingsEnabled", true); user_pref("CT2865317.RevertSettingsEnabled", true); user_pref("CT2865317.UserID", "UN95808823566418947"); user_pref("CT2865317.addressBarTakeOverEnabledInHidden", "true"); user_pref("CT2865317.autoDisableScopes", -1); user_pref("CT2865317.cbcountry_001.enc", "Tkw="); user_pref("CT2865317.cbfirsttime.enc", "RnJpIE5vdiAyMyAyMDEyIDE0OjI3OjEwIEdNVCswMTAw"); user_pref("CT2865317.countryCode", "NL"); user_pref("CT2865317.defaultSearch", "false"); user_pref("CT2865317.enableAlerts", "always"); user_pref("CT2865317.enableFix404ByUser", "FALSE"); user_pref("CT2865317.enableSearchFromAddressBar", "false"); user_pref("CT2865317.firstTimeDialogOpened", "true"); user_pref("CT2865317.fixPageNotFoundError", "true"); user_pref("CT2865317.fixPageNotFoundErrorByUser", "true"); user_pref("CT2865317.fixPageNotFoundErrorInHidden", "true"); user_pref("CT2865317.fixUrls", true); user_pref("CT2865317.fullUserID", "UN95808823566418947.UP.20130709100825"); user_pref("CT2865317.installType", "xpe"); user_pref("CT2865317.isCheckedStartAsHidden", true); user_pref("CT2865317.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.isFirstTimeToolbarLoading", "false"); user_pref("CT2865317.isNewTabEnabled", false); user_pref("CT2865317.isPerformedSmartBarTransition", "true"); user_pref("CT2865317.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); user_pref("CT2865317.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2865317.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT2865317&octid=CT2865317&SearchSource user_pref("CT2865317.lastVersion", "10.23.0.822"); user_pref("CT2865317.migrateAppsAndComponents", true); user_pref("CT2865317.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLB user_pref("CT2865317.openThankYouPage", "true"); user_pref("CT2865317.openUninstallPage", "false"); user_pref("CT2865317.revertSettingsEnabled", "false"); user_pref("CT2865317.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv"); user_pref("CT2865317.search.searchAppId", "129363015615338104"); user_pref("CT2865317.search.searchCount", "0"); user_pref("CT2865317.searchInNewTabEnabled", "false"); user_pref("CT2865317.searchInNewTabEnabledByUser", "false"); user_pref("CT2865317.searchInNewTabEnabledInHidden", "true"); user_pref("CT2865317.searchSuggestEnabledByUser", "false"); user_pref("CT2865317.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2865317.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2865317\"}"); user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://uTorrentBarNL.OurToolbar.com user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_NL \"}"); user_pref("CT2865317.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); user_pref("CT2865317.serviceLayer_services_Configuration_lastUpdate", "1391631162149"); user_pref("CT2865317.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353677228119"); user_pref("CT2865317.serviceLayer_services_appTracking_lastUpdate", "1353677863670"); user_pref("CT2865317.serviceLayer_services_appsMetadata_lastUpdate", "1353677228079"); user_pref("CT2865317.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353677229678"); user_pref("CT2865317.serviceLayer_services_location_lastUpdate", "1373356136480"); user_pref("CT2865317.serviceLayer_services_login_10.13.40.15_lastUpdate", "1361785161691"); user_pref("CT2865317.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364202047743"); user_pref("CT2865317.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363162090675"); user_pref("CT2865317.serviceLayer_services_login_10.15.0.562_lastUpdate", "1373356136823"); user_pref("CT2865317.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372924040595"); user_pref("CT2865317.serviceLayer_services_login_10.16.4.519_lastUpdate", "1375166104334"); user_pref("CT2865317.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377798954553"); user_pref("CT2865317.serviceLayer_services_login_10.16.9.506_lastUpdate", "1379257332678"); user_pref("CT2865317.serviceLayer_services_login_10.20.0.513_lastUpdate", "1386151949053"); user_pref("CT2865317.serviceLayer_services_login_10.22.3.518_lastUpdate", "1387548377841"); user_pref("CT2865317.serviceLayer_services_login_10.23.0.822_lastUpdate", "1391668527152"); user_pref("CT2865317.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353677229736"); user_pref("CT2865317.serviceLayer_services_searchAPI_lastUpdate", "1391631162109"); user_pref("CT2865317.serviceLayer_services_serviceMap_lastUpdate", "1391631161931"); user_pref("CT2865317.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353677229786"); user_pref("CT2865317.serviceLayer_services_toolbarSettings_lastUpdate", "1391678246143"); user_pref("CT2865317.serviceLayer_services_translation_lastUpdate", "1391631161456"); user_pref("CT2865317.settingsINI", true); user_pref("CT2865317.shouldFirstTimeDialog", "false"); user_pref("CT2865317.showToolbarPermission", "false"); user_pref("CT2865317.smartbar.CTID", "CT2865317"); user_pref("CT2865317.smartbar.Uninstall", "0"); user_pref("CT2865317.smartbar.isHidden", true); user_pref("CT2865317.smartbar.toolbarName", "uTorrentBar_NL "); user_pref("CT2865317.startPage", "false"); user_pref("CT2865317.toolbarBornServerTime", "23-11-2012"); user_pref("CT2865317.toolbarCurrentServerTime", "6-2-2014"); user_pref("CT2865317.toolbarDisabled", "true"); user_pref("CT2865317.toolbarLoginClientTime", "Wed Mar 13 2013 09:34:54 GMT+0100"); user_pref("CT2865317.url_history0001.enc", "aHR0cDovL3VuYmxvY2tlZHBpcmF0ZWJheS5jb20vaW5kZXgucGhwP2xvYWR1cmw9L3RvcnJlbnQvNDYzMjQ5OC9TdHlsZXNfT2ZfQmV5b2 user_pref("CT2865317_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1391678236433,\"isWithState\":\"\",\"timeFromStar user_pref("valueApps.CT2865317.mam_gk_currentVersion", "312E31332E302E3137"); user_pref("valueApps.CT2865317.mam_gk_currentVersion.storedInFile", false); user_pref("valueApps.CT2865317.mam_gk_migrated_from_ls", "31"); user_pref("valueApps.CT2865317.mam_gk_migrated_from_ls.storedInFile", false); user_pref("valueApps.CT2865317.mam_gk_userBornDate", "4E2F41"); user_pref("valueApps.CT2865317.mam_gk_userBornDate.storedInFile", false); ---- Lines conduit removed from prefs.js ---- user_pref("plugin.state.npconduitfirefoxplugin", 2); ---- Lines Search removed from prefs.js ---- user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SE ---- Lines valueApps removed from prefs.js ---- user_pref("valueApps.storage.mam_gk_userId", "36623563663434362D326234312D343530302D383432322D663633366139343164313731"); ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.order.1", "Ask.com"); ---- Lines EEE6C361-6118-11DC-9C72-001320C79847 modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{DAC3F861-B30D-40dd-9166-F4E75327FAC7}\":{\"descriptor\":\"C:\\\\ ---- Lines Sweet removed from prefs.js ---- user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); user_pref("sweetim.toolbar.mode.debug", "false"); user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"); user_pref("sweetim.toolbar.search.history.capacity", "10"); user_pref("sweetim.toolbar.simapp_id", "{4330C85B-FFB9-4F71-AEA0-CBEFD9A63B10}"); user_pref("sweetim.toolbar.version", "1.0.0.10"); ---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{DAC3F861-B30D-40dd-9166-F4E75327FAC7}\":{\"descriptor\":\"C:\\\\ ---- Lines smartbar removed from prefs.js ---- user_pref("smartbar.machineId", "OU3MJ/AM3BRIXDU6PX+OE3QAX1Y7/VUID9RSGDMB46SOADGZAQ9EUTHGGUWV2NDVAHGQXZBZZUQYNRJD5UO3JW"); ---- FireFox user.js and prefs.js backups ---- prefs_09-02-2014_2247_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] ==== Deleting Files \ Folders ====================== C:\Users\Lucas\.android deleted C:\PROGRA~2\Vittalia deleted C:\PROGRA~2\Free HD Converter deleted C:\PROGRA~2\Driver-Soft deleted C:\PROGRA~2\Conduit deleted C:\Users\Lucas\AppData\Roaming\GetRightToGo deleted C:\ProgramData\svcnet2.txt deleted C:\Users\Lucas\AppData\Local\CRE deleted C:\Users\Lucas\AppData\LocalLow\Conduit deleted C:\END deleted C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\searchplugins\askcom.xml deleted C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\valueApps deleted C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\SweetIMToolbarData deleted C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\CT2865317 deleted C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\smartbar deleted "C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\searchplugins\sweetim.xml" deleted "C:\Users\Lucas\AppData\Local\{4D7FEC72-2E4C-470D-864C-2761F2636AD2}" deleted "C:\Users\Lucas\AppData\Local\{A8047896-C7C6-4C6D-BF31-3145F500742F}" deleted "C:\Users\Lucas\AppData\Roaming\Chiller" deleted "C:\Users\Lucas\AppData\Roaming\Clips" deleted "C:\Users\Lucas\AppData\Roaming\Cocoa" deleted "C:\Users\Lucas\AppData\Roaming\ColorSync" deleted "C:\ProgramData\Brother" deleted "C:\ProgramData\Channel" deleted "C:\ProgramData\Colors" deleted "C:\ProgramData\Comedy Noises" deleted "C:\ProgramData\Command Line Utility" deleted "C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi" deleted "C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\searchplugins\sweetim.xml" deleted "C:\Qoobox" deleted ==== Folders Found In C:\Program Files (x86)\Newzbin ====================== 2014-01-01 17:22:20 d-----w- C:\Program Files (x86)\Newzbin\Images 2014-01-01 17:22:20 d-----w- C:\Program Files (x86)\Newzbin\Smileys 2014-01-01 17:22:20 d-----w- C:\Program Files (x86)\Newzbin\Templates 2014-01-01 17:22:20 d-----w- C:\Program Files (x86)\Newzbin\x64 2014-01-01 17:22:20 d-----w- C:\Program Files (x86)\Newzbin\x86 ==== Files Found In C:\Program Files (x86)\Newzbin ====================== 2013-05-09 20:24:06 3819 ----a-w- 7BBF79B16793D667D0D6C789781F5C8A C:\Program Files (x86)\Newzbin\smileys.html 2013-10-25 18:26:22 20661216 ----a-w- 2E531B42893FEA9B1C957143625D9D30 C:\Program Files (x86)\Newzbin\awesomium.dll 2013-10-25 18:26:24 40416 ----a-w- 127D9F855EFF85DE0D3726332C75B05A C:\Program Files (x86)\Newzbin\awesomium_process 2013-10-25 18:26:24 9956320 ----a-w- 4E954C3073B930696146998A418A9A1D C:\Program Files (x86)\Newzbin\icudt.dll 2013-10-27 01:02:44 916672 ----a-w- FC130792958C1DF4DAD60444AC8BC9B8 C:\Program Files (x86)\Newzbin\Awesomium.Core.dll 2013-10-27 01:02:52 363712 ----a-w- F1F18C343BF522461A71FA84D0D2BBC2 C:\Program Files (x86)\Newzbin\Awesomium.Windows.Forms.dll 2013-12-15 12:43:26 902 ----a-w- BE51EB2F1080BFB897A20C255C8225BD C:\Program Files (x86)\Newzbin\Newzbin.exe.config 2013-12-28 23:20:04 21762048 ----a-w- E1DE9FDF37BD1271D9B30C61BB5866E0 C:\Program Files (x86)\Newzbin\Newzbin.db 2013-12-29 10:13:14 37246 ----a-w- 6C5CA1C3DDFDB85E72D8C11D69E75C30 C:\Program Files (x86)\Newzbin\Newzbin.exe.manifest 2013-12-29 13:51:10 4253184 ----a-w- D1063A0795FEF2EEEE5C0122761FFAF0 C:\Program Files (x86)\Newzbin\Newzbin.exe ==== Folders Found In C:\Program Files (x86)\yaDIS ====================== 2014-01-01 12:36:23 d-----w- C:\Program Files (x86)\yaDIS\bin 2014-01-01 12:36:23 d-----w- C:\Program Files (x86)\yaDIS\images 2014-01-01 12:36:23 d-----w- C:\Program Files (x86)\yaDIS\languages 2014-01-01 12:36:23 d-----w- C:\Program Files (x86)\yaDIS\templates 2014-01-01 12:36:23 d-----w- C:\Program Files (x86)\yaDIS\workspace 2014-01-01 12:36:37 d-----w- C:\Program Files (x86)\yaDIS\temp ==== Files Found In C:\Program Files (x86)\yaDIS ====================== 2008-12-20 17:49:42 118784 ----a-w- D5975187FBC693B57E1A01B7582BBF95 C:\Program Files (x86)\yaDIS\CookComputing.XmlRpcV2.dll 2010-05-04 18:20:52 5632 ----a-w- 44332FB0BA92A5EEFE9E1390F2C6C69A C:\Program Files (x86)\yaDIS\AAImageLib.dll 2010-11-26 06:06:00 18640 ----a-w- ED9104D55844CA105E403A8814009AFE C:\Program Files (x86)\yaDIS\SplitButton.dll 2011-01-04 15:15:44 2682648 ----a-w- CA917EB00DD4B1BEE6C792540CAC9A69 C:\Program Files (x86)\yaDIS\MediaInfo.dll 2012-11-09 05:50:38 150016 ----a-w- B19BB8355559F5757945BD053E931507 C:\Program Files (x86)\yaDIS\RestSharp.dll 2013-02-04 23:12:18 77824 ----a-w- 9AFDEFBB7E1276EB8CC01C5B2EBB0D97 C:\Program Files (x86)\yaDIS\WatTmdb.dll 2013-09-22 22:05:58 2241024 ----a-w- 741C1CBB4AC9DED51204001FFFF26351 C:\Program Files (x86)\yaDIS\yaDIS.exe 2013-09-22 22:20:44 13119 ----a-w- 88B72192F6F3BDDED0798A84A4195D5F C:\Program Files (x86)\yaDIS\changelog.txt 2014-01-01 12:35:56 876193 ----a-w- 17E9D9EFF58BEF2DF80DEB3B12BA6B49 C:\Program Files (x86)\yaDIS\unins000.exe 2014-01-01 12:36:30 32164 ----a-w- 0C94B7FED7B9F0C637BE19B11BDAEFCD C:\Program Files (x86)\yaDIS\unins000.dat ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Lucas\AppData\Local\Temp ==== 2014-02-07 14:26:34 ACCF09B6587E31C57E575D6FEE5ADA28 904272 ----a-w- C:\Users\Lucas\AppData\Local\Temp\utt98F1.tmp.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-01-30 19:52:57 C9914A74045A6D23DB7252FA3985DE25 29696 ----a-w- C:\Windows\Sysnative\drivers\dtscsibus.sys 2014-01-15 19:44:21 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2014-01-15 19:44:21 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys 2014-01-15 19:44:20 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys 2014-01-15 19:44:20 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys 2014-01-15 19:44:20 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys 2014-01-15 19:44:20 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2014-01-15 19:44:20 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys 2014-01-15 19:44:15 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys ====== C:\Windows\Tasks ====== 2014-02-04 20:12:27 28E81DA8957AC56BA10D7E7263BDE872 3348 ----a-w- C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-673483106-1733627115-3832817272-1000 2014-01-26 14:33:31 062ADE9D5850EC1D12F81C6DE0BA8714 3370 ----a-w- C:\Windows\Sysnative\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-673483106-1733627115-3832817272-1000 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-02-06 09:27:17 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-02-01 15:30:56 -------- d-----w- C:\PROGRA~2\Safari 2014-01-30 19:52:20 -------- d-----w- C:\PROGRA~2\DAEMON Tools Ultra 2014-01-30 19:37:38 -------- d-----w- C:\PROGRA~2\COMMON~1\EZB Systems 2014-01-30 19:37:36 -------- d-----w- C:\PROGRA~2\UltraISO ======= C: ===== ====== C:\Users\Lucas\AppData\Roaming ====== 2014-02-05 19:50:37 -------- d-----w- C:\Users\Public\AppData\Local\temp 2014-02-05 19:50:37 -------- d-----w- C:\Users\Default\AppData\Local\temp 2014-02-05 19:50:37 -------- d-----w- C:\Users\Default User\AppData\Local\temp 2014-01-30 19:53:19 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\DAEMON Tools Ultra 2014-01-30 19:52:46 -------- d-----w- C:\Users\Lucas\AppData\Roaming\DAEMON Tools Ultra ====== C:\Users\Lucas ====== 2014-02-06 09:24:25 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Lucas\Desktop\RSITx64.exe 2014-02-01 15:28:52 0A5B39A859EB84484D5559A8BA22F736 38494576 ----a-w- C:\Users\Lucas\Downloads\SafariSetup.exe 2014-01-30 19:52:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra 2014-01-30 19:51:29 -------- d-----w- C:\ProgramData\DAEMON Tools Ultra 2014-01-30 19:37:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO 2014-01-30 19:36:57 48021729DA3C685397F94A936064899A 4347736 ----a-w- C:\Users\Lucas\Desktop\uiso9_pe-NL.exe ====== C: exe-files == 2014-02-06 09:27:17 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Lucas.exe === C: other files == 2014-02-07 14:26:47 45BA4B1B8EF5B2F6B6FA80C7286970B7 95 ----a-w- C:\Users\Lucas\AppData\Local\Temp\uttC802.tmp.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-673483106-1733627115-3832817272-1000\Software\Microsoft\Windows\CurrentVersion\Run] "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "Spotify Web Helper"="C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "DAEMON Tools Ultra Agent"="C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60" "RemoteControl11"="C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "Spotify Web Helper"="C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "DAEMON Tools Ultra Agent"="C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe -autorun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5.5ServiceManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS5.5ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5.5ServiceManager\\CS5.5ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5ServiceManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS5ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5ServiceManager\\CS5ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AMD AVT] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AMD AVT" "hkey"="HKLM" "command"="Cmd.exe /c start \"AMD Accelerated Video Transcoding device initialization\" /min \"C:\\Program Files (x86)\\AMD AVT\\bin\\kdbsync.exe\" aml" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApplePhotoStreams] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ApplePhotoStreams" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AppleSyncNotifier" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonSolutionMenuEx" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FreeFallProtection] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FreeFallProtection" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\STMicroelectronics\\AccelerometerP11\\FF_Protection.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GrooveMonitor" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudServices] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iCloudServices" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudServices.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IJNetworkScanUtility] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IJNetworkScanUtility" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISUSPM" "hkey"="HKCU" "command"="\"C:\\ProgramData\\Macrovision\\FLEXnet Connect\\6\\ISUSPM.exe\" -scheduler" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileBroadband] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MobileBroadband" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Vodafone\\Vodafone Mobile Broadband\\Bin\\MobileBroadband.exe /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileDocuments] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MobileDocuments" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ubd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBKeyScan] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NBKeyScan" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Nikon Message Center 2" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDVDDXSrv] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDDXSrv" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickSet] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickSet" "hkey"="HKLM" "command"="C:\\Program Files\\Dell\\QuickSet\\QuickSet.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Lucas\\AppData\\Roaming\\Spotify\\spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Lucas\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SwitchBoard" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SysTrayApp" "hkey"="HKLM" "command"="C:\\Program Files\\IDT\\WDM\\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TkBellExe" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\real\\realplayer\\update\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VirtualCloneDrive" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Mobile Device Center" "hkey"="HKLM" "command"="%windir%\\WindowsMobile\\wmdc.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Xvid" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Xvid\\CheckUpdate.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Lucas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk] "item"="PdaNet Desktop" "path"="C:\\Users\\Lucas\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PdaNet Desktop.lnk" "backup"="C:\\Windows\\pss\\PdaNet Desktop.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\PDANET~1\\PdaNetPC.exe" ==== Startup Folders ====================== 2013-03-11 08:24:34 836 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05-02-2014 12:03] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27-11-2012 12:51] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27-11-2012 12:51] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Laptop-Lucas-Lucas" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-673483106-1733627115-3832817272-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-673483106-1733627115-3832817272-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-673483106-1733627115-3832817272-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-673483106-1733627115-3832817272-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-673483106-1733627115-3832817272-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-673483106-1733627115-3832817272-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-673483106-1733627115-3832817272-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{DAC3F861-B30D-40dd-9166-F4E75327FAC7}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [25-05-2013 09:59] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default - Visualisateur 3D de 20-20 - %ProfilePath%\extensions\2020Player_IKEA@2020Technologies.com - Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org - British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 F7015E6C5FE1E74C0E029A291E732787 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) BF115DE08783E9FA8A9BB83DAA39149B - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) 395BB0421E1C57D201DCE4D48E05E0BA - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) A56B8E622037E6D57480F16F4B8F472C - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Lucas\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[06-03-2013 01:26] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Lucas\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] YouTube - Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf RealPlayer HTML5Video Downloader Extension - Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk Gmail - Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeFallProtection deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0B9ITQ2T will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Lucas\AppData\Local\Mozilla\Firefox\Profiles\6z9k31cz.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=670 folders=157 80830256 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Public\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\Lucas\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Lucas\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\Windows Collaboration" not deleted "C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0B9ITQ2T" not found "C:\Users\Lucas\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SD2CHHXL\www.****icom.com" not found ==== EOF on zo 09-02-2014 at 23:16:40,91 ======================
  8. Lucas
    Dank voor je snelle reactie! Bij deze de log.txt: Logfile of random's system information tool 1.09 (written by random/random) Run by Lucas at 2014-02-06 10:27:16 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 21 GB (5%) free of 462 GB Total RAM: 8181 MB (73% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:27:20, on 6-2-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe C:\Program Files\trend micro\Lucas.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 O4 - HKLM\..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CCS\Services\Tcpip\..\{B359AD48-B3F4-4B2F-8B94-DED97602D6CA}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CCS\Services\Tcpip\..\{B94E7AB9-60B5-4BC9-B3C3-6E0914757999}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CS1\Services\Tcpip\..\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CS2\Services\Tcpip\..\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.251 62.140.138.233 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe O23 - Service: Intel® Rapid Storage Technologie (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14296 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe C:\Windows\system32\services.exe winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork atieclxx C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe "taskhost.exe" "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files\Bonjour\mDNSResponder.exe" "C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe" "C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe" "C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe" "C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe" "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" "C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe" "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe" "C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice "C:\Windows\System32\StikyNot.exe" "C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\iTunes\iTunesHelper.exe" C:\Windows\System32\svchost.exe -k secsvcs "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe" WLIDSvcM.exe 3368 adb fork-server server C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0 C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook "C:\Program Files\iPod\bin\iPodService.exe" "C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding "C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe" "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k bthsvcs "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d589c800-3c7f-46b5-916f-0051a22c1a6e -SystemEventPortName:HostProcess-03270fe2-bd90-4ccc-8671-f0e84956543b -IoCancelEventPortName:HostProcess-3bcf8e2f-484f-41c1-86fa-832da27f555d -NonStateChangingEventPortName:HostProcess-75fbeaed-ad4f-4690-983d-f7dfe303d7e6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:dfa2847a-9990-4c3a-9b42-66785177bd4f -DeviceGroupId:WpdFsGroup "C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4016.be34400.533578575 "C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}\plugins\npConduitFirefoxPlugin.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 4016 "\\.\pipe\gecko-crash-server-pipe.4016" plugin C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" "C:\Program Files (x86)\Nero\Update\NASvc.exe" C:\Windows\system32\svchost.exe -k WindowsMobile "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical "C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4016.17bb9b00.1474741726 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 4016 "\\.\pipe\gecko-crash-server-pipe.4016" plugin "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe" --proxy-stub-channel=Flash4620.6C96B990.28028 --host-broker-channel=Flash4620.6C96B990.6622 --host-pid=4620 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll" "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe" --channel=2840.0040F59C.1534516260 --proxy-stub-channel=Flash4620.6C96B990.28028 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll" --host-npapi-version=27 --type=renderer "C:\Users\Lucas\Desktop\RSITx64.exe" ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default prefs.js - "browser.search.useDBForOrder" - "false" prefs.js - "browser.startup.homepage" - "https://www.google.nl/" prefs.js - "extensions.enabledItems" - "en-GB@dictionaries.addons.mozilla.org:1.19.1, {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 12.0.0.44 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX] "Description"=Canon Easy-PhotoPrint EX "Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Windows\SysWOW64\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Nero.com/KM] "Description"= "Path"=C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18] "Description"=RealPlayer LiveConnect-Enabled Plug-In "Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1] "Description"=RealNetworks RealDownloader Chrome Background Extension Plug-In "Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1] "Description"=RealNetworks RealDownloader HTML5VideoShim Plug-In "Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1] "Description"=RealNetworks RealDownloader Peppe rFlash Video Shim Plug-In "Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18] "Description"=RealPlayer Download Plugin "Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@realnetworks.com/npdlplugin;version=1] "Description"=RealDownloader Plugin "Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.6] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.9.900.170 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.11.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Windows\system32\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll C:\Program Files (x86)\Mozilla Firefox\components\ nppl3260.xpt nsIQTScriptablePlugin.xpt nsJSRealPlayerPlugin.xpt Scriptff.dll C:\Program Files (x86)\Mozilla Firefox\plugins\ np-mswmp.dll nppdf32.dll nppl3260.dll nppl3260.xpt npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll nprpplugin.dll QuickTimePlugin.class WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\extensions\ 2020Player_IKEA@2020Technologies.com de-DE@dictionaries.addons.mozilla.org en-GB@dictionaries.addons.mozilla.org {87775fdb-6972-41f9-ae51-8326e38cb206} C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\searchplugins\ askcom.xml sweetim.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-15 551840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-15 209824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06 540328] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-17 463272] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-17 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {4064EA35-578D-4073-A834-C96D82CBCF40} - &Save Flash - C:\Program Files (x86)\Save Flash\SaveFlash.dll [2010-06-01 1210368] {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-24 2726728] "egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-03-07 4081008] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520] "Spotify Web Helper"=C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-01-09 1171968] "DAEMON Tools Ultra Agent"=C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [2013-11-14 3192056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15 499608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT] Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2012-02-24 59240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-09-27 59240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2012-02-23 59240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2010-03-02 140640] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [2010-03-23 253440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [2012-02-23 59240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [2010-05-25 619008] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [2010-06-09 3216544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-03-01 18643560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] C:\Users\Lucas\AppData\Roaming\Spotify\spotify.exe [2014-01-09 6118400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-01-09 1171968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-24 1822504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [2010-01-21 487424] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe [2013-05-25 295512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Lucas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk] C:\PROGRA~2\PDANET~1\PdaNetPC.exe [2011-10-16 222832] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Driver Genius"= [] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-04 641704] "IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [2012-11-30 56128] "RemoteControl11"=C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [2011-05-19 234792] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist] C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2013-12-07 243200] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticetext"= "EnableLinkedConnections"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Windows\temp\WinDefend.exe"="C:\Windows\temp\WinDefend.exe:*:Enabled:Windows Messanger" "C:\Users\Lucas\AppData\Roaming\WinDefender.exe"="C:\Users\Lucas\AppData\Roaming\WinDefender.exe:*:Enabled:Windows Messanger" "C:\ProgramData\WinDefender\WinDefender.exe"="C:\ProgramData\WinDefender\WinDefender.exe:*:Enabled:Windows Messanger" "C:\Users\Lucas\AppData\Roaming\WinAV.exe"="C:\Users\Lucas\AppData\Roaming\WinAV.exe:*:Enabled:Windows Messanger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "vidc.XVID"=xvidvfw.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 3 months====== 2014-02-06 10:27:17 ----D---- C:\Program Files\trend micro 2014-02-06 10:27:16 ----D---- C:\rsit 2014-02-05 21:21:22 ----A---- C:\TDSSKiller.3.0.0.19_05.02.2014_21.21.22_log.txt 2014-02-05 21:20:56 ----A---- C:\TDSSKiller.2.6.12.0_05.02.2014_21.20.56_log.txt 2014-02-05 20:50:41 ----SHD---- C:\$RECYCLE.BIN 2014-02-05 20:50:35 ----A---- C:\ComboFix.txt 2014-02-01 16:30:56 ----D---- C:\Program Files (x86)\Safari 2014-01-30 20:52:57 ----A---- C:\Windows\system32\drivers\dtscsibus.sys 2014-01-30 20:52:46 ----D---- C:\Users\Lucas\AppData\Roaming\DAEMON Tools Ultra 2014-01-30 20:52:20 ----D---- C:\Program Files (x86)\DAEMON Tools Ultra 2014-01-30 20:51:29 ----D---- C:\ProgramData\DAEMON Tools Ultra 2014-01-30 20:37:36 ----D---- C:\Program Files (x86)\UltraISO 2014-01-15 20:44:21 ----A---- C:\Windows\system32\drivers\usbport.sys 2014-01-15 20:44:21 ----A---- C:\Windows\system32\drivers\usbehci.sys 2014-01-15 20:44:20 ----A---- C:\Windows\system32\drivers\usbuhci.sys 2014-01-15 20:44:20 ----A---- C:\Windows\system32\drivers\usbohci.sys 2014-01-15 20:44:20 ----A---- C:\Windows\system32\drivers\usbhub.sys 2014-01-15 20:44:20 ----A---- C:\Windows\system32\drivers\usbd.sys 2014-01-15 20:44:20 ----A---- C:\Windows\system32\drivers\usbccgp.sys 2014-01-15 20:44:17 ----A---- C:\Windows\system32\win32k.sys 2014-01-15 20:44:15 ----A---- C:\Windows\system32\drivers\netio.sys 2014-01-10 19:11:50 ----A---- C:\Windows\SYSWOW64\GDIPFONTCACHEV1.DAT 2014-01-10 19:09:58 ----D---- C:\Users\Lucas\AppData\Roaming\Reincubate 2014-01-01 21:24:21 ----D---- C:\Program Files (x86)\TeamViewer 2014-01-01 18:22:20 ----D---- C:\Program Files (x86)\Newzbin 2014-01-01 18:19:53 ----D---- C:\Users\Lucas\AppData\Roaming\Newzbin 2014-01-01 13:36:23 ----D---- C:\Program Files (x86)\yaDIS 2013-12-22 23:33:37 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys 2013-12-22 23:32:02 ----D---- C:\Program Files\iPod 2013-12-22 23:31:58 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-12-22 23:31:58 ----D---- C:\Program Files\iTunes 2013-12-22 23:31:58 ----D---- C:\Program Files (x86)\iTunes 2013-12-22 22:10:28 ----D---- C:\Users\Lucas\AppData\Roaming\HTC 2013-12-22 22:09:19 ----D---- C:\ProgramData\HTC 2013-12-22 22:07:00 ----D---- C:\Program Files (x86)\Spirent Communications 2013-12-22 22:07:00 ----D---- C:\Program Files (x86)\HTC 2013-12-12 14:21:22 ----A---- C:\Windows\system32\wmploc.DLL 2013-12-12 14:21:21 ----A---- C:\Windows\SYSWOW64\wmploc.DLL 2013-12-12 14:21:20 ----A---- C:\Windows\SYSWOW64\wmp.dll 2013-12-12 14:21:16 ----A---- C:\Windows\system32\wmp.dll 2013-12-12 14:18:01 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2013-12-12 14:18:00 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-12-12 14:18:00 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-12-12 14:18:00 ----A---- C:\Windows\system32\jsproxy.dll 2013-12-12 14:18:00 ----A---- C:\Windows\system32\ieUnatt.exe 2013-12-12 14:18:00 ----A---- C:\Windows\system32\ieui.dll 2013-12-12 14:17:59 ----A---- C:\Windows\system32\iesetup.dll 2013-12-12 14:17:59 ----A---- C:\Windows\system32\iernonce.dll 2013-12-12 14:17:59 ----A---- C:\Windows\system32\ieetwproxystub.dll 2013-12-12 14:17:59 ----A---- C:\Windows\system32\ieetwcollector.exe 2013-12-12 14:17:59 ----A---- C:\Windows\system32\ie4uinit.exe 2013-12-12 14:17:57 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2013-12-12 14:17:57 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2013-12-12 14:17:57 ----A---- C:\Windows\system32\mshtml.dll 2013-12-12 14:17:57 ----A---- C:\Windows\system32\jscript9diag.dll 2013-12-12 14:17:57 ----A---- C:\Windows\system32\ieapfltr.dll 2013-12-12 14:17:56 ----A---- C:\Windows\system32\iertutil.dll 2013-12-12 14:17:55 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-12-12 14:17:55 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-12-12 14:17:55 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-12-12 14:17:55 ----A---- C:\Windows\system32\wininet.dll 2013-12-12 14:17:54 ----A---- C:\Windows\system32\urlmon.dll 2013-12-12 14:17:53 ----A---- C:\Windows\system32\ieframe.dll 2013-12-12 14:17:51 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-12-12 14:17:48 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-12-12 14:17:47 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-12-12 14:17:45 ----A---- C:\Windows\system32\jscript9.dll 2013-12-12 10:40:09 ----D---- C:\Program Files (x86)\Mozilla Firefox 2013-12-12 09:43:33 ----A---- C:\Windows\SYSWOW64\tzres.dll 2013-12-12 09:43:33 ----A---- C:\Windows\system32\tzres.dll 2013-12-12 09:43:21 ----A---- C:\Windows\SYSWOW64\msieftp.dll 2013-12-12 09:43:21 ----A---- C:\Windows\system32\msieftp.dll 2013-12-12 09:43:17 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll 2013-12-12 09:43:17 ----A---- C:\Windows\system32\WMPhoto.dll 2013-12-12 09:43:16 ----A---- C:\Windows\SYSWOW64\imagehlp.dll 2013-12-12 09:43:16 ----A---- C:\Windows\system32\imagehlp.dll 2013-12-12 09:43:14 ----A---- C:\Windows\SYSWOW64\wscript.exe 2013-12-12 09:43:14 ----A---- C:\Windows\system32\scrrun.dll 2013-12-12 09:43:14 ----A---- C:\Windows\system32\cscript.exe 2013-12-12 09:43:13 ----A---- C:\Windows\SYSWOW64\scrrun.dll 2013-12-12 09:43:13 ----A---- C:\Windows\system32\wscript.exe 2013-12-12 09:43:12 ----A---- C:\Windows\SYSWOW64\cscript.exe 2013-12-12 09:42:33 ----A---- C:\Windows\system32\drivers\portcls.sys 2013-12-12 09:42:32 ----A---- C:\Windows\system32\drivers\drmk.sys 2013-12-07 14:01:03 ----A---- C:\Windows\system32\IEUDINIT.EXE 2013-12-07 13:55:59 ----A---- C:\Windows\SYSWOW64\elshyph.dll 2013-12-07 13:55:59 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2013-12-07 13:55:49 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-12-07 13:55:49 ----A---- C:\Windows\SYSWOW64\msls31.dll 2013-12-07 13:55:49 ----A---- C:\Windows\SYSWOW64\jsIntl.dll 2013-12-07 13:55:49 ----A---- C:\Windows\system32\elshyph.dll 2013-12-07 13:55:48 ----A---- C:\Windows\SYSWOW64\msrating.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\wextract.exe 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\webcheck.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\url.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\pngfilt.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\occache.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\mshta.exe 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\licmgr10.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\inseng.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\imgutil.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\iexpress.exe 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\iepeers.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\icardie.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2013-12-07 13:55:47 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2013-12-07 13:55:46 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe 2013-12-07 13:55:46 ----A---- C:\Windows\SYSWOW64\mshtmler.dll 2013-12-07 13:55:46 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe 2013-12-07 13:55:46 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-12-07 13:55:46 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll 2013-12-07 13:55:46 ----A---- C:\Windows\system32\jsIntl.dll 2013-12-07 13:55:45 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2013-12-07 13:55:45 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-12-07 13:55:45 ----A---- C:\Windows\system32\msrating.dll 2013-12-07 13:55:45 ----A---- C:\Windows\system32\msls31.dll 2013-12-07 13:55:45 ----A---- C:\Windows\system32\mshtmler.dll 2013-12-07 13:55:45 ----A---- C:\Windows\system32\msfeedssync.exe 2013-12-07 13:55:45 ----A---- C:\Windows\system32\msfeedsbs.dll 2013-12-07 13:55:45 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-12-07 13:55:45 ----A---- C:\Windows\system32\iesysprep.dll 2013-12-07 13:55:45 ----A---- C:\Windows\system32\ieapfltr.dat 2013-12-07 13:55:45 ----A---- C:\Windows\system32\IEAdvpack.dll 2013-12-07 13:55:45 ----A---- C:\Windows\system32\icardie.dll 2013-12-07 13:55:45 ----A---- C:\Windows\system32\dxtrans.dll 2013-12-07 13:55:45 ----A---- C:\Windows\system32\dxtmsft.dll 2013-12-07 13:55:44 ----A---- C:\Windows\system32\wextract.exe 2013-12-07 13:55:44 ----A---- C:\Windows\system32\webcheck.dll 2013-12-07 13:55:44 ----A---- C:\Windows\system32\vbscript.dll 2013-12-07 13:55:44 ----A---- C:\Windows\system32\url.dll 2013-12-07 13:55:44 ----A---- C:\Windows\system32\mshtmlmedia.dll 2013-12-07 13:55:44 ----A---- C:\Windows\system32\mshtmled.dll 2013-12-07 13:55:44 ----A---- C:\Windows\system32\msfeeds.dll 2013-12-07 13:55:44 ----A---- C:\Windows\system32\licmgr10.dll 2013-12-07 13:55:44 ----A---- C:\Windows\system32\inseng.dll 2013-12-07 13:55:44 ----A---- C:\Windows\system32\iexpress.exe 2013-12-07 13:55:44 ----A---- C:\Windows\system32\iedkcs32.dll 2013-12-07 13:55:43 ----A---- C:\Windows\system32\pngfilt.dll 2013-12-07 13:55:43 ----A---- C:\Windows\system32\occache.dll 2013-12-07 13:55:43 ----A---- C:\Windows\system32\MshtmlDac.dll 2013-12-07 13:55:43 ----A---- C:\Windows\system32\mshta.exe 2013-12-07 13:55:43 ----A---- C:\Windows\system32\jscript.dll 2013-12-07 13:55:43 ----A---- C:\Windows\system32\imgutil.dll 2013-12-07 13:55:43 ----A---- C:\Windows\system32\iepeers.dll 2013-11-28 20:14:09 ----RD---- C:\Program Files (x86)\Skype 2013-11-14 18:16:41 ----D---- C:\ProgramData\McAfee 2013-11-13 15:50:19 ----A---- C:\Windows\system32\crypt32.dll 2013-11-13 15:50:18 ----A---- C:\Windows\SYSWOW64\crypt32.dll 2013-11-13 15:50:08 ----A---- C:\Windows\system32\drivers\afd.sys 2013-11-13 15:49:57 ----A---- C:\Windows\system32\authui.dll 2013-11-13 15:49:56 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll 2013-11-13 15:49:56 ----A---- C:\Windows\SYSWOW64\credui.dll 2013-11-13 15:49:56 ----A---- C:\Windows\SYSWOW64\authui.dll 2013-11-13 15:49:56 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-13 15:49:56 ----A---- C:\Windows\system32\credui.dll 2013-11-13 15:49:39 ----A---- C:\Windows\SYSWOW64\schannel.dll 2013-11-13 15:49:39 ----A---- C:\Windows\system32\schannel.dll 2013-11-13 15:49:39 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2013-11-13 15:49:39 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2013-11-13 15:49:38 ----A---- C:\Windows\system32\lsasrv.dll 2013-11-13 15:49:38 ----A---- C:\Windows\system32\drivers\cng.sys 2013-11-13 15:49:37 ----A---- C:\Windows\system32\sspicli.dll 2013-11-13 15:49:35 ----A---- C:\Windows\SYSWOW64\sspicli.dll 2013-11-13 15:49:35 ----A---- C:\Windows\SYSWOW64\secur32.dll 2013-11-13 15:49:35 ----A---- C:\Windows\SYSWOW64\ncrypt.dll 2013-11-13 15:49:35 ----A---- C:\Windows\system32\sspisrv.dll 2013-11-13 15:49:35 ----A---- C:\Windows\system32\secur32.dll 2013-11-13 15:49:35 ----A---- C:\Windows\system32\ncrypt.dll 2013-11-13 15:49:35 ----A---- C:\Windows\system32\lsass.exe 2013-11-13 15:49:30 ----A---- C:\Windows\SYSWOW64\gdi32.dll 2013-11-13 15:49:30 ----A---- C:\Windows\system32\gdi32.dll 2013-11-13 15:49:28 ----A---- C:\Windows\system32\IKEEXT.DLL 2013-11-13 15:49:28 ----A---- C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 15:49:27 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL 2013-11-13 15:49:27 ----A---- C:\Windows\system32\nshwfp.dll 2013-11-13 15:49:26 ----A---- C:\Windows\SYSWOW64\nshwfp.dll ======List of files/folders modified in the last 3 months====== 2014-02-06 10:27:19 ----D---- C:\Windows\temp 2014-02-06 10:27:17 ----RD---- C:\Program Files 2014-02-06 10:17:15 ----D---- C:\Windows\system32\Tasks 2014-02-06 07:59:22 ----D---- C:\Windows\system32\config 2014-02-05 21:21:28 ----D---- C:\Windows\system32\drivers 2014-02-05 20:50:38 ----D---- C:\Qoobox 2014-02-05 20:46:14 ----D---- C:\Windows 2014-02-05 20:46:14 ----A---- C:\Windows\system.ini 2014-02-05 20:46:06 ----D---- C:\Windows\system32\drivers\etc 2014-02-05 20:41:12 ----HD---- C:\Windows\AppPatch 2014-02-05 20:41:12 ----D---- C:\Windows\SYSWOW64\drivers 2014-02-05 20:41:12 ----D---- C:\Windows\SysWOW64 2014-02-05 20:41:08 ----D---- C:\Program Files (x86)\Common Files 2014-02-05 20:28:37 ----D---- C:\Windows\system32\FxsTmp 2014-02-05 20:28:31 ----D---- C:\Windows\Prefetch 2014-02-05 19:48:18 ----SHD---- C:\System Volume Information 2014-02-05 12:03:33 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2014-02-04 07:17:31 ----D---- C:\Windows\system32\catroot2 2014-02-03 22:50:09 ----D---- C:\Windows\System32 2014-02-03 22:50:09 ----D---- C:\Windows\inf 2014-02-03 22:50:09 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-02-03 00:16:34 ----D---- C:\Users\Lucas\AppData\Roaming\Spotify 2014-02-02 23:21:19 ----D---- C:\Users\Lucas\AppData\Roaming\vlc 2014-02-01 16:32:05 ----SHD---- C:\Windows\Installer 2014-02-01 16:30:56 ----RD---- C:\Program Files (x86) 2014-01-31 11:00:23 ----D---- C:\Program Files\Dell 2014-01-30 20:51:29 ----D---- C:\ProgramData 2014-01-30 20:44:24 ----D---- C:\Users\Lucas\AppData\Roaming\Applian FLV and Media Player 2014-01-16 21:54:21 ----D---- C:\Users\Lucas\AppData\Roaming\GrabIt 2014-01-16 10:00:58 ----D---- C:\Windows\winsxs 2014-01-16 09:57:26 ----D---- C:\Windows\system32\DriverStore 2014-01-15 23:01:47 ----D---- C:\ProgramData\Microsoft Help 2014-01-15 22:59:56 ----D---- C:\Windows\system32\MRT 2014-01-15 22:53:37 ----A---- C:\Windows\system32\MRT.exe 2014-01-15 20:44:03 ----D---- C:\Windows\system32\catroot 2014-01-12 11:49:23 ----D---- C:\Windows\system32\NDF 2014-01-10 19:10:02 ----RSD---- C:\Windows\Fonts 2014-01-03 09:01:54 ----RSD---- C:\Windows\assembly 2014-01-03 09:01:54 ----D---- C:\Windows\Microsoft.NET 2014-01-03 08:52:44 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI 2013-12-29 22:16:55 ----D---- C:\Users\Lucas\AppData\Roaming\dvdcss 2013-12-22 23:33:36 ----DC---- C:\Windows\system32\DRVSTORE 2013-12-22 23:25:07 ----D---- C:\Program Files\Internet Explorer 2013-12-22 23:24:59 ----D---- C:\Program Files (x86)\QuickTime 2013-12-18 06:13:56 ----N---- C:\Windows\system32\MpSigStub.exe 2013-12-17 00:17:29 ----D---- C:\Program Files (x86)\Google 2013-12-12 17:21:10 ----D---- C:\Windows\rescache 2013-12-12 14:30:02 ----D---- C:\Program Files (x86)\Windows Media Player 2013-12-12 14:30:01 ----D---- C:\Program Files\Windows Media Player 2013-12-12 14:30:00 ----D---- C:\Program Files (x86)\Internet Explorer 2013-12-12 14:29:58 ----D---- C:\Windows\SYSWOW64\nl-NL 2013-12-12 14:29:58 ----D---- C:\Windows\system32\nl-NL 2013-12-12 12:42:04 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-08 11:55:11 ----D---- C:\Users\Lucas\AppData\Roaming\Skype 2013-12-07 17:22:20 ----D---- C:\Windows\SYSWOW64\migration 2013-12-07 17:22:19 ----D---- C:\Windows\SYSWOW64\en-US 2013-12-07 17:22:18 ----D---- C:\Windows\PolicyDefinitions 2013-12-07 17:22:17 ----D---- C:\Windows\system32\migration 2013-12-07 17:22:17 ----D---- C:\Windows\system32\en-US 2013-12-07 14:01:03 ----D---- C:\Windows\Logs 2013-11-28 20:14:26 ----D---- C:\ProgramData\Skype ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496] R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2012-11-19 652344] R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2012-11-19 28216] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-10 283200] R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-16 40816] R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-03-14 187632] R2 ntk_PowerDVD;ntk_PowerDVD; \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248] R2 rimspci;rimspci; C:\Windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952] R2 risdpcie;risdpcie; C:\Windows\system32\DRIVERS\risdpe64.sys [2009-10-28 79360] R2 rixdpcie;rixdpcie; C:\Windows\system32\DRIVERS\rixdpe64.sys [2009-12-11 55808] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 11922944] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 359936] R3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984] R3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784] R3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384] R3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-04-01 594472] R3 btwaudio;Bluetooth-audioapparaat; C:\Windows\system32\drivers\btwaudio.sys [2012-04-01 184872] R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2012-03-06 210984] R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976] R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-03-06 21544] R3 dtscsibus;DAEMON Tools Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtscsibus.sys [2014-01-30 29696] R3 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-11-01 8615936] R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA008Ufd.sys [2009-03-06 159840] R3 OA008Vid;Creative Camera OA008 Function Driver; C:\Windows\system32\DRIVERS\OA008Vid.sys [2009-05-06 313696] R3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720] R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2012-06-05 237968] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-12-27 805088] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-01-21 505856] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-24 285744] R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-07-24 119312] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 11922944] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232] S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2; C:\Windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672] S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2010-02-15 246224] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488] S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2010-07-12 72648] S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2010-07-12 85320] S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736] S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2013-10-17 36928] S3 HtcVCom32;HTC Diagnostic Port; C:\Windows\system32\DRIVERS\HtcVComV64.sys [2010-03-09 121800] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-02-15 117504] S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [2010-02-15 114304] S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2013-07-25 23040] S3 netw5v64;Stuurprogramma voor Intel® Wireless WiFi Link 5000 Series-adapter voor 64-bits Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 pnetmdm;PdaNet Modem; C:\Windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456] S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2009-06-16 209920] S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056] S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-09-22 37888] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432] R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 238080] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2012-04-01 957216] R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240] R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952] R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144] R2 HTCMonitorService;HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-11-10 87368] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technologie; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-19 14904] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432] R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056] R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [2010-01-21 244736] R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536] R2 VmbService;Vodafone Mobile Broadband-service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-03-23 9216] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136] R3 Disc Soft Bus Service;Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-11-14 723192] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 116648] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 257928] S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840] S3 GoToAssist;GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe [2010-01-18 16680] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 116648] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-12 119408] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF-----------------
  9. Lucas
    Beste helden, Helaas heb ik niet de mogelijkheid om in korte tijd mijn laptop te backuppen en te herinstalleren, dus wend ik me tot jullie deskundigheid voor een oplossing. Mijn Windows en programma's beginnen steeds meer te hakkelen. Hij trok het al slecht met multi-tasking (bijvoorbeeld combinatie van downloaden, verifieren, herstellen, en tegelijk browser of office werk of Photoshop, dan lopen de pagina's tijdelijk of definitief vast). Hiervoor heb ik de hoeveelheid geheugen verdubbeld (4 -> 8), maar dat mocht niet baten. Inmiddels zijn daar meerdere gebreken bijgekomen, zoals het niet meer openen van Safari (al opnieuw geinstalleerd, maar hielp niet), het verversen van pagina's zoals Windows Verkenner (als ik iets verwijder of toevoeg of aanpas, krijg ik dat niet te zien, enkel als ik een pagina voor- of achteruit ga en dan weer terug), Windows Media Player die altijd vastloopt, verbinden met extern bureaublad wat meestal ook niet meer lukt. Al met al is het volgens mij dus weer een rommeltje in mijn computer en ik zou het geweldig vinden als jullie mij weer hiermee zouden kunnen helpen! Groetjes, Lucas
  10. Lucas
    Ik heb het gedaan. ComboFix moest ook updaten, maar ik neem aan dat dat geen probleem is erbij. -------------------------------------- ComboFix 13-01-16.01 - Lucas 16-01-2013 16:17:03.14.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4084.2070 [GMT 1:00] Gestart vanuit: c:\users\Lucas\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Lucas\Desktop\CFScript.txt AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Persoonlijke firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Aanwezig AV is actief . . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))) . . 2013-01-16 15:30 . 2013-01-16 15:30 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-16 15:30 . 2013-01-16 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-16 10:49 . 2013-01-16 10:49 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04EBCC3-3DA7-46B3-907B-BB8FB69B26D6}\offreg.dll 2013-01-16 10:13 . 2010-01-21 03:10 505856 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2013-01-16 10:13 . 2010-01-21 03:10 431616 ----a-w- c:\windows\system32\stcplx64.dll 2013-01-16 10:13 . 2010-01-21 03:10 1472000 ----a-w- c:\windows\system32\stapo64.dll 2013-01-16 10:13 . 2010-01-21 03:10 644608 ------w- c:\windows\system32\stapi64.dll 2013-01-16 10:13 . 2010-01-21 03:10 209920 ----a-w- c:\windows\system32\st646267.dll 2013-01-16 10:13 . 2013-01-16 10:16 -------- d-----w- c:\program files\IDT 2013-01-16 10:13 . 2010-01-20 14:55 524288 ----a-w- c:\windows\SysWow64\ctapo32.dll 2013-01-16 10:09 . 2013-01-16 10:09 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation 2013-01-16 10:09 . 2013-01-16 10:09 -------- d-----w- c:\users\Lucas\AppData\Roaming\Intel Corporation 2013-01-16 10:02 . 2012-11-19 11:10 652344 ----a-w- c:\windows\system32\drivers\iaStorA.sys 2013-01-16 10:02 . 2012-11-19 11:10 28216 ----a-w- c:\windows\system32\drivers\iaStorF.sys 2013-01-16 10:02 . 2013-01-16 10:02 -------- d-----w- c:\users\Lucas\AppData\Roaming\InstallShield 2013-01-15 18:34 . 2013-01-15 18:33 308640 ----a-w- c:\windows\system32\javaws.exe 2013-01-15 18:34 . 2013-01-15 18:33 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-15 18:34 . 2013-01-15 18:33 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-01-15 18:34 . 2013-01-15 18:33 188832 ----a-w- c:\windows\system32\javaw.exe 2013-01-15 18:34 . 2013-01-15 18:33 188832 ----a-w- c:\windows\system32\java.exe 2013-01-15 10:29 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04EBCC3-3DA7-46B3-907B-BB8FB69B26D6}\mpengine.dll 2013-01-11 17:09 . 2012-12-07 11:20 43520 ----a-w- c:\windows\system32\csrr.rs 2013-01-10 11:42 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-10 11:42 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-10 11:33 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-10 11:33 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-10 11:33 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-10 11:33 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-10 11:33 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-10 11:33 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-10 11:33 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-10 11:33 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-10 11:22 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-10 11:22 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-10 10:49 . 2013-01-10 10:49 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-01-10 10:48 . 2013-01-10 10:51 -------- d-----w- c:\users\Lucas\AppData\Roaming\DAEMON Tools Lite 2013-01-10 10:48 . 2013-01-10 10:49 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite 2013-01-10 10:47 . 2013-01-10 10:52 -------- d-----w- c:\programdata\DAEMON Tools Lite 2013-01-03 16:02 . 2013-01-03 16:02 -------- d-----w- c:\users\Lucas\AppData\Roaming\RealNetworks 2013-01-03 16:01 . 2013-01-03 16:01 -------- d-----w- c:\program files (x86)\RealNetworks 2013-01-03 16:01 . 2013-01-03 16:01 -------- d-----w- c:\programdata\RealNetworks 2013-01-03 16:01 . 2013-01-03 16:01 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2013-01-03 16:00 . 2013-01-03 16:00 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2013-01-03 16:00 . 2013-01-03 16:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-12-22 14:49 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 14:49 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 14:49 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 14:49 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-15 18:42 . 2012-04-19 07:31 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-15 18:42 . 2011-10-22 16:48 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-15 18:33 . 2011-03-21 17:38 960416 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-14 15:49 . 2012-07-18 22:28 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-01-11 17:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-13 08:35 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 08:35 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 08:36 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 08:36 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 08:36 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 08:36 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 08:36 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 08:36 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 08:36 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 08:36 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 08:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 08:36 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 08:36 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 08:36 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 08:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 08:36 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 08:36 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 08:36 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 08:36 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 08:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 08:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 08:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 12:14 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 12:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-03 01:41 . 2011-11-21 19:20 53248 ----a-w- c:\windows\SysWow64\CSVer.dll 2012-11-02 05:59 . 2012-12-12 12:12 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 12:12 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-25 16:20 . 2012-12-05 22:49 74344 ----a-w- c:\windows\system32\RtNicProp64.dll 2012-10-25 16:20 . 2012-12-05 22:49 769168 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2012-10-25 16:20 . 2009-12-03 08:27 107552 ----a-w- c:\windows\system32\RTNUninst64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192] "Spotify Web Helper"="c:\users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320] "RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Driver Genius"="" [bU] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704] "TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2013-01-03 295072] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128] . c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for iPhone\PdaNetPC.exe [2012-9-18 222832] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-02-15 246224] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2010-02-15 114304] R3 netw5v64;Stuurprogramma voor Intel® Wireless WiFi Link 5000 Series-adapter voor 64-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-19 652344] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-19 28216] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-10 283200] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technologie;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-19 14904] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-28 79360] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-12-11 55808] S2 VmbService;Vodafone Mobile Broadband-service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-03-23 9216] S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-04-01 594472] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976] S3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [2009-03-06 159840] S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [2009-05-06 313696] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-10-25 769168] . . Inhoud van de 'Gedeelde Taken' map . 2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 18:42] . 2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 11:51] . 2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 11:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 TCP: Interfaces\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.251 62.140.138.233 TCP: Interfaces\{B359AD48-B3F4-4B2F-8B94-DED97602D6CA}: NameServer = 62.140.140.251 62.140.138.233 TCP: Interfaces\{B94E7AB9-60B5-4BC9-B3C3-6E0914757999}: NameServer = 62.140.140.251 62.140.138.233 FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.nl/ FF - prefs.js: network.proxy.type - 2 FF - ExtSQL: 2012-11-23 14:27; {87775fdb-6972-41f9-ae51-8326e38cb206}; c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206} FF - ExtSQL: 2013-01-03 17:01; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file) AddRemove-SecureW2 - c:\program files (x86)\SecureW2\_uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,43,cb,76,96,c9,1a,4f,a0,cd,bc,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,43,cb,76,96,c9,1a,4f,a0,cd,bc,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-01-16 16:34:59 ComboFix-quarantined-files.txt 2013-01-16 15:34 ComboFix2.txt 2013-01-16 09:39 ComboFix3.txt 2013-01-15 15:21 ComboFix4.txt 2012-05-11 06:25 ComboFix5.txt 2013-01-16 15:14 . Pre-Run: 16.219.045.888 bytes beschikbaar Post-Run: 16.166.510.592 bytes beschikbaar . - - End Of File - - F2B3978453E4BCBE45B32A8453555BC1
  11. Lucas
    Bij deze . Staan wel een hele hoop registration keys in, hoop niet dat dat link is om hier open te tonen. -------------------- ComboFix 13-01-15.02 - Lucas 16-01-2013 10:23:33.13.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4084.2115 [GMT 1:00] Gestart vanuit: c:\users\Lucas\Desktop\ComboFix.exe AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Persoonlijke firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Aanwezig AV is actief . . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))) . . 2013-01-16 09:35 . 2013-01-16 09:35 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-16 09:35 . 2013-01-16 09:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-16 09:24 . 2013-01-16 09:24 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04EBCC3-3DA7-46B3-907B-BB8FB69B26D6}\offreg.dll 2013-01-15 18:34 . 2013-01-15 18:33 308640 ----a-w- c:\windows\system32\javaws.exe 2013-01-15 18:34 . 2013-01-15 18:33 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-15 18:34 . 2013-01-15 18:33 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-01-15 18:34 . 2013-01-15 18:33 188832 ----a-w- c:\windows\system32\javaw.exe 2013-01-15 18:34 . 2013-01-15 18:33 188832 ----a-w- c:\windows\system32\java.exe 2013-01-15 10:29 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04EBCC3-3DA7-46B3-907B-BB8FB69B26D6}\mpengine.dll 2013-01-11 17:09 . 2012-12-07 11:20 43520 ----a-w- c:\windows\system32\csrr.rs 2013-01-10 11:42 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-10 11:42 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-10 11:33 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-10 11:33 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-10 11:33 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-10 11:33 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-10 11:33 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-10 11:33 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-10 11:33 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-10 11:33 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-10 11:22 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-10 11:22 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-10 10:49 . 2013-01-10 10:49 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-01-10 10:48 . 2013-01-10 10:51 -------- d-----w- c:\users\Lucas\AppData\Roaming\DAEMON Tools Lite 2013-01-10 10:48 . 2013-01-10 10:49 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite 2013-01-10 10:47 . 2013-01-10 10:52 -------- d-----w- c:\programdata\DAEMON Tools Lite 2013-01-03 16:02 . 2013-01-03 16:02 -------- d-----w- c:\users\Lucas\AppData\Roaming\RealNetworks 2013-01-03 16:01 . 2013-01-03 16:01 -------- d-----w- c:\program files (x86)\RealNetworks 2013-01-03 16:01 . 2013-01-03 16:01 -------- d-----w- c:\programdata\RealNetworks 2013-01-03 16:01 . 2013-01-03 16:01 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2013-01-03 16:00 . 2013-01-03 16:00 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2013-01-03 16:00 . 2013-01-03 16:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-12-22 14:49 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 14:49 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 14:49 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 14:49 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-15 18:42 . 2012-04-19 07:31 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-15 18:42 . 2011-10-22 16:48 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-15 18:33 . 2011-03-21 17:38 960416 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-14 15:49 . 2012-07-18 22:28 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-01-11 17:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-13 08:35 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 08:35 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 08:36 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 08:36 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 08:36 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 08:36 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 08:36 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 08:36 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 08:36 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 08:36 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 08:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 08:36 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 08:36 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 08:36 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 08:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 08:36 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 08:36 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 08:36 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 08:36 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 08:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 08:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 08:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 12:14 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 12:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-03 01:41 . 2011-11-21 19:20 53248 ----a-w- c:\windows\SysWow64\CSVer.dll 2012-11-02 05:59 . 2012-12-12 12:12 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 12:12 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-25 16:20 . 2012-12-05 22:49 74344 ----a-w- c:\windows\system32\RtNicProp64.dll 2012-10-25 16:20 . 2012-12-05 22:49 769168 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2012-10-25 16:20 . 2009-12-03 08:27 107552 ----a-w- c:\windows\system32\RTNUninst64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192] "Spotify Web Helper"="c:\users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Driver Genius"="" [bU] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704] "TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2013-01-03 295072] . c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for iPhone\PdaNetPC.exe [2012-9-18 222832] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-02-15 246224] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2010-02-15 114304] R3 netw5v64;Stuurprogramma voor Intel® Wireless WiFi Link 5000 Series-adapter voor 64-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-10 283200] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-28 79360] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-12-11 55808] S2 VmbService;Vodafone Mobile Broadband-service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-03-23 9216] S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-04-01 594472] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976] S3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [2009-03-06 159840] S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [2009-05-06 313696] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-10-25 769168] . . Inhoud van de 'Gedeelde Taken' map . 2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 18:42] . 2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 11:51] . 2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 11:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 TCP: Interfaces\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.251 62.140.138.233 TCP: Interfaces\{B359AD48-B3F4-4B2F-8B94-DED97602D6CA}: NameServer = 62.140.140.251 62.140.138.233 TCP: Interfaces\{B94E7AB9-60B5-4BC9-B3C3-6E0914757999}: NameServer = 62.140.140.251 62.140.138.233 FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=nl_NL&apn_uid=3b25efec-f6b6-4ad1-bcbe-e45ffd2a4bcf&apn_ptnrs=FV&apn_sauid=7C44518E-DC2A-4350-8DC1-6FAC5E84DEE5&apn_dtid=YYYYYYYYNL&&q= FF - prefs.js: network.proxy.type - 2 FF - ExtSQL: 2012-11-23 14:27; {87775fdb-6972-41f9-ae51-8326e38cb206}; c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6z9k31cz.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206} FF - ExtSQL: 2013-01-03 17:01; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file) AddRemove-SecureW2 - c:\program files (x86)\SecureW2\_uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,43,cb,76,96,c9,1a,4f,a0,cd,bc,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,43,cb,76,96,c9,1a,4f,a0,cd,bc,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-01-16 10:39:06 ComboFix-quarantined-files.txt 2013-01-16 09:39 ComboFix2.txt 2013-01-15 15:21 ComboFix3.txt 2012-05-11 06:25 ComboFix4.txt 2012-04-28 10:36 ComboFix5.txt 2013-01-16 09:22 . Pre-Run: 17.904.975.872 bytes beschikbaar Post-Run: 17.837.133.824 bytes beschikbaar . - - End Of File - - 3B98A102C2A43BA494A2A5B3D6147259
  12. Lucas
    Dank je, Mako, voor de snelle reactie! Ik heb Java geupdate en de rest was al up to date. Ik heb de firewall van ESET aan, van Windows niet. Is dit goed of kan ik dit beter aanpassen? De 4 items zijn verwijderd en MBAM heeft niets gevonden. Hieronder de logs van MBAM en HiJack: Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free anti-malware download Databaseversie: v2013.01.15.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lucas :: LAPTOP-LUCAS [administrator] 15-1-2013 19:48:43 mbam-log-2013-01-15 (19-48-43).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 221817 Verstreken tijd: 6 minuut/minuten, 8 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) ------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:57:18, on 15-1-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\real\realplayer\Update\realsched.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CCS\Services\Tcpip\..\{B359AD48-B3F4-4B2F-8B94-DED97602D6CA}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CCS\Services\Tcpip\..\{B94E7AB9-60B5-4BC9-B3C3-6E0914757999}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CS1\Services\Tcpip\..\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CS2\Services\Tcpip\..\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.251 62.140.138.233 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13249 bytes
  13. Lucas
    Het is weer zover... Het politievirus kwam weer langs . Nu heb ik de laptop met ComboFix weer werkend gekregen, maar weet niet of alles nu goed is. Waarom is hier geen bescherming tegen eigenlijk? Ik heb een up-to-date ESET Smart Security (5.2.9.1), dat is als het goed is een goede toch? Thanx! Hieronder heb ik het HiJackThis log toegevoegd: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:38:02, on 15-1-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\real\realplayer\Update\realsched.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe c:\program files (x86)\real\realplayer\RealPlay.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [update] C:\Users\Lucas\AppData\Roaming\wgsdgsdgdsgsd.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CCS\Services\Tcpip\..\{B359AD48-B3F4-4B2F-8B94-DED97602D6CA}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CCS\Services\Tcpip\..\{B94E7AB9-60B5-4BC9-B3C3-6E0914757999}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CS1\Services\Tcpip\..\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CS2\Services\Tcpip\..\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.251 62.140.138.233 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13457 bytes
  14. Lucas
    Yes! Dank je wel, Kape!!
  15. Lucas
    Ik heb de bestanden verwijderd. MBAM heeft er ook nog 2 gevonden en ik heb deze laten verwijderen. Hieronder heb ik de logs weer toegevoegd. Ben benieuwd of er nog wat is zit. Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2012.07.18.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lucas :: LAPTOP-LUCAS [administrator] Realtime bescherming: Ingeschakeld 19-7-2012 9:28:07 mbam-log-2012-07-19 (09-28-07).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 199696 Verstreken tijd: 5 minuut/minuten, 2 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\Users\Lucas\Downloads\SoftonicDownloader_for_spss.exe (PUP.OfferBundler.ST) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Lucas\Downloads\SoftonicDownloader_voor_windows-live-movie-maker-2011.exe (PUP.ToolbarDownloader) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:44:34, on 19-7-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.250 62.140.138.237 O17 - HKLM\System\CCS\Services\Tcpip\..\{B94E7AB9-60B5-4BC9-B3C3-6E0914757999}: NameServer = 62.140.140.251 62.140.138.233 O17 - HKLM\System\CS1\Services\Tcpip\..\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.250 62.140.138.237 O17 - HKLM\System\CS2\Services\Tcpip\..\{07878DC2-1B22-4570-961A-040F1AE16140}: NameServer = 62.140.140.250 62.140.138.237 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13317 bytes
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.