Ga naar inhoud

hidde565

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    33

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door hidde565

  1. hidde565
    Goedemorgen, het logje: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.2 (07.22.2013:2) OS: Windows 7 Enterprise x86 Ran by Hofte on wo 24-07-2013 at 10:23:20,71 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\dg7glcr4.default\minidumps [227 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on wo 24-07-2013 at 10:27:47,77 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ En dan nog een vraagje, namelijk die programma's zoals malware antibytes, hijackthis, etc. kan ik verwijderen van de pc?
  2. hidde565
    Snelheid is top! En heb nu een andere virusscanner, ben van Microsoft Security Essentials overgestapt naar Avast, is dit een goede keuze? In principe heb ik het liefst een virusscanner waar je zo min mogelijk last van hebt qua verbruik, etc. Maar hij moet natuurlijk wel goed werken, download alleen muziek en films. Daarnaast een minpuntje, wanneer ik de pc opstart en daarna iTunes + Mozilla Firefox (is dit een handige browser?) loopt de pc 10 à 20 seconden vast, dus doet niets. Voor de rest top! Nogmaals bedankt haha
  3. hidde565
    ComboFix 13-07-20.03 - Hofte 23-07-2013 13:16:25.3.2 - x86 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.31.1043.18.3071.2081 [GMT 2:00] Gestart vanuit: c:\users\Administrator\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Administrator\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Administrator\AppData\Roaming\Agall c:\users\Administrator\AppData\Roaming\Ebyg c:\users\Administrator\AppData\Roaming\Ebyg\qapyo.exe c:\users\Administrator\AppData\Roaming\Esno c:\users\Administrator\AppData\Roaming\Gagobi c:\users\Administrator\AppData\Roaming\Gagobi\xifa.ole c:\users\Administrator\AppData\Roaming\Iguk c:\users\Administrator\AppData\Roaming\Iguk\nodo.exe c:\users\Administrator\AppData\Roaming\Ilaz c:\users\Administrator\AppData\Roaming\Ilaz\biunp.ywn c:\users\Administrator\AppData\Roaming\Ivaxl c:\users\Administrator\AppData\Roaming\Ivaxl\ciuq.uhx c:\users\Administrator\AppData\Roaming\Lair c:\users\Administrator\AppData\Roaming\Lair\dypa.sah c:\users\Administrator\AppData\Roaming\Leowo c:\users\Administrator\AppData\Roaming\Marido c:\users\Administrator\AppData\Roaming\Marido\huisq.suy c:\users\Administrator\AppData\Roaming\Omfe c:\users\Administrator\AppData\Roaming\Orhuan c:\users\Administrator\AppData\Roaming\Orhuan\fewi.adb c:\users\Administrator\AppData\Roaming\Osym c:\users\Administrator\AppData\Roaming\Osym\ruqu.eki c:\users\Administrator\AppData\Roaming\Osym\ruqu.tmp c:\users\Administrator\AppData\Roaming\Owix c:\users\Administrator\AppData\Roaming\Owix\tayg.tmp c:\users\Administrator\AppData\Roaming\Uhimw c:\users\Administrator\AppData\Roaming\Uhimw\hyig.umz c:\users\Administrator\AppData\Roaming\Wopot c:\users\Administrator\AppData\Roaming\Wotu c:\users\Administrator\AppData\Roaming\Wotu\abcu.fac c:\users\Administrator\AppData\Roaming\Ykarr . . (((((((((((((((((((( Bestanden Gemaakt van 2013-06-23 to 2013-07-23 )))))))))))))))))))))))))))))) . . 2013-07-23 11:35 . 2013-07-23 11:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-07-23 11:35 . 2013-07-23 11:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-23 10:11 . 2013-07-15 01:34 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D26A357-062D-4B3C-911D-07CA93E7A1E2}\mpengine.dll 2013-07-19 13:02 . 2013-07-19 13:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-19 13:02 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-19 11:40 . 2013-07-19 11:40 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-07-19 11:40 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-07-19 11:40 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-07-19 11:40 . 2013-07-19 11:40 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-07-19 11:40 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-07-19 11:40 . 2013-07-19 11:40 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-07-19 11:40 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-07-19 11:40 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-07-19 11:40 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-07-19 11:38 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr 2013-07-19 11:37 . 2013-07-19 11:37 -------- d-----w- c:\program files\AVAST Software 2013-07-19 11:35 . 2013-07-19 11:37 -------- d-----w- c:\programdata\AVAST Software 2013-07-19 11:30 . 2013-07-19 11:30 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-07-19 11:30 . 2013-07-19 11:30 -------- d-----w- c:\program files\Trend Micro 2013-07-12 13:33 . 2013-07-12 13:39 -------- d-----w- c:\windows\system32\MRT 2013-07-10 12:32 . 2013-06-12 00:23 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-07-10 12:32 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-07-10 10:12 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-10 10:12 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-10 10:12 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-10 10:12 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-10 10:12 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 10:12 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-10 10:12 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-10 10:12 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-10 10:12 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-10 10:12 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-10 10:12 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-19 12:09 . 2012-05-04 09:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-19 12:09 . 2011-05-21 12:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-05 08:57 . 2013-06-05 08:57 644400 ----a-w- c:\windows\system32\mscomct2.ocx 2013-05-13 04:45 . 2013-06-12 07:48 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 07:48 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-12 07:48 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-12 07:48 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 07:48 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20 . 2013-06-12 07:49 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-12 07:48 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-12 07:48 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-06 05:06 . 2013-06-12 07:48 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-02 00:06 . 2011-05-21 12:08 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-04-26 04:55 . 2013-06-12 07:49 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30 . 2013-06-12 07:49 1505280 ----a-w- c:\windows\system32\d3d11.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-05 1104384] "HP Deskjet 3520 series (NET)"="c:\program files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-03 10082920] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-05-31 09:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2013-06-05 15:50 1104384 ----a-w- c:\users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x] R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [x] R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [x] R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [x] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1343400] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] . . Inhoud van de 'Gedeelde Taken' map . 2013-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 12:09] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dg7glcr4.default\ FF - prefs.js: browser.startup.homepage - Google FF - ExtSQL: 2013-07-19 13:39; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-Toawhy - c:\users\Administrator\AppData\Roaming\Iguk\nodo.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,dc, cb,77,f1,31,07,a2,7d,d9,65,c5,87,c4,b5 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,82,11, ef,68,99,44,0a,a1,32,d3,a9,2d,94,19,1f "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c2,fe, ad,57,97,ba,55,a2,e4,45,e0,cd,48,f9,13 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,cb, 08,9f,bd,e9,06,bb,9f,bf,17,88,6c,f1,df "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=hex: . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=hex: "Timestamp"=hex:d8,9e,2d,76,53,22,ce,01 . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,88,12,fd,f3,4f,53,46,a4,99,cd,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,88,12,fd,f3,4f,53,46,a4,99,cd,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,16,a2,c2,51,23,ed,42,86,7f,ea,\ . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.aif" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.aifc" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.aiff" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="VLC.avi" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.cda" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.cdda" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wmplayer.exe" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipa" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipg" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipsw" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itdb" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ite" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itl" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itlp" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itls" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itms" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itpc" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m3u" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m3u8" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4a" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4b" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4p" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4r" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4v" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice] @Denied: (2) (Administrator) "Progid"="VLC.mov" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.mp2" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.mp3" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.pcast" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\photoviewer.dll" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.pls" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (Administrator) "Progid"="PBrush" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice] @Denied: (2) (Administrator) "Progid"="txtfile" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.wav" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.wave" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMV" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-07-23 13:41:49 ComboFix-quarantined-files.txt 2013-07-23 11:41 ComboFix2.txt 2013-07-22 13:20 ComboFix3.txt 2013-07-21 09:50 . Pre-Run: 198.415.122.432 bytes beschikbaar Post-Run: 198.381.637.632 bytes beschikbaar . - - End Of File - - 07EAD1FA4D4B4B0394ADE1045C2960A1 A36C5E4F47E84449FF07ED3517B43A31 Aub
  4. hidde565
    Nogmaals: ComboFix 13-07-20.03 - Hofte 22-07-2013 14:54:00.2.2 - x86 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.31.1043.18.3071.2199 [GMT 2:00] Gestart vanuit: c:\users\Administrator\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Administrator\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\FAP4733.tmp" "c:\windows\system32\FAP4A33.tmp" "c:\windows\system32\FAP4AF2.tmp" "c:\windows\system32\FAP5286.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\FAP4733.tmp c:\windows\system32\FAP4A33.tmp c:\windows\system32\FAP4AF2.tmp c:\windows\system32\FAP5286.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2013-06-22 to 2013-07-22 )))))))))))))))))))))))))))))) . . 2013-07-22 13:14 . 2013-07-22 13:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-07-22 13:14 . 2013-07-22 13:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-21 09:22 . 2013-07-21 09:22 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C53CDAF-DA73-41EA-9E81-EC7DA6FB431A}\offreg.dll 2013-07-20 09:10 . 2013-07-15 01:34 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C53CDAF-DA73-41EA-9E81-EC7DA6FB431A}\mpengine.dll 2013-07-19 13:02 . 2013-07-19 13:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-19 13:02 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-19 11:40 . 2013-07-19 11:40 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-07-19 11:40 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-07-19 11:40 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-07-19 11:40 . 2013-07-19 11:40 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-07-19 11:40 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-07-19 11:40 . 2013-07-19 11:40 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-07-19 11:40 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-07-19 11:40 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-07-19 11:40 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-07-19 11:38 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr 2013-07-19 11:37 . 2013-07-19 11:37 -------- d-----w- c:\program files\AVAST Software 2013-07-19 11:35 . 2013-07-19 11:37 -------- d-----w- c:\programdata\AVAST Software 2013-07-19 11:30 . 2013-07-19 11:30 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-07-19 11:30 . 2013-07-19 11:30 -------- d-----w- c:\program files\Trend Micro 2013-07-19 07:23 . 2013-07-22 10:12 -------- d-----w- c:\users\Administrator\AppData\Roaming\Owix 2013-07-19 07:23 . 2013-07-19 07:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Wotu 2013-07-19 07:23 . 2013-07-19 07:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Iguk 2013-07-12 15:19 . 2013-07-19 08:33 -------- d-----w- c:\users\Administrator\AppData\Roaming\Leowo 2013-07-12 15:19 . 2013-07-19 07:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Wopot 2013-07-12 15:19 . 2013-07-12 15:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\Ivaxl 2013-07-12 13:33 . 2013-07-12 13:39 -------- d-----w- c:\windows\system32\MRT 2013-07-11 10:17 . 2013-07-19 11:20 -------- d-----w- c:\users\Administrator\AppData\Roaming\Orhuan 2013-07-11 10:17 . 2013-07-11 10:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\Marido 2013-07-11 10:17 . 2013-07-11 10:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\Ebyg 2013-07-10 12:32 . 2013-06-12 00:23 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-07-10 12:32 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-07-10 10:12 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-10 10:12 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-10 10:12 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-10 10:12 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-10 10:12 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 10:12 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-10 10:12 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-10 10:12 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-10 10:12 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-10 10:12 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-10 10:12 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-09 09:06 . 2013-07-17 15:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\Agall 2013-07-09 09:06 . 2013-07-09 09:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\Uhimw 2013-07-09 09:06 . 2013-07-09 09:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\Lair 2013-07-08 14:00 . 2013-07-10 10:54 -------- d-----w- c:\users\Administrator\AppData\Roaming\Omfe 2013-07-08 14:00 . 2013-07-08 14:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\Gagobi 2013-07-08 13:59 . 2013-07-10 12:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Esno . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-19 12:09 . 2012-05-04 09:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-19 12:09 . 2011-05-21 12:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-05 08:57 . 2013-06-05 08:57 644400 ----a-w- c:\windows\system32\mscomct2.ocx 2013-05-13 04:45 . 2013-06-12 07:48 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 07:48 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-12 07:48 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-12 07:48 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 07:48 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20 . 2013-06-12 07:49 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-12 07:48 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-12 07:48 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-06 05:06 . 2013-06-12 07:48 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-02 00:06 . 2011-05-21 12:08 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-04-26 04:55 . 2013-06-12 07:49 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30 . 2013-06-12 07:49 1505280 ----a-w- c:\windows\system32\d3d11.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-05 1104384] "HP Deskjet 3520 series (NET)"="c:\program files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672] "Toawhy"="c:\users\Administrator\AppData\Roaming\Iguk\nodo.exe" [2011-05-24 251392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-03 10082920] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-05-31 09:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2013-06-05 15:50 1104384 ----a-w- c:\users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x] R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [x] R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [x] R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [x] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1343400] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] . . Inhoud van de 'Gedeelde Taken' map . 2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 12:09] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dg7glcr4.default\ FF - prefs.js: browser.startup.homepage - Google FF - ExtSQL: 2013-07-19 13:39; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,dc, cb,77,f1,31,07,a2,7d,d9,65,c5,87,c4,b5 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,82,11, ef,68,99,44,0a,a1,32,d3,a9,2d,94,19,1f "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c2,fe, ad,57,97,ba,55,a2,e4,45,e0,cd,48,f9,13 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,cb, 08,9f,bd,e9,06,bb,9f,bf,17,88,6c,f1,df "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=hex: . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=hex: "Timestamp"=hex:d8,9e,2d,76,53,22,ce,01 . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,88,12,fd,f3,4f,53,46,a4,99,cd,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,88,12,fd,f3,4f,53,46,a4,99,cd,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,16,a2,c2,51,23,ed,42,86,7f,ea,\ . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.aif" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.aifc" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.aiff" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="VLC.avi" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.cda" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.cdda" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wmplayer.exe" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipa" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipg" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipsw" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itdb" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ite" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itl" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itlp" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itls" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itms" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itpc" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m3u" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m3u8" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4a" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4b" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4p" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4r" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4v" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice] @Denied: (2) (Administrator) "Progid"="VLC.mov" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.mp2" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.mp3" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.pcast" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\photoviewer.dll" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.pls" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (Administrator) "Progid"="PBrush" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice] @Denied: (2) (Administrator) "Progid"="txtfile" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.wav" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.wave" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMV" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-07-22 15:19:56 ComboFix-quarantined-files.txt 2013-07-22 13:19 ComboFix2.txt 2013-07-21 09:50 . Pre-Run: 196.413.448.192 bytes beschikbaar Post-Run: 196.152.762.368 bytes beschikbaar . - - End Of File - - 60293ADE090D8E38053544902B412B16 A36C5E4F47E84449FF07ED3517B43A31 B.v.d.!
  5. hidde565
    Nogmaals 't logje:-) ComboFix 13-07-20.03 - Hofte 21-07-2013 11:18:29.1.2 - x86 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.31.1043.18.3071.2154 [GMT 2:00] Gestart vanuit: c:\users\Administrator\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\tmp106C.tmp c:\windows\system32\tmp107C.tmp c:\windows\system32\tmp24E0.tmp c:\windows\system32\tmp24F1.tmp c:\windows\system32\tmpFDCD.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2013-06-21 to 2013-07-21 )))))))))))))))))))))))))))))) . . 2013-07-21 09:39 . 2013-07-21 09:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-07-20 09:10 . 2013-07-15 01:34 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C53CDAF-DA73-41EA-9E81-EC7DA6FB431A}\mpengine.dll 2013-07-19 13:02 . 2013-07-19 13:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-19 13:02 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-19 11:40 . 2013-07-19 11:40 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-07-19 11:40 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-07-19 11:40 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-07-19 11:40 . 2013-07-19 11:40 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-07-19 11:40 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-07-19 11:40 . 2013-07-19 11:40 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-07-19 11:40 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-07-19 11:40 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-07-19 11:40 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-07-19 11:38 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr 2013-07-19 11:37 . 2013-07-19 11:37 -------- d-----w- c:\program files\AVAST Software 2013-07-19 11:35 . 2013-07-19 11:37 -------- d-----w- c:\programdata\AVAST Software 2013-07-19 11:30 . 2013-07-19 11:30 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-07-19 11:30 . 2013-07-19 11:30 -------- d-----w- c:\program files\Trend Micro 2013-07-19 07:23 . 2013-07-20 10:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\Owix 2013-07-19 07:23 . 2013-07-19 07:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Wotu 2013-07-19 07:23 . 2013-07-19 07:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Iguk 2013-07-12 15:19 . 2013-07-19 08:33 -------- d-----w- c:\users\Administrator\AppData\Roaming\Leowo 2013-07-12 15:19 . 2013-07-19 07:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Wopot 2013-07-12 15:19 . 2013-07-12 15:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\Ivaxl 2013-07-12 13:33 . 2013-07-12 13:39 -------- d-----w- c:\windows\system32\MRT 2013-07-11 10:17 . 2013-07-19 11:20 -------- d-----w- c:\users\Administrator\AppData\Roaming\Orhuan 2013-07-11 10:17 . 2013-07-11 10:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\Marido 2013-07-11 10:17 . 2013-07-11 10:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\Ebyg 2013-07-10 12:32 . 2013-06-12 00:23 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-07-10 12:32 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-07-10 10:12 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-10 10:12 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-10 10:12 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-10 10:12 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-10 10:12 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 10:12 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-10 10:12 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-10 10:12 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-10 10:12 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-10 10:12 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-10 10:12 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-09 09:06 . 2013-07-17 15:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\Agall 2013-07-09 09:06 . 2013-07-09 09:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\Uhimw 2013-07-09 09:06 . 2013-07-09 09:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\Lair 2013-07-08 14:00 . 2013-07-10 10:54 -------- d-----w- c:\users\Administrator\AppData\Roaming\Omfe 2013-07-08 14:00 . 2013-07-08 14:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\Gagobi 2013-07-08 13:59 . 2013-07-10 12:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Esno 2013-06-21 11:35 . 2013-06-27 10:10 -------- d-----w- c:\users\Administrator\AppData\Roaming\Ykarr 2013-06-21 11:35 . 2013-06-24 17:54 -------- d-----w- c:\users\Administrator\AppData\Roaming\Osym 2013-06-21 11:35 . 2013-06-21 11:35 -------- d-----w- c:\users\Administrator\AppData\Roaming\Ilaz . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-19 12:09 . 2012-05-04 09:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-19 12:09 . 2011-05-21 12:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-05 08:57 . 2013-06-05 08:57 644400 ----a-w- c:\windows\system32\mscomct2.ocx 2013-05-13 04:45 . 2013-06-12 07:48 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 07:48 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-12 07:48 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-12 07:48 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 07:48 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 16:48 . 2013-05-10 16:48 0 ----a-w- c:\windows\system32\FAP5286.tmp 2013-05-10 16:48 . 2013-05-10 16:48 0 ----a-w- c:\windows\system32\FAP4AF2.tmp 2013-05-10 16:48 . 2013-05-10 16:48 0 ----a-w- c:\windows\system32\FAP4A33.tmp 2013-05-10 16:48 . 2013-05-10 16:48 0 ----a-w- c:\windows\system32\FAP4733.tmp 2013-05-10 03:20 . 2013-06-12 07:49 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-12 07:48 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-12 07:48 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-06 05:06 . 2013-06-12 07:48 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-02 00:06 . 2011-05-21 12:08 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-04-26 04:55 . 2013-06-12 07:49 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30 . 2013-06-12 07:49 1505280 ----a-w- c:\windows\system32\d3d11.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-05 1104384] "HP Deskjet 3520 series (NET)"="c:\program files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672] "Toawhy"="c:\users\Administrator\AppData\Roaming\Iguk\nodo.exe" [2011-05-24 251392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-03 10082920] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-05-31 09:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2013-06-05 15:50 1104384 ----a-w- c:\users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x] R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [x] R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [x] R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [x] R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1343400] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336] S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2013-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 12:09] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dg7glcr4.default\ FF - prefs.js: browser.startup.homepage - Google FF - ExtSQL: 2013-07-19 13:39; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHANS VERWIJDERD - - - - . ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file) MSConfigStartUp-195.241.0.128 @ MacBook Pro van E.J.G - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE MSConfigStartUp-EPSON Stylus DX5000 Series - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE MSConfigStartUp-EPSON Stylus DX5000 Series (Kopie 1) - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE MSConfigStartUp-Google Update - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe MSConfigStartUp-HP Deskjet 3070 B611 series (NET) - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,dc, cb,77,f1,31,07,a2,7d,d9,65,c5,87,c4,b5 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,82,11, ef,68,99,44,0a,a1,32,d3,a9,2d,94,19,1f "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c2,fe, ad,57,97,ba,55,a2,e4,45,e0,cd,48,f9,13 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,cb, 08,9f,bd,e9,06,bb,9f,bf,17,88,6c,f1,df "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=hex: . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=hex: "Timestamp"=hex:d8,9e,2d,76,53,22,ce,01 . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,88,12,fd,f3,4f,53,46,a4,99,cd,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,88,12,fd,f3,4f,53,46,a4,99,cd,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,16,a2,c2,51,23,ed,42,86,7f,ea,\ . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.aif" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.aifc" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.aiff" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="VLC.avi" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.cda" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.cdda" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wmplayer.exe" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipa" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipg" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipsw" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itdb" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ite" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itl" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itlp" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itls" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itms" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itpc" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m3u" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m3u8" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4a" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4b" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4p" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4r" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4v" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice] @Denied: (2) (Administrator) "Progid"="VLC.mov" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.mp2" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.mp3" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.pcast" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\photoviewer.dll" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.pls" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (Administrator) "Progid"="PBrush" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice] @Denied: (2) (Administrator) "Progid"="txtfile" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.wav" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.wave" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMV" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(3400) c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2013-07-21 11:50:05 - machine werd herstart ComboFix-quarantined-files.txt 2013-07-21 09:50 . Pre-Run: 197.598.912.512 bytes beschikbaar Post-Run: 197.133.799.424 bytes beschikbaar . - - End Of File - - 93F10560F4A33A83097AD1AE272AB5C5 A36C5E4F47E84449FF07ED3517B43A31
  6. hidde565
    Goedemorgen! Welk lijntje haha? ADWlogje: # AdwCleaner v2.306 - Verslag gemaakt op 20/07/2013 om 11:21:01 # Geactualiseerd op 19/07/2013 door Xplode # Besturingssysteem : Windows 7 Enterprise Service Pack 1 (32 bits) # Gebruiker : Hofte - HOFTE-PC # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Administrator\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijderd : C:\END Map Verwijderd : C:\Program Files\registry mechanic Map Verwijderd : C:\ProgramData\Babylon Map Verwijderd : C:\Users\Administrator\AppData\Local\Conduit Map Verwijderd : C:\Users\Administrator\AppData\LocalLow\Conduit Map Verwijderd : C:\Users\Administrator\AppData\Roaming\Babylon Map Verwijderd : C:\Users\Administrator\AppData\Roaming\registry mechanic ***** [Register] ***** Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartBar Sleutel Verwijderd : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo Sleutel Verwijderd : HKCU\Software\InstallCore Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Sleutel Verwijderd : HKCU\Software\Softonic Sleutel Verwijderd : HKLM\Software\Babylon Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc Sleutel Verwijderd : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Sleutel Verwijderd : HKLM\Software\Conduit Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68} Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] ***** [browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v22.0 (nl) File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dg7glcr4.default\prefs.js C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dg7glcr4.default\user.js ... Verwijderd ! [OK] De file bevat geen enkele ongeoorloofde invoer. File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dg7glcr4.default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dg7glcr4.default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[s1].txt - [3710 octets] - [20/07/2013 11:21:01] ########## EOF - C:\AdwCleaner[s1].txt - [3770 octets] ########## HIJACKTHIS logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:25:56, on 20-7-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16635) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2C51G3H905SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [Toawhy] C:\Users\Administrator\AppData\Roaming\Iguk\nodo.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- End of file - 5653 bytes B.v.d.
  7. hidde565
    MBAM-logje: Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2013.04.04.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 Hofte :: HOFTE-PC [administrator] 19-7-2013 15:13:30 mbam-log-2013-07-19 (15-13-30).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 202636 Verstreken tijd: 9 minuut/minuten, 17 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\Users\Administrator\AppData\Local\funmoods.crx (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Administrator\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) HIJACKTHIS logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:32:54, on 19-7-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16635) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\taskhost.exe C:\Program Files\Online Armor\oaui.exe C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe C:\Program Files\Online Armor\OAhlp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\oaui.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2C51G3H905SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [Toawhy] C:\Users\Administrator\AppData\Roaming\Iguk\nodo.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe -- End of file - 6073 bytes
  8. hidde565
    Hierbij 't logje! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:14:47, on 19-7-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16635) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll" (file missing) O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2C51G3H905SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [suubovi] C:\Users\Administrator\AppData\Roaming\Ebyg\qapyo.exe O4 - HKCU\..\Run: [Toawhy] C:\Users\Administrator\AppData\Roaming\Iguk\nodo.exe O4 - HKCU\..\Run: [Vynad] C:\Users\Administrator\AppData\Roaming\Leowo\egaxu.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- End of file - 6509 bytes B.v.d.
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.