Stroekes

Dat stond standaard uit, en ook het eens aanvinken brengt geen oplossing..

Dag Jion, Bedankt voor je snelle reactie. Ik heb je stappen uitgevoerd tot het scannen van de laptop en het verwijderen van het virus. Dit wordt immers steeds afgebroken omdat ik geen internetverbinding heb. Het wachtwoord van de wifi is thuis onlangs veranderd en ik kan dit dus niet op de laptop aanpassen zolang het virus niet weg is. Daarna heb ik geprobeerd een lan-kabel rechtstreeks op mijn router aan te sluiten en zo de scanner te laten lopen, ook zonder succes. Is het mogelijk om de scan te laten uitvoeren zonder internetverbinding? Mvg, Michiel

Hallo, Mijn laptop is geïnfecteerd met het politie-virus waardoor ik mijn pc niet meer kan opstarten. Opvallend is dat ik ook niet in veilige modus kan werken, de laptop meldt zich dan automatisch weer af en start opnieuw op. Ik zag in het forum dat er nog mensen waren met dit virus, maar zag niet meteen iemand die ook niet in veilige modus kon opstarten. Kan iemand me helpen? Alvast bedankt! Michiel

Hallo, Ik weet niet of dit iets te maken heeft met het vorige probleem, maar mijn pc is zojuist afgesloten door een blauw scherm en terug opgestart met de volgende boodschap. De volledige tekst staat er gekopieerd onder. Kan het kwaad of is het gewoon een foutje van windows? Probleemhandtekening: Gebeurtenisnaam van probleem: BlueScreen Versie van besturingssysteem: 6.1.7601.2.1.0.256.1 Landinstelling-id: 2067 Aanvullende informatie over dit probleem: BCCode: 19 BCP1: 0000000000000003 BCP2: FFFFF8A00FB55160 BCP3: FFFFF8A00EB55160 BCP4: FFFFF8A00FB55160 OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Bestanden die helpen bij het beschrijven van het probleem: C:\Windows\Minidump\082513-19219-01.dmp C:\Users\Stroek\AppData\Local\Temp\WER-1327615-0.sysdata.xml Lees de onlineprivacyverklaring: Windows 7 Privacyverklaring - Microsoft Windows Als de onlineprivacyverklaring niet beschikbaar is, lees dan onze offlineprivacyverklaring: C:\Windows\system32\nl-NL\erofflps.txt

Ok, heb ik gedaan. Ik hou je op de hoogte moesten er nog problemen opduiken. Voorlopig lijkt alles in orde. Heel erg bedankt voor de hulp! Mvg

Voorlopig geen problemen.. Het vervelende is dat het erg onvoorspelbaar is wanneer ik er last van heb. Moest het probleem weer opduiken laat ik hier even iets weten! Alvast bedankt voor de snelle en professionele hulp!

# AdwCleaner v3.000 - Report created 20/08/2013 at 16:06:34 # Updated 20/08/2013 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Stroek - STROEK-PC # Running from : C:\Users\Stroek\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar Folder Deleted : C:\Users\Stroek\AppData\Roaming\dvdvideosoftiehelpers Folder Deleted : C:\Users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\Conduit Folder Deleted : C:\Users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\Extensions\DTToolbar@toolbarnet.com File Deleted : C:\Users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\searchplugins\daemon-search.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v21.0 (nl) [ File : C:\Users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\prefs.js ] Line Deleted : user_pref("CT2269050..clientLogIsEnabled", true); Line Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); Line Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); Line Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Line Deleted : user_pref("CT2269050.AppTrackingLastCheckTime", "Thu Mar 10 2011 13:41:20 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.CurrentServerDate", "10-3-2011"); Line Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR"); Line Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Thu Mar 10 2011 13:41:10 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.DownloadReferralCookieData", ""); Line Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Thu Mar 10 2011 13:46:10 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.FirstServerDate", "10-3-2011"); Line Deleted : user_pref("CT2269050.FirstTimeFF3", true); Line Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Line Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Line Deleted : user_pref("CT2269050.HasUserGlobalKeys", true); Line Deleted : user_pref("CT2269050.Initialize", true); Line Deleted : user_pref("CT2269050.InitializeCommonPrefs", true); Line Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1); Line Deleted : user_pref("CT2269050.InstalledDate", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.InvalidateCache", false); Line Deleted : user_pref("CT2269050.IsGrouping", false); Line Deleted : user_pref("CT2269050.IsMulticommunity", false); Line Deleted : user_pref("CT2269050.IsOpenThankYouPage", true); Line Deleted : user_pref("CT2269050.IsOpenUninstallPage", true); Line Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Line Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); Line Deleted : user_pref("CT2269050.LastLogin_3.3.2.1", "Thu Mar 10 2011 13:41:10 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.LatestVersion", "3.2.5.2"); Line Deleted : user_pref("CT2269050.Locale", "en"); Line Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Line Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Line Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Line Deleted : user_pref("CT2269050.RadioIsPodcast", false); Line Deleted : user_pref("CT2269050.RadioLastCheckTime", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Line Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Line Deleted : user_pref("CT2269050.RadioMediaID", "12473383"); Line Deleted : user_pref("CT2269050.RadioMediaType", "Media Player"); Line Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Line Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Line Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Line Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Line Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true); Line Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Line Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); Line Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"); Line Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Thu Mar 10 2011 13:41:09 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Thu Mar 10 2011 13:41:10 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.SettingsLastUpdate", "1299585172"); Line Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Line Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Mar 10 2011 13:41:09 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578"); Line Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050"); Line Deleted : user_pref("CT2269050.UserID", "UN29215516318565458"); Line Deleted : user_pref("CT2269050.WeatherNetwork", ""); Line Deleted : user_pref("CT2269050.WeatherPollDate", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.WeatherUnit", "C"); Line Deleted : user_pref("CT2269050.alertChannelId", "666138"); Line Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com\"}"); Line Deleted : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.isAppTrackingManagerOn", true); Line Deleted : user_pref("CT2269050.myStuffEnabled", true); Line Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Line Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); Line Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Line Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); Line Deleted : user_pref("CT2269050.testingCtid", ""); Line Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Thu Mar 10 2011 13:41:10 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/BE", "\"0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BE", "\"0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1280150108\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg=="); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "poKjTfHs0NrVUIalKI8jyg=="); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg=="); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg=="); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"01ffa8b1cc6cb1:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2.1", "\"0652eeacc6cb1:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.2.1", "\"0652eeacc6cb1:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"634333631231730000\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634339976460000000"); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1299585172\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634351849102130000\""); Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2269050"); Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"); Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "dvdvideosofttb"); Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true); Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", ""); Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", ""); Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", ""); Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050"); Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 10 2011 13:41:10 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60); Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Mar 10 2011 13:41:18 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Mar 10 2011 13:41:09 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234"); Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line Deleted : user_pref("CommunityToolbar.alert.userId", "a28a2577-e81f-460d-9b42-e37271167856"); Line Deleted : user_pref("CommunityToolbar.globalUserId", "323e2b7c-f7ce-4ee2-896c-2c94bed3eec2"); Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Line Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true); -\\ Google Chrome v [ File : C:\Users\Stroek\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [14185 octets] - [20/08/2013 16:06:03] AdwCleaner[s0].txt - [14167 octets] - [20/08/2013 16:06:34] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14228 octets] ##########

ComboFix 13-08-19.02 - Stroek 20/08/2013 15:06:36.2.6 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.4094.2791 [GMT 2:00] Gestart vanuit: c:\users\Stroek\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Stroek\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2013-07-20 to 2013-08-20 )))))))))))))))))))))))))))))) . . 2013-08-20 13:15 . 2013-08-20 13:15 -------- d-----w- c:\users\Dominique\AppData\Local\temp 2013-08-20 13:15 . 2013-08-20 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-20 08:56 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{977211E5-250F-491E-8CD7-AF6DD770ED8F}\mpengine.dll 2013-08-18 21:05 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-16 12:17 . 2013-08-16 12:17 -------- d-----w- c:\programdata\Solidshield 2013-08-16 10:15 . 2013-08-16 10:15 -------- d-----w- c:\program files (x86)\Microsoft WSE 2013-08-15 01:01 . 2013-08-15 01:03 -------- d-----w- c:\windows\system32\MRT . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-15 01:01 . 2011-02-22 18:57 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-07-28 10:43 . 2012-11-12 17:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-28 10:43 . 2012-11-12 17:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-17 15:12 . 2013-07-17 15:12 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C94D217-5337-416F-8AFF-D393E37304E4}\gapaengine.dll 2013-07-09 04:45 . 2013-08-14 06:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-06-20 22:06 . 2013-06-20 22:06 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-06-05 03:34 . 2013-07-10 11:21 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 06:00 . 2013-07-10 11:21 624128 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 04:53 . 2013-07-10 11:21 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-05-30 21:49 . 2013-05-30 21:49 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-05-30 21:49 . 2013-05-30 21:49 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-05-30 21:49 . 2013-05-30 21:49 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-05-30 21:49 . 2013-05-30 21:49 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-05-30 21:49 . 2013-05-30 21:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-05-30 21:49 . 2013-05-30 21:49 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-05-30 21:49 . 2013-05-30 21:49 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-05-30 21:49 . 2013-05-30 21:49 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-05-30 21:49 . 2013-05-30 21:49 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-05-30 21:49 . 2013-05-30 21:49 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-05-30 21:49 . 2013-05-30 21:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-05-30 21:49 . 2013-05-30 21:49 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-05-30 21:49 . 2013-05-30 21:49 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-05-30 21:49 . 2013-05-30 21:49 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-05-30 21:49 . 2013-05-30 21:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-05-30 21:49 . 2013-05-30 21:49 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-05-30 21:49 . 2013-05-30 21:49 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-05-30 21:49 . 2013-05-30 21:49 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-05-30 21:49 . 2013-05-30 21:49 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-05-30 21:49 . 2013-05-30 21:49 81408 ----a-w- c:\windows\system32\icardie.dll 2013-05-30 21:49 . 2013-05-30 21:49 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-05-30 21:49 . 2013-05-30 21:49 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-05-30 21:49 . 2013-05-30 21:49 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-05-30 21:49 . 2013-05-30 21:49 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-05-30 21:49 . 2013-05-30 21:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-05-30 21:49 . 2013-05-30 21:49 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-05-30 21:49 . 2013-05-30 21:49 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-05-30 21:49 . 2013-05-30 21:49 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-05-30 21:49 . 2013-05-30 21:49 441856 ----a-w- c:\windows\system32\html.iec 2013-05-30 21:49 . 2013-05-30 21:49 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-05-30 21:49 . 2013-05-30 21:49 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-05-30 21:49 . 2013-05-30 21:49 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-05-30 21:49 . 2013-05-30 21:49 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-05-30 21:49 . 2013-05-30 21:49 235008 ----a-w- c:\windows\system32\url.dll 2013-05-30 21:49 . 2013-05-30 21:49 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-05-30 21:49 . 2013-05-30 21:49 216064 ----a-w- c:\windows\system32\msls31.dll 2013-05-30 21:49 . 2013-05-30 21:49 197120 ----a-w- c:\windows\system32\msrating.dll 2013-05-30 21:49 . 2013-05-30 21:49 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-30 21:49 . 2013-05-30 21:49 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-05-30 21:49 . 2013-05-30 21:49 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-30 21:49 . 2013-05-30 21:49 149504 ----a-w- c:\windows\system32\occache.dll 2013-05-30 21:49 . 2013-05-30 21:49 144896 ----a-w- c:\windows\system32\wextract.exe 2013-05-30 21:49 . 2013-05-30 21:49 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-05-30 21:49 . 2013-05-30 21:49 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-05-30 21:49 . 2013-05-30 21:49 13824 ----a-w- c:\windows\system32\mshta.exe 2013-05-30 21:49 . 2013-05-30 21:49 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-05-30 21:49 . 2013-05-30 21:49 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-05-30 21:49 . 2013-05-30 21:49 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-05-30 21:49 . 2013-05-30 21:49 102912 ----a-w- c:\windows\system32\inseng.dll 2013-05-30 21:48 . 2013-05-30 21:48 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-05-30 21:48 . 2013-05-30 21:48 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-05-30 21:48 . 2013-05-30 21:48 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-05-30 21:48 . 2013-05-30 21:48 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-05-30 21:48 . 2013-05-30 21:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-05-30 21:48 . 2013-05-30 21:48 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-05-30 21:48 . 2013-05-30 21:48 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-05-30 21:48 . 2013-05-30 21:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-05-30 21:48 . 2013-05-30 21:48 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-05-30 21:48 . 2013-05-30 21:48 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-05-30 21:48 . 2013-05-30 21:48 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-05-30 21:48 . 2013-05-30 21:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-05-30 21:48 . 2013-05-30 21:48 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-05-30 21:48 . 2013-05-30 21:48 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-05-30 21:48 . 2013-05-30 21:48 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-05-30 21:48 . 2013-05-30 21:48 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-05-30 21:48 . 2013-05-30 21:48 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-05-30 21:48 . 2013-05-30 21:48 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-05-30 21:48 . 2013-05-30 21:48 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-05-30 21:48 . 2013-05-30 21:48 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-05-30 21:48 . 2013-05-30 21:48 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-05-30 21:48 . 2013-05-30 21:48 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-05-30 21:48 . 2013-05-30 21:48 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-05-30 21:48 . 2013-05-30 21:48 1238528 ----a-w- c:\windows\system32\d3d10.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-18 393216] "beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys;c:\windows\SYSNATIVE\DRIVERS\a38usb.sys [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;tsusbhub [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . Inhoud van de 'Gedeelde Taken' map . 2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 10:44] . 2013-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000Core.job - c:\users\Stroek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 14:16] . 2013-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000UA.job - c:\users\Stroek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 14:16] . 2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 21:18] . 2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 21:18] . 2013-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000Core.job - c:\users\Stroek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 20:04] . 2013-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000UA.job - c:\users\Stroek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 20:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 2342800] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Stroek\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm TCP: DhcpNameServer = 195.130.130.131 195.130.131.131 FF - ProfilePath - c:\users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\ . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-120555910-2794771251-531984787-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:43,26,cb,f6,de,85,1e,6f,c1,8b,81,84,43,0e,57,bd,19,35,54,f2,e6,73,00, 92,a7,b9,ee,2f,5a,5b,b0,4f,51,a1,14,80,18,ac,9b,df,fa,be,43,ed,fa,c6,73,14,\ "??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa . [HKEY_USERS\S-1-5-21-120555910-2794771251-531984787-1000\Software\SecuROM\License information*] "datasecu"=hex:d7,3c,81,c8,1a,77,fd,b1,bd,e8,50,f7,d9,77,98,f8,c0,26,b0,22,49, d6,f7,45,5d,91,7f,9c,5a,02,26,1a,b7,f9,53,2e,39,35,3c,e0,90,6f,77,dc,f0,3d,\ "rkeysecu"=hex:f4,a1,dd,d2,a2,18,38,c1,1b,1e,14,a3,4e,36,f6,c0 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-08-20 15:17:15 ComboFix-quarantined-files.txt 2013-08-20 13:17 ComboFix2.txt 2013-08-20 09:25 . Pre-Run: 672.454.766.592 bytes free Post-Run: 672.305.061.888 bytes beschikbaar . - - End Of File - - EE6C4DA5565B24EBE0F218BF81C4063E A36C5E4F47E84449FF07ED3517B43A31

Alvast bedankt om zo snel te reageren! Combofix liep probleemloos, de log volgt hieronder. ComboFix 13-08-19.02 - Stroek 20/08/2013 11:16:53.1.6 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.4094.2791 [GMT 2:00] Gestart vanuit: c:\users\Stroek\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Public\38.doc c:\windows\IsUn0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-07-20 to 2013-08-20 )))))))))))))))))))))))))))))) . . 2013-08-20 09:24 . 2013-08-20 09:24 -------- d-----w- c:\users\Dominique\AppData\Local\temp 2013-08-20 09:24 . 2013-08-20 09:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-20 08:56 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{977211E5-250F-491E-8CD7-AF6DD770ED8F}\mpengine.dll 2013-08-18 21:05 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-16 12:17 . 2013-08-16 12:17 -------- d-----w- c:\programdata\Solidshield 2013-08-16 10:15 . 2013-08-16 10:15 -------- d-----w- c:\program files (x86)\Microsoft WSE 2013-08-15 01:01 . 2013-08-15 01:03 -------- d-----w- c:\windows\system32\MRT . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-15 01:01 . 2011-02-22 18:57 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-07-28 10:43 . 2012-11-12 17:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-28 10:43 . 2012-11-12 17:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-17 15:12 . 2013-07-17 15:12 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C94D217-5337-416F-8AFF-D393E37304E4}\gapaengine.dll 2013-07-09 04:45 . 2013-08-14 06:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-06-20 22:06 . 2013-06-20 22:06 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-06-05 03:34 . 2013-07-10 11:21 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 06:00 . 2013-07-10 11:21 624128 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 04:53 . 2013-07-10 11:21 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-05-30 21:49 . 2013-05-30 21:49 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-05-30 21:49 . 2013-05-30 21:49 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-05-30 21:49 . 2013-05-30 21:49 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-05-30 21:49 . 2013-05-30 21:49 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-05-30 21:49 . 2013-05-30 21:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-05-30 21:49 . 2013-05-30 21:49 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-05-30 21:49 . 2013-05-30 21:49 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-05-30 21:49 . 2013-05-30 21:49 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-05-30 21:49 . 2013-05-30 21:49 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-05-30 21:49 . 2013-05-30 21:49 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-05-30 21:49 . 2013-05-30 21:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-05-30 21:49 . 2013-05-30 21:49 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-05-30 21:49 . 2013-05-30 21:49 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-05-30 21:49 . 2013-05-30 21:49 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-05-30 21:49 . 2013-05-30 21:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-05-30 21:49 . 2013-05-30 21:49 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-05-30 21:49 . 2013-05-30 21:49 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-05-30 21:49 . 2013-05-30 21:49 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-05-30 21:49 . 2013-05-30 21:49 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-05-30 21:49 . 2013-05-30 21:49 81408 ----a-w- c:\windows\system32\icardie.dll 2013-05-30 21:49 . 2013-05-30 21:49 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-05-30 21:49 . 2013-05-30 21:49 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-05-30 21:49 . 2013-05-30 21:49 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-05-30 21:49 . 2013-05-30 21:49 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-05-30 21:49 . 2013-05-30 21:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-05-30 21:49 . 2013-05-30 21:49 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-05-30 21:49 . 2013-05-30 21:49 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-05-30 21:49 . 2013-05-30 21:49 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-05-30 21:49 . 2013-05-30 21:49 441856 ----a-w- c:\windows\system32\html.iec 2013-05-30 21:49 . 2013-05-30 21:49 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-05-30 21:49 . 2013-05-30 21:49 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-05-30 21:49 . 2013-05-30 21:49 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-05-30 21:49 . 2013-05-30 21:49 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-05-30 21:49 . 2013-05-30 21:49 235008 ----a-w- c:\windows\system32\url.dll 2013-05-30 21:49 . 2013-05-30 21:49 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-05-30 21:49 . 2013-05-30 21:49 216064 ----a-w- c:\windows\system32\msls31.dll 2013-05-30 21:49 . 2013-05-30 21:49 197120 ----a-w- c:\windows\system32\msrating.dll 2013-05-30 21:49 . 2013-05-30 21:49 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-30 21:49 . 2013-05-30 21:49 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-05-30 21:49 . 2013-05-30 21:49 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-30 21:49 . 2013-05-30 21:49 149504 ----a-w- c:\windows\system32\occache.dll 2013-05-30 21:49 . 2013-05-30 21:49 144896 ----a-w- c:\windows\system32\wextract.exe 2013-05-30 21:49 . 2013-05-30 21:49 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-05-30 21:49 . 2013-05-30 21:49 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-05-30 21:49 . 2013-05-30 21:49 13824 ----a-w- c:\windows\system32\mshta.exe 2013-05-30 21:49 . 2013-05-30 21:49 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-05-30 21:49 . 2013-05-30 21:49 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-05-30 21:49 . 2013-05-30 21:49 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-05-30 21:49 . 2013-05-30 21:49 102912 ----a-w- c:\windows\system32\inseng.dll 2013-05-30 21:48 . 2013-05-30 21:48 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-05-30 21:48 . 2013-05-30 21:48 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-05-30 21:48 . 2013-05-30 21:48 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-05-30 21:48 . 2013-05-30 21:48 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-05-30 21:48 . 2013-05-30 21:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-05-30 21:48 . 2013-05-30 21:48 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-05-30 21:48 . 2013-05-30 21:48 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-05-30 21:48 . 2013-05-30 21:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-05-30 21:48 . 2013-05-30 21:48 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-05-30 21:48 . 2013-05-30 21:48 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-05-30 21:48 . 2013-05-30 21:48 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-05-30 21:48 . 2013-05-30 21:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-05-30 21:48 . 2013-05-30 21:48 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-30 21:48 . 2013-05-30 21:48 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-05-30 21:48 . 2013-05-30 21:48 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-05-30 21:48 . 2013-05-30 21:48 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-05-30 21:48 . 2013-05-30 21:48 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-05-30 21:48 . 2013-05-30 21:48 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-05-30 21:48 . 2013-05-30 21:48 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-05-30 21:48 . 2013-05-30 21:48 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-05-30 21:48 . 2013-05-30 21:48 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-05-30 21:48 . 2013-05-30 21:48 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-05-30 21:48 . 2013-05-30 21:48 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-05-30 21:48 . 2013-05-30 21:48 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-05-30 21:48 . 2013-05-30 21:48 1238528 ----a-w- c:\windows\system32\d3d10.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-18 393216] "beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys;c:\windows\SYSNATIVE\DRIVERS\a38usb.sys [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;tsusbhub [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . Inhoud van de 'Gedeelde Taken' map . 2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 10:44] . 2013-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000Core.job - c:\users\Stroek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 14:16] . 2013-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000UA.job - c:\users\Stroek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 14:16] . 2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 21:18] . 2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 21:18] . 2013-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000Core.job - c:\users\Stroek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 20:04] . 2013-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000UA.job - c:\users\Stroek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 20:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 2342800] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Stroek\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm TCP: DhcpNameServer = 195.130.130.131 195.130.131.131 FF - ProfilePath - c:\users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/startpage|Google . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Stroek\AppData\Local\Akamai\netsession_win.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-120555910-2794771251-531984787-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:43,26,cb,f6,de,85,1e,6f,c1,8b,81,84,43,0e,57,bd,19,35,54,f2,e6,73,00, 92,a7,b9,ee,2f,5a,5b,b0,4f,51,a1,14,80,18,ac,9b,df,fa,be,43,ed,fa,c6,73,14,\ "??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa . [HKEY_USERS\S-1-5-21-120555910-2794771251-531984787-1000\Software\SecuROM\License information*] "datasecu"=hex:d7,3c,81,c8,1a,77,fd,b1,bd,e8,50,f7,d9,77,98,f8,c0,26,b0,22,49, d6,f7,45,5d,91,7f,9c,5a,02,26,1a,b7,f9,53,2e,39,35,3c,e0,90,6f,77,dc,f0,3d,\ "rkeysecu"=hex:f4,a1,dd,d2,a2,18,38,c1,1b,1e,14,a3,4e,36,f6,c0 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-08-20 11:25:58 ComboFix-quarantined-files.txt 2013-08-20 09:25 . Pre-Run: 672.153.149.440 bytes free Post-Run: 672.655.831.040 bytes free . - - End Of File - - 96C5368BE80EACD19E5556F639B34F24 A36C5E4F47E84449FF07ED3517B43A31

Hallo, Ik heb sinds enkele maanden het probleem zoals beschreven in deze archief-post: http://www.pc-helpforum.be/f182/problemen-met-windows-32717/ . De problemen komen en gaan in vlagen, soms werkt hij weken weer goed, de andere keer is er niets mee aan te vangen. Het probleem is dus dat windows explorer blijft vasthangen, waardoor ik alle programma's waar ik als administrator moet voor aangemeld zijn niet kan openen. Ook games en soms banale programma's reageren niet als je ze probeert te openen. Verder geraak ik zeer traag afgemeld tenzij ik op forceren klik, doordat ik moet wachten op explorer.exe. Ik weet niet of dit ermee te maken heeft, maar het valt me ook op dat adobe flash player vaak crasht wanneer ik bvb. facebook gebruik. Wanneer de problemen zich voordoen speelt het aanmeldingsgeluid niet af. Opvallend is ook dat als ik de pc een tijdje laat rusten (zo'n kwartier à half uur) explorer.exe zich blijkbaar herstelt en de programma's wel ineens allemaal open gaan (vaak gepaard met heel wat beveiligingsvragen). Ik geef hieronder meteen een hijackthis logfile mee. Hopelijk kan iemand me helpen zoals dat hierboven is gebeurd, alvast bedankt! Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 11:45:50, on 19/08/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16660) CHROME: 28.0.1500.95 FIREFOX: 17.0 (nl) Boot mode: Normal Running processes: C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe C:\Windows\DAODx.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Origin\Origin.exe C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stroek\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" O4 - HKCU\..\Run: [beid] C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Stroek\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Stroek\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Stroek\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9309 bytes