Malware-Spyware?

[kemicky]

Hallo mensen,

Volgens mij heeft zich spyware of malware in mijn computer ingeslopen. Kunnen jullie mij helpen?

Alvast bedankt

Vriendelijke groeten

Kemicky

[Dasle]

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

Bekijk ook de instructievideo.

[kemicky]

Logfile of random's system information tool 1.09 (written by random/random)

Run by Michael Kempen at 2014-01-15 08:48:17

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 486 GB (65%) free of 749 GB

Total RAM: 8174 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:48:24, on 15-1-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\StickyPad\StickyPad.exe

C:\Program Files (x86)\ArcSoft\MediaConverter 4 Platinum\Monitor.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\pdf24\pdf24.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\Michael Kempen\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\Michael Kempen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (file missing)

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\ee8560b2-e902-47fa-812e-756ed5779fc1.exe /check

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [sticky Pad] C:\Program Files (x86)\StickyPad\StickyPad.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = Michael Kempen\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Device Monitor.lnk = C:\Program Files (x86)\ArcSoft\MediaConverter 4 Platinum\Monitor.exe

O4 - Global Startup: simplicheck.lnk = C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\progra~2\movies~1\datamngr\mgrldr.dll c:\progra~3\wincert\win32c~1.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Bandoo Media Inc. - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10966 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"

C:\Windows\system32\svchost.exe -k GPSvcGroup

atieclxx

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"

"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService

"C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe"

"C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe" -monitor 496

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\viakaraokesrv.exe

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 1448

taskeng.exe {9FF8DD30-3FC9-4D4E-A30E-171936824A0D}

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5914bdf9-506d-4b66-b3b4-bcac07710ee2 -SystemEventPortName:HostProcess-3c620bf2-2270-4528-a892-2e43bb589d09 -IoCancelEventPortName:HostProcess-9490e4df-422e-4d57-87b1-0cbe91cbbf4d -NonStateChangingEventPortName:HostProcess-52892984-3d4a-420c-b5ee-257f1d8d1394 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:33a8c1f3-1be9-450e-ac8e-171178ad6743 -DeviceGroupId:WpdFsGroup

"taskhost.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Windows\system32\Dwm.exe"

"C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe"

"C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe"

C:\Windows\Explorer.EXE

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

"C:\Program Files (x86)\StickyPad\StickyPad.exe"

"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r

"C:\Program Files (x86)\ArcSoft\MediaConverter 4 Platinum\Monitor.exe" -H

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"C:\Program Files (x86)\pdf24\pdf24.exe"

"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow

"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

"C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe" -timer

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Users\Michael Kempen\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4672.0.1668145010\1127584770" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --gpu-vendor-id=0x1002 --gpu-device-id=0x683f --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=9.12.0.0 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --channel="4672.1.1533491842\1088063294" /prefetch:673131151

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="4672.5.944644283\1285403916" /prefetch:673131151

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NetworkConnectivity/disable_network_stats/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="4672.13.1897714331\385808954" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4672.14.2104983905\1544426636" --ppapi-flash-args --lang=nl --ignored=" --type=renderer " /prefetch:-632637702

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NetworkConnectivity/disable_network_stats/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="4672.15.1112773604\320906047" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service

C:\Windows\splwow64.exe 8192

ArcCon.ac 131976 0

"C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NetworkConnectivity/disable_network_stats/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="4672.37.1997777008\1334304775" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NetworkConnectivity/disable_network_stats/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="4672.38.106503283\185631269" /prefetch:673131151

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544

"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 3AE606F8-8839-DD3F-8F59-9E6F128F2F07 -Reinvoke

"C:\Users\Michael Kempen\Downloads\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-06 553384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-06 210856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Help bij koppelingen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23 72336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0}]

Search-Results Toolbar - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

{377e5d4d-77e5-476a-8716-7e70a9272da0} - Search-Results Toolbar - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]

"Sticky Pad"=C:\Program Files (x86)\StickyPad\StickyPad.exe [2012-08-13 516153]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2012-02-09 5015040]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-12-19 642808]

"PDFPrint"=C:\Program Files (x86)\pdf24\pdf24.exe [2013-02-19 162856]

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]

"DATAMNGR"=C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE []

"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

"20131121"=C:\Program Files\AVAST Software\Avast\setup\emupdate\ee8560b2-e902-47fa-812e-756ed5779fc1.exe [2013-11-23 180184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Device Monitor.lnk - C:\Program Files (x86)\ArcSoft\MediaConverter 4 Platinum\Monitor.exe

simplicheck.lnk - C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe

C:\Users\Michael Kempen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\Michael Kempen\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=lvcod64.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"MSVideo"=vfwwdm32.dll

"MSVideo8"=VfWWDM32.dll

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-15 08:48:17 ----D---- C:\rsit

2014-01-15 08:48:17 ----D---- C:\Program Files\trend micro

2014-01-06 08:16:27 ----D---- C:\Michael

2013-12-17 21:32:15 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 1 month======

2014-01-15 08:48:24 ----D---- C:\Windows\Prefetch

2014-01-15 08:48:22 ----D---- C:\Windows\Temp

2014-01-15 08:48:21 ----D---- C:\ProgramData\Datamngr

2014-01-15 08:48:17 ----RD---- C:\Program Files

2014-01-15 07:55:26 ----D---- C:\Windows\system32\config

2014-01-15 07:45:15 ----D---- C:\Windows\system32\catroot

2014-01-15 07:44:58 ----D---- C:\Windows\system32\catroot2

2014-01-15 07:42:34 ----SHD---- C:\System Volume Information

2014-01-15 07:40:51 ----SHD---- C:\Windows\Installer

2014-01-15 07:40:15 ----D---- C:\Users\Michael Kempen\AppData\Roaming\Dropbox

2014-01-15 07:38:57 ----D---- C:\Windows

2014-01-14 23:32:42 ----D---- C:\Windows\Panther

2014-01-14 23:32:42 ----D---- C:\Windows\Minidump

2014-01-14 23:32:42 ----D---- C:\Windows\Logs

2014-01-14 23:32:42 ----D---- C:\Windows\inf

2014-01-14 23:32:42 ----D---- C:\Windows\debug

2014-01-14 23:00:04 ----D---- C:\Windows\SysWOW64

2014-01-14 22:59:04 ----D---- C:\Windows\system32\Tasks

2014-01-14 22:51:55 ----D---- C:\Windows\Tasks

2014-01-14 22:51:55 ----D---- C:\Windows\system32\wfp

2014-01-14 22:51:54 ----D---- C:\Windows\system32\wbem

2014-01-14 22:50:59 ----D---- C:\Windows\system32\DriverStore

2014-01-14 22:50:59 ----D---- C:\Windows\System32

2014-01-14 22:50:58 ----D---- C:\Windows\AppCompat

2014-01-14 22:50:58 ----D---- C:\Users\Michael Kempen\AppData\Roaming\Stammbaumdrucker 7 Premium

2014-01-14 22:50:56 ----HD---- C:\ProgramData

2014-01-14 22:50:56 ----D---- C:\ProgramData\Wincert

2014-01-14 22:50:54 ----D---- C:\Windows\registration

2014-01-14 22:50:34 ----RD---- C:\Program Files (x86)

2014-01-07 13:29:49 ----D---- C:\Users\Michael Kempen\AppData\Roaming\Skype

2014-01-07 12:51:54 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-01-04 16:53:13 ----RSD---- C:\Windows\Fonts

2014-01-01 11:42:17 ----D---- C:\AAA-Fotos

2013-12-16 07:15:26 ----D---- C:\Windows\system32\MRT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 65336]

R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-06-28 189936]

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2010-05-20 16440]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]

R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 72016]

R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-06-28 1030952]

R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-06-28 378944]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 64288]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368]

R2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 33400]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 11278336]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 552960]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

R3 DxVGrb;DxVGrb; C:\Windows\system32\drivers\DxVGrb.sys [2012-01-10 222464]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-17 15416]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-02-03 677480]

R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2012-08-28 58536]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2011-11-11 2182768]

S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech HD Webcam C525(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

S3 USB28xxBGA;USB 2828x Device; C:\Windows\system32\DRIVERS\emBDA64.sys [2012-06-20 732928]

S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys [2012-06-20 1232128]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-12-19 240640]

R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]

R2 DatamngrCoordinator;Datamngr Coordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [2013-09-17 3418624]

R2 UMVPFSrv;UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2011-11-11 27760]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-13 116648]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10 257416]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-13 116648]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-13 1255736]

-----------------EOF-----------------

[Dasle]

Van zodra 1 van de experts online is zal deze je zeker verder helpen aangaande je vraag/probleem.

[Jion]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie).

• 
  
• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

{377e5d4d-77e5-476a-8716-7e70a9272da0};c
C:\PROGRA~2\SEARCH~1;fs
C:\Program Files (x86)\Movies Toolbar;fs
DatamngrCoordinator;s
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64
"DATAMNGR"=-;r64
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
autoclean;
iedefaults;
emptyclsid;
startupall; 
filesrcm;

• 
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[kemicky]

Zoek.exe v5.0.0.0 Updated 12-Januari-2014

Tool run by Michael Kempen on wo 15-01-2014 at 12:11:10,36.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Michael Kempen\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2013-03-26-084240.log 85023 bytes

C:\zoek-results2014-01-15-085521.log 16444 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully

HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully

HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"DATAMNGR"=-

==== Deleting Files \ Folders ======================

C:\PROGRA~2\SEARCH~1 not found

C:\Program Files (x86)\Movies Toolbar not found

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\MICHAE~1\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

====== C:\Windows\Tasks ======

2014-01-14 21:59:04 DD1D66259110B305696B01F52C3EC7FE 3924 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-01-15 07:48:17 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Michael Kempen\AppData\Roaming ======

2014-01-15 08:53:49 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp

2014-01-15 08:53:49 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp

2014-01-15 08:53:49 -------- d-----w- C:\Users\Michael Kempen\AppData\Local\Temp

2014-01-15 08:53:49 -------- d-----w- C:\Users\Default\AppData\Local\Temp

2014-01-15 08:53:49 -------- d-----w- C:\Users\Default User\AppData\Local\Temp

====== C:\Users\Michael Kempen ======

2014-01-15 07:47:39 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Michael Kempen\Downloads\RSITx64.exe

====== C: exe-files ==

2014-01-15 07:48:17 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Michael Kempen.exe

2014-01-15 07:47:39 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Michael Kempen\Downloads\RSITx64.exe

=== C: other files ==

2014-01-14 09:43:26 77520BBF6E050E229F5AAC185EFEAFB5 157365 ----a-w- C:\Users\Michael Kempen\Downloads\grundschrift-2013-09-01.zip

2014-01-14 09:32:44 0DDC21E475FD632ECD6EC33F80B02BC7 21091 ----a-w- C:\Users\Michael Kempen\Downloads\heather.zip

2014-01-13 16:16:28 88DCE197EC65E23CC75FF0451C701B3D 14060557 ----a-w- C:\Users\Michael Kempen\Downloads\Fotos_gedownload_door_AirDroid (5).zip

2014-01-13 15:45:13 650E1A111CD7B35147F11C1BB5C4FF95 9725195 ----a-w- C:\Users\Michael Kempen\Downloads\Fotos_gedownload_door_AirDroid (4).zip

2014-01-13 08:38:17 E50907951E3159C53A4A5D1AE5F617F1 95141 ----a-w- C:\Users\Michael Kempen\Downloads\cursive_standard.zip

2014-01-10 10:06:18 55E13BAC6B4BB23851DB5D7F910A9760 3991910 ----a-w- C:\AAA-Fotos\2013\13-12-23 Ma 85\85ste verjaardag van oma Rika.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Sticky Pad"="C:\Program Files (x86)\StickyPad\StickyPad.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"PDFPrint"="C:\Program Files (x86)\pdf24\pdf24.exe"

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"

"ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"20131121"="C:\Program Files\AVAST Software\Avast\setup\emupdate\ee8560b2-e902-47fa-812e-756ed5779fc1.exe /check"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Sticky Pad"="C:\Program Files (x86)\StickyPad\StickyPad.exe"

==== Startup Folders ======================

2013-07-07 17:30:36 1063 ----a-w- C:\Users\Michael Kempen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2013-08-11 08:55:30 2081 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk

2013-03-25 06:17:07 2051 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-12-2013 19:15]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13-03-2013 17:17]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13-03-2013 17:17]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{D20AD8BA-418C-4CB9-97A2-117293E3D896}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Chrome Look ======================

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{C1374C69-C05C-43BA-9D2A-C99E5BDD545F} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Michael Kempen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4303 folders=466 206054161 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Michael Kempen\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\MICHAE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on wo 15-01-2014 at 12:43:36,98 ======================

[Jion]

Je hebt Zoek 2x uitgevoerd. ;-)

Kan je het eerste logje ook eens plaatsen?

Je vindt dit hier: C:\zoek-results2014-01-15-085521.log

[kemicky]

Zoek.exe v5.0.0.0 Updated 12-Januari-2014

Tool run by Michael Kempen on wo 15-01-2014 at 9:40:23,34.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Michael Kempen\Downloads\zoek.exe [scan all users] [Quick Scan] [Auto Clean]

==== Older Logs ======================

C:\zoek-results2013-03-26-084240.log 85023 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Internet Explorer\SearchScopes\{21BBB4A2-531E-4A6C-BC3E-E4970BF9B3E7} deleted successfully

HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DatamngrCoordinator deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~2\PC Speed Up deleted

C:\PROGRA~2\EZDownloader deleted

C:\PROGRA~2\Optimizer Pro deleted

C:\PROGRA~2\Yontoo deleted

C:\PROGRA~2\Search Results Toolbar deleted

C:\Users\Michael Kempen\AppData\Roaming\simplitec deleted

C:\Users\Michael Kempen\AppData\Roaming\BabSolution deleted

C:\Users\Michael Kempen\AppData\Roaming\Babylon deleted

C:\Users\Michael Kempen\AppData\Roaming\Yontoo deleted

C:\Users\Michael Kempen\AppData\Roaming\Optimizer Pro deleted

C:\ProgramData\Ask deleted

C:\ProgramData\Datamngr deleted

C:\ProgramData\simplitec deleted

C:\ProgramData\StarApp deleted

C:\ProgramData\Wincert deleted

C:\ProgramData\InstallMate deleted

C:\ProgramData\Tarma Installer deleted

C:\ProgramData\Babylon deleted

C:\ProgramData\SummerSoft deleted

C:\Users\Michael Kempen\AppData\Local\iLivid deleted

C:\Users\Michael Kempen\AppData\Local\Smartbar deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec deleted

C:\Users\Michael Kempen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk deleted

C:\Users\Michael Kempen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect deleted

C:\Users\Michael Kempen\AppData\LocalLow\ilividtoolbargaw deleted

C:\Users\Michael Kempen\AppData\LocalLow\DataMngr deleted

C:\windows\SysNative\Tasks\BrowserProtect deleted

C:\Windows\SysWow64\searchplugins deleted

C:\Windows\SysWow64\Extensions deleted

C:\Users\Michael Kempen\Documents\PCSpeedUp deleted

"C:\PROGRA~2\Movies Toolbar\Datamngr\apcrtldr.dll" deleted

"C:\PROGRA~2\Movies Toolbar\Datamngr\DatamngrUI.exe" deleted

"C:\PROGRA~2\Movies Toolbar\Datamngr\mgrldr.dll" deleted

"C:\PROGRA~2\Movies Toolbar\Datamngr\x64\apcrtldr.dll" deleted

"C:\PROGRA~2\simplitec\simplicheck\simplicheck.exe" deleted

"C:\PROGRA~2\Movies Toolbar" not deleted

"C:\PROGRA~2\simplitec" deleted

"C:\PROGRA~2\Movies Toolbar\Datamngr" not deleted

"C:\PROGRA~2\Movies Toolbar\Datamngr\x64" not deleted

"C:\PROGRA~2\simplitec\simplicheck" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\MICHAE~1\AppData\Local\Temp ====

2014-01-14 22:00:00 3F512AF8DB108FCA028BA731CE0B4700 224408 ----a-w- C:\Users\Michael Kempen\AppData\Local\Temp\{AC76BA86-7AD7-1043-7B44-AB0000000001}\FixTransforms.exe

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

====== C:\Windows\Tasks ======

2014-01-14 21:59:04 DD1D66259110B305696B01F52C3EC7FE 3924 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-01-15 07:48:17 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Michael Kempen\AppData\Roaming ======

====== C:\Users\Michael Kempen ======

2014-01-15 07:47:39 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Michael Kempen\Downloads\RSITx64.exe

====== C: exe-files ==

2014-01-15 07:48:17 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Michael Kempen.exe

2014-01-15 07:47:39 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Michael Kempen\Downloads\RSITx64.exe

2014-01-14 22:00:00 3F512AF8DB108FCA028BA731CE0B4700 224408 ----a-w- C:\Users\Michael Kempen\AppData\Local\Temp\{AC76BA86-7AD7-1043-7B44-AB0000000001}\FixTransforms.exe

2014-01-14 06:57:37 07DA1B3241B7B174083C3A69C76FECBD 8105040 ----a-w- C:\Windows\Temp\226d32c2\SetupDataMngr_iLivid.exe

=== C: other files ==

2014-01-14 09:43:26 77520BBF6E050E229F5AAC185EFEAFB5 157365 ----a-w- C:\Users\Michael Kempen\Downloads\grundschrift-2013-09-01.zip

2014-01-14 09:32:44 0DDC21E475FD632ECD6EC33F80B02BC7 21091 ----a-w- C:\Users\Michael Kempen\Downloads\heather.zip

2014-01-13 16:16:28 88DCE197EC65E23CC75FF0451C701B3D 14060557 ----a-w- C:\Users\Michael Kempen\Downloads\Fotos_gedownload_door_AirDroid (5).zip

2014-01-13 15:45:13 650E1A111CD7B35147F11C1BB5C4FF95 9725195 ----a-w- C:\Users\Michael Kempen\Downloads\Fotos_gedownload_door_AirDroid (4).zip

2014-01-13 08:38:17 E50907951E3159C53A4A5D1AE5F617F1 95141 ----a-w- C:\Users\Michael Kempen\Downloads\cursive_standard.zip

2014-01-10 10:06:18 55E13BAC6B4BB23851DB5D7F910A9760 3991910 ----a-w- C:\AAA-Fotos\2013\13-12-23 Ma 85\85ste verjaardag van oma Rika.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Sticky Pad"="C:\Program Files (x86)\StickyPad\StickyPad.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"PDFPrint"="C:\Program Files (x86)\pdf24\pdf24.exe"

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"

"DATAMNGR"="C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE"

"ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"20131121"="C:\Program Files\AVAST Software\Avast\setup\emupdate\ee8560b2-e902-47fa-812e-756ed5779fc1.exe /check"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Sticky Pad"="C:\Program Files (x86)\StickyPad\StickyPad.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\\progra~2\\movies~1\\datamngr\\mgrldr.dll c:\\progra~3\\wincert\\win32c~1.dll"

==== Startup Folders ======================

2013-07-07 17:30:36 1063 ----a-w- C:\Users\Michael Kempen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2013-08-11 08:55:30 2081 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk

2013-03-25 06:17:07 2051 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-12-2013 19:15]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13-03-2013 17:17]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13-03-2013 17:17]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{D20AD8BA-418C-4CB9-97A2-117293E3D896}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{0F827075-B026-42F3-885D-98981EE7B1AE}"="C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" []

==== Chrome Look ======================

Google Docs - Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

PricePeep - Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb

Google Wallet - Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb deleted successfully

C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-550&v=a9301-109&t=4"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{C1374C69-C05C-43BA-9D2A-C99E5BDD545F} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully

HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully

HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\mozilla\Firefox\Extensions\{0F827075-B026-42F3-885D-98981EE7B1AE} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{292BBB37-8CE1-AAAB-A2FD-7C9BC8EF280D} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6DA94119-74DB-7341-8021-B97FD2AC76DF} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbargaw deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Michael Kempen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4303 folders=466 206054161 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Michael Kempen\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\MICHAE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Movies Toolbar" not found

==== EOF on wo 15-01-2014 at 9:55:21,98 ======================

- - - Updated - - -

Dat klopt, want ik had niet in de gaten dat er nog internet open was.

[Jion]

1.

Download AdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

• 
  
• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op de knop Scan.
  
• Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  
• Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  
• Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  
• Plaats dit logbestand in het volgende bericht.
  

2.

Download MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• 
  
• Update MalwareBytes' Anti-Malware
  
• Start MalwareBytes' Anti-Malware
  
• Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.
  

Klik daarna op "Voltooien".

Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

• 
  
• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  
• Ga dan naar "Scanner Instellingen". Onderaan bij "PUP" kies je voor "Weergeven in scan resultaten - selecteren voor verwijdering".
  
• Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  
• Druk vervolgens op "Scannen" om de scan te starten.
  
• Het scannen kan een tijdje duren, dus wees geduldig.
  
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  
• Herstart de computer indien nodig en post hierna de log in het volgende bericht.
  

[kemicky]

# AdwCleaner v3.017 - Report created 15/01/2014 at 16:21:11

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Michael Kempen - MICHAELKEMPEN

# Running from : C:\Users\Michael Kempen\Downloads\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Key Deleted : HKLM\SOFTWARE\Classes\d

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]

Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]

Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]

Key Deleted : HKCU\Software\855dfd1e634be48

Key Deleted : HKLM\SOFTWARE\855dfd1e634be48

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : HKCU\Software\APN DTX

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\DataMngr

[#] Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Delta

Key Deleted : HKLM\Software\iLividSRTB

Key Deleted : HKLM\Software\ImInstaller

Key Deleted : HKLM\Software\simplitec

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9154 octets] - [15/01/2014 16:19:50]

AdwCleaner[s0].txt - [8584 octets] - [15/01/2014 16:21:11]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8644 octets] ##########

- - - Updated - - -

Jij schreef dat ik de resultaten zou moeten bekijken en vervolgens de geselecteerde moet verwijderen maar ik vind ze niet. Ik kreeg alleen het logbestand (zie onderaan).

• 
  
  • 
    

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Databaseversie: v2014.01.15.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Michael Kempen :: MICHAELKEMPEN [administrator]

15-1-2014 16:37:58

mbam-log-2014-01-15 (16-37-58).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 204586

Verstreken tijd: 1 minuut/minuten, 38 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)