Vermoedelijk vervuilde pc-mozilla start niet meer

Marion Koppert

22-05-2013 22:21

Beste mensen,
Vermoedelijk heb ik toch de nodige malware of zo op mijn pc gekregen. Mozilla start niet meer op, ook de draadloze functie valt regelmatig weg. Of dit hier ook mee te maken heeft weet ik niet maar hier volgen mijn logjes:
# AdwCleaner v2.301 - Verslag gemaakt op 22/05/2013 om 18:38:35
# Geactualiseerd op 16/05/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : koppert - DESKTOP
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\koppert\Desktop\adwcleaner.exe
# Optie
***** *****
Gestopt & Verwijdert : IB Updater
Gestopt & Verwijdert : IBUpdaterService
Gestopt & Verwijdert : WajamUpdater
***** *****
File Verwijdert : C:\END
File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Verwijdert : C:\user.js
File Verwijdert : C:\Users\koppert\AppData\Roaming\Mozilla\Firefox\Profiles\0638k6t5.default\searchplugins\MyStart Search.xml
Map Verwijdert : C:\Program Files (x86)\AVG Secure Search
Map Verwijdert : C:\Program Files (x86)\Wajam
Map Verwijdert : C:\Program Files\IB Updater
Map Verwijdert : C:\ProgramData\AVG Secure Search
Map Verwijdert : C:\ProgramData\Partner
Map Verwijdert : C:\Users\koppert\AppData\Local\AVG Secure Search
Map Verwijdert : C:\Users\koppert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Map Verwijdert : C:\Users\koppert\AppData\Local\Temp\avg@toolbar
Map Verwijdert : C:\Users\koppert\AppData\Local\Temp\Wajam
Map Verwijdert : C:\Users\koppert\AppData\Local\Wajam
Map Verwijdert : C:\Users\koppert\AppData\LocalLow\AVG Secure Search
Map Verwijdert : C:\Users\koppert\AppData\Roaming\dvdvideosoftiehelpers
Map Verwijdert : C:\Users\koppert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Map Verwijdert : C:\Windows\SysWOW64\WNLT
Verwijdert bij het opstarten : C:\Program Files (x86)\Common Files\AVG Secure Search
***** *****
Sleutel Verwijdert : HKCU\Software\AVG Secure Search
Sleutel Verwijdert : HKCU\Software\Conduit
Sleutel Verwijdert : HKCU\Software\IGearSettings
Sleutel Verwijdert : HKCU\Software\IM
Sleutel Verwijdert : HKCU\Software\ImInstaller
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Sleutel Verwijdert : HKCU\Software\Softonic
Sleutel Verwijdert : HKCU\Software\Wajam
Sleutel Verwijdert : HKCU\Software\WNLT
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Sleutel Verwijdert : HKLM\Software\AVG Secure Search
Sleutel Verwijdert : HKLM\Software\AVG Security Toolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\S
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Sleutel Verwijdert : HKLM\Software\Conduit
Sleutel Verwijdert : HKLM\Software\IB Updater
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Sleutel Verwijdert : HKLM\Software\Wajam
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Sleutel Verwijdert : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Waarde Verwijdert : HKCU\Software\Mozilla\Firefox\Extensions
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\extensions
Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\extensions
Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\Extensions
Waarde Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar
***** *****
-\\ Internet Explorer v10.0.9200.16576
Het register bevat geen enkele ongeoorloofde invoer.
-\\ Mozilla Firefox v20.0.1 (nl)
File : C:\Users\koppert\AppData\Roaming\Mozilla\Firefox\Profiles\0638k6t5.default\prefs.js
C:\Users\koppert\AppData\Roaming\Mozilla\Firefox\Profiles\0638k6t5.default\user.js … Verwijdert !
Verwijdert : user_pref(“avg.install.installDirPath”, “C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1”);
Verwijdert : user_pref(“extensions.incredibar.actvtyRptTime”, “1351351902286”);
Verwijdert : user_pref(“extensions.incredibar.admin”, false);
Verwijdert : user_pref(“extensions.incredibar.aflt”, “orgnl”);
Verwijdert : user_pref(“extensions.incredibar.afterInstallRpt”, “sent”);
Verwijdert : user_pref(“extensions.incredibar.cntry”, “NL”);
Verwijdert : user_pref(“extensions.incredibar.dfltLng”, “EN”);
Verwijdert : user_pref(“extensions.incredibar.dfltSrch”, false);
Verwijdert : user_pref(“extensions.incredibar.dfltlng”, “en”);
Verwijdert : user_pref(“extensions.incredibar.dfltsrch”, “false”);
Verwijdert : user_pref(“extensions.incredibar.did”, “10643”);
Verwijdert : user_pref(“extensions.incredibar.envrmnt”, “production”);
Verwijdert : user_pref(“extensions.incredibar.excTlbr”, false);
Verwijdert : user_pref(“extensions.incredibar.hdrMd5”, “5FB9FFF6B5582299943AC649D4CBB9F0”);
Verwijdert : user_pref(“extensions.incredibar.hmpg”, false);
Verwijdert : user_pref(“extensions.incredibar.hrdid”, “204c3cc00000000000008c89a5805f02”);
Verwijdert : user_pref(“extensions.incredibar.id”, “204c3cc00000000000008c89a5805f02”);
Verwijdert : user_pref(“extensions.incredibar.installerproductid”, “26”);
Verwijdert : user_pref(“extensions.incredibar.instlDay”, “15627”);
Verwijdert : user_pref(“extensions.incredibar.instlRef”, “”);
Verwijdert : user_pref(“extensions.incredibar.instlday”, “15627”);
Verwijdert : user_pref(“extensions.incredibar.instlref”, “”);
Verwijdert : user_pref(“extensions.incredibar.isDcmntCmplt”, true);
Verwijdert : user_pref(“extensions.incredibar.isdcmntcmplt”, true);
Verwijdert : user_pref(“extensions.incredibar.keywordurl”, “”);
Verwijdert : user_pref(“extensions.incredibar.lastVrsnTs”, “1.5.11.1417:57:07”);
Verwijdert : user_pref(“extensions.incredibar.mntrvrsn”, “1.2.0”);
Verwijdert : user_pref(“extensions.incredibar.newTab”, false);
Verwijdert : user_pref(“extensions.incredibar.newtab”, “false”);
Verwijdert : user_pref(“extensions.incredibar.newtaburl”, “”);
Verwijdert : user_pref(“extensions.incredibar.noFFXTlbr”, false);
Verwijdert : user_pref(“extensions.incredibar.ppd”, “1”);
Verwijdert : user_pref(“extensions.incredibar.prdct”, “incredibar”);
Verwijdert : user_pref(“extensions.incredibar.productid”, “26”);
Verwijdert : user_pref(“extensions.incredibar.prtnrId”, “Incredibar”);
Verwijdert : user_pref(“extensions.incredibar.prtnrid”, “Incredibar”);
Verwijdert : user_pref(“extensions.incredibar.sg”, “none”);
Verwijdert : user_pref(“extensions.incredibar.smplGrp”, “none”);
Verwijdert : user_pref(“extensions.incredibar.smplgrp”, “none”);
Verwijdert : user_pref(“extensions.incredibar.srch”, “”);
Verwijdert : user_pref(“extensions.incredibar.srchprvdr”, “”);
Verwijdert : user_pref(“extensions.incredibar.tlbrId”, “base”);
Verwijdert : user_pref(“extensions.incredibar.tlbrid”, “base”);
Verwijdert : user_pref(“extensions.incredibar.upn2”, “6PQMCvSaBI”);
Verwijdert : user_pref(“extensions.incredibar.upn2n”, “92543750317266378”);
Verwijdert : user_pref(“extensions.incredibar.vrsn”, “1.5.11.14”);
Verwijdert : user_pref(“extensions.incredibar.vrsnTs”, “1.5.11.1417:57:07”);
Verwijdert : user_pref(“extensions.incredibar.vrsni”, “1.5.11.14”);
Verwijdert : user_pref(“extensions.incredibar.vrsnts”, “1.5.11.1417:57:07”);
Verwijdert : user_pref(“extensions.incredibar_i.aflt”, “orgnl”);
Verwijdert : user_pref(“extensions.incredibar_i.dfltLng”, “”);
Verwijdert : user_pref(“extensions.incredibar_i.did”, “10643”);
Verwijdert : user_pref(“extensions.incredibar_i.excTlbr”, false);
Verwijdert : user_pref(“extensions.incredibar_i.id”, “204c3cc00000000000008c89a5805f02”);
Verwijdert : user_pref(“extensions.incredibar_i.installerproductid”, “26”);
Verwijdert : user_pref(“extensions.incredibar_i.instlDay”, “15627”);
Verwijdert : user_pref(“extensions.incredibar_i.instlRef”, “”);
Verwijdert : user_pref(“extensions.incredibar_i.ms_url_id”, “”);
Verwijdert : user_pref(“extensions.incredibar_i.newTab”, false);
Verwijdert : user_pref(“extensions.incredibar_i.ppd”, “1”);
Verwijdert : user_pref(“extensions.incredibar_i.prdct”, “incredibar”);
Verwijdert : user_pref(“extensions.incredibar_i.productid”, “26”);
Verwijdert : user_pref(“extensions.incredibar_i.prtnrId”, “Incredibar”);
Verwijdert : user_pref(“extensions.incredibar_i.smplGrp”, “none”);
Verwijdert : user_pref(“extensions.incredibar_i.tlbrId”, “base”);
Verwijdert : user_pref(“extensions.incredibar_i.tlbrSrchUrl”, "hxxp://mystart.Incredibar.com/?a=6PQMCvSaBI&loc=IB
Verwijdert : user_pref(“extensions.incredibar_i.upn2”, “6PQMCvSaBI”);
Verwijdert : user_pref(“extensions.incredibar_i.upn2n”, “92543750317266378”);
Verwijdert : user_pref(“extensions.incredibar_i.vrsn”, “1.5.11.14”);
Verwijdert : user_pref(“extensions.incredibar_i.vrsnTs”, “1.5.11.1417:57:07”);
Verwijdert : user_pref(“extensions.incredibar_i.vrsni”, “1.5.11.14”);
Verwijdert : user_pref(“{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList”, "form=CONTLB|babsrc=too
Verwijdert : user_pref(“{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer”, "hxxp://isearch.avg.com/
Verwijdert : user_pref(“{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer”, "hxxp://isearch.avg.
Verwijdert : user_pref(“{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList”, “{\”search.babylon.com\
Verwijdert : user_pref(“{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList”, "form=CONTLB|babsrc=too
Verwijdert : user_pref(“{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer”, "hxxp://isearch.avg.com/
Verwijdert : user_pref(“{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer”, "hxxp://isearch.avg.
Verwijdert : user_pref(“{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList”, “{\”search.babylon.com\
-\\ Google Chrome v27.0.1453.93
File : C:\Users\koppert\AppData\Local\Google\Chrome\User Data\Default\Preferences
De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.05.22.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
koppert :: DESKTOP
22-5-2013 20:19:27
mbam-log-2013-05-22 (20-19-27).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 250883
Verstreken tijd: 5 minuut/minuten, 20 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Mijn logje van Hijackthis komt nog in volgende bericht. Deze log kon ik niet hierbij posten omdat ik de melding kreeg dat mijn berichttekst te lang was.
Groetjes,
Groby
Marion Koppert

22-05-2013 22:22

Hierbij dan mijn log van hijackthis:
Logfile of random's system information tool 1.09 (written by random/random)
Run by koppert at 2013-05-22 22:07:24
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1465 GB (79%) free of 1855 GB
Total RAM: 4078 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:07:33, on 22-5-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\koppert.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”
O4 - HKLM\..\RunOnce: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –no-startup-window
O4 - HKCU\..\Run: “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU\..\Run: C:\PROGRA~2\Raptr\raptrstub.exe –startup
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-21-2579152848-2309383289-322844936-1001\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-2579152848-2309383289-322844936-1001\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing)
O9 - Extra ‘Tools’ menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra ‘Tools’ menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra ‘Tools’ menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing) (HKCU)
O9 - Extra ‘Tools’ menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing) (HKCU)
O9 - Extra button: Casino La Vida - {11E47561-BAE2-4F72-8213-8818E62BB124} - C:\Microgaming\Casino\casinolavida\casinogame.exe (file missing) (HKCU)
O9 - Extra button: Jackpot City - {2E9CD141-9025-4018-802A-8F3DEF6B07FC} - C:\Microgaming\Casino\jackpotcity\casinogame.exe (file missing) (HKCU)
O9 - Extra button: UK Casino Club - {309B0300-0C8A-4A4C-8610-E6DCC6150B6F} - C:\Microgaming\Casino\UKCasinoClub\casinogame.exe (file missing) (HKCU)
O9 - Extra button: King Neptunes - {41B00985-B707-4422-882E-9418812B0736} - C:\Microgaming\Casino\KingNeptunes\casinogame.exe (file missing) (HKCU)
O9 - Extra button: Lucky Nugget Casino - {525A59B5-5432-492C-9063-D168EFDBC4BE} - C:\Microgaming\Casino\LuckyNugget\casinogame.exe (file missing) (HKCU)
O9 - Extra button: Captain Cooks Casino - {7FC4233C-B0D1-41F4-998E-9F1470EA21D9} - C:\Microgaming\Casino\CaptainCooks\casinogame.exe (file missing) (HKCU)
O9 - Extra button: Gaming Club - {C59EF4A1-3B78-4F58-8BDA-1C530689F32F} - C:\Microgaming\Casino\GamingClub\casinogame.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files (x86)\Common Files\Iconix\IconixService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 15716 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
“C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“taskhost.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”
“C:\Program Files\Bonjour\mDNSResponder.exe”
“C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe”
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“C:\Program Files (x86)\Common Files\Iconix\IconixService.exe”
“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” -s
“C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice
“C:\Program Files\Windows Sidebar\sidebar.exe” /autoRun
“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
“c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe”
“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
“C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe” /AUTORUN
“C:\Program Files (x86)\PowerISO\PWRISOVM.EXE”
“C:\Program Files (x86)\CyberLink\Shared files\brs.exe”
“C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe”
“C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe”
“C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe” /autorun
“C:\Program Files (x86)\iTunes\iTunesHelper.exe”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”
“C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1
“C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe”
“C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe”
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe”
WLIDSvcM.exe 3808
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe”
“C:\Program Files\iPod\bin\iPodService.exe”
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
“C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fe931074-1942-4b6c-9800-3633b72a126f -SystemEventPortName:HostProcess-fbb4c3f0-4c7a-4fa1-b23c-6f5c7c4b79cb -IoCancelEventPortName:HostProcess-b583caad-98b3-4442-b256-fc49e99441de -NonStateChangingEventPortName:HostProcess-3fad7679-b57d-481b-8723-303401866357 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:96fc5e5a-2343-4a2e-bb17-e91f5e09e35b -DeviceGroupId:WpdFsGroup
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
“C:\PROGRA~2\Raptr\raptr.exe” –log_to_file –from_stub –startup
raptr_im.exe
“C:\Program Files\Internet Explorer\iexplore.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:5616 CREDAT:267521 /prefetch:2
“C:\Program Files (x86)\Raptr\raptr_ep64.exe”
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
“C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe”
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe -Embedding
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:5616 CREDAT:3872108 /prefetch:2
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:5616 CREDAT:1578270 /prefetch:2
“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe”
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe”
“C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe”
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe”
taskeng.exe {66D67A49-F8D3-4A30-B276-57762FC4501E}
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe” /autoupdate /silent /autoclose
taskhost.exe $(Arg0)
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”
“C:\Windows\system32\SearchFilterHost.exe” 0 516 520 528 65536 524
“C:\Users\koppert\Desktop\RSITx64.exe”
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\koppert\AppData\Roaming\Mozilla\Firefox\Profiles\0638k6t5.default
prefs.js - “browser.search.useDBForOrder” - true
prefs.js - “browser.startup.homepage” - “www.google.nl”
“{336D0C35-8A85-403a-B9D2-65C292C39087}”=C:\Program Files\IB Updater\Firefox
“{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}”=C:\Program Files\IB Updater\Firefox
“Description”=Adobe® Flash® Player 11.7.700.202 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
“Description”=Adobe Shockwave Player
“Path”=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
“Description”=
“Path”=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Windows\SysWOW64\npDeployJava1.dll
“Description”=
“Path”=C:\Windows\system32\Wat\npWatWeb.dll
“Description”=Ag Player Plugin
“Path”=c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
“Description”=VLC Multimedia Plugin
“Path”=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
“Description”=Adobe® Flash® Player 11.7.700.202 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll
“Description”=
“Path”=C:\Windows\system32\Wat\npWatWeb.dll
“Description”=Ag Player Plugin
“Path”=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
bing.xml
bolcom-nl.xml
google.xml
marktplaats-nl.xml
wikipedia-nl.xml
======Registry dump======
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
IconixBHOClass Class - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
“RTHDVCPL”=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
“egui”=C:\Program Files\ESET\ESET Smart Security\egui.exe
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe
“GoogleChromeAutoLaunch_ACE26633DC755D76AF39CE01DFEF37D8”=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
“TomTomHOME.exe”=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
“swg”=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
“Skype”=C:\Program Files (x86)\Skype\Phone\Skype.exe
“Raptr”=C:\PROGRA~2\Raptr\raptrstub.exe
“IAStorIcon”=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
“CLMLServer”=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
“BrMfcWnd”=C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
“ControlCenter3”=C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
“PWRISOVM.EXE”=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
“BDRegion”=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
“RemoteControl”=C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
“LanguageShortcut”=C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe
“APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
“iTunesHelper”=C:\Program Files (x86)\iTunes\iTunesHelper.exe
“SDTray”=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
“Malwarebytes Anti-Malware”=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service”
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=lvcod64.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\SysWOW64\l3codeca.acm
“vidc.cvid”=iccvid.dll
“msacm.siren”=sirenacm.dll
“aux”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave3”=wdmaud.drv
“midi3”=wdmaud.drv
“mixer3”=wdmaud.drv
“wave4”=wdmaud.drv
“midi4”=wdmaud.drv
“mixer4”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“MSVideo”=vfwwdm32.dll
“MSVideo8”=VfWWDM32.dll
“wave5”=wdmaud.drv
“midi5”=wdmaud.drv
“mixer5”=wdmaud.drv
“aux2”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2013-05-22 22:07:25 —-D—- C:\Program Files\trend micro
2013-05-22 22:07:24 —-D—- C:\rsit
2013-05-22 20:27:18 —-D—- C:\Program Files (x86)\ESET
2013-05-22 20:17:04 —-D—- C:\Users\koppert\AppData\Roaming\Malwarebytes
2013-05-22 20:16:14 —-D—- C:\ProgramData\Malwarebytes
2013-05-22 20:16:13 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-22 20:16:13 —-A—- C:\Windows\system32\drivers\mbam.sys
2013-05-22 18:38:43 —-A—- C:\Windows\DeleteOnReboot.bat
2013-05-22 18:38:35 —-A—- C:\AdwCleaner.txt
2013-05-22 11:46:56 —-D—- C:\ProgramData\Spybot - Search & Destroy
2013-05-22 11:46:51 —-A—- C:\Windows\system32\sdnclean64.exe
2013-05-22 11:46:47 —-D—- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-15 20:31:42 —-A—- C:\Windows\SYSWOW64\ieui.dll
2013-05-15 20:31:41 —-A—- C:\Windows\system32\ieui.dll
2013-05-15 20:31:41 —-A—- C:\Windows\system32\ie4uinit.exe
2013-05-15 20:31:40 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2013-05-15 20:31:36 —-A—- C:\Windows\system32\iesetup.dll
2013-05-15 20:31:34 —-A—- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-05-15 20:31:34 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2013-05-15 20:31:34 —-A—- C:\Windows\SYSWOW64\iesysprep.dll
2013-05-15 20:31:34 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2013-05-15 20:31:34 —-A—- C:\Windows\system32\RegisterIEPKEYs.exe
2013-05-15 20:31:34 —-A—- C:\Windows\system32\msfeeds.dll
2013-05-15 20:31:34 —-A—- C:\Windows\system32\iesysprep.dll
2013-05-15 20:31:34 —-A—- C:\Windows\system32\iernonce.dll
2013-05-15 20:31:33 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2013-05-15 20:31:33 —-A—- C:\Windows\system32\iertutil.dll
2013-05-15 20:31:32 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2013-05-15 20:31:32 —-A—- C:\Windows\system32\urlmon.dll
2013-05-15 20:31:32 —-A—- C:\Windows\system32\jscript.dll
2013-05-15 20:31:31 —-A—- C:\Windows\SYSWOW64\jscript.dll
2013-05-15 20:31:31 —-A—- C:\Windows\system32\jscript9.dll
2013-05-15 20:31:30 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2013-05-15 20:31:29 —-A—- C:\Windows\SYSWOW64\wininet.dll
2013-05-15 20:31:29 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2013-05-15 20:31:29 —-A—- C:\Windows\system32\jsproxy.dll
2013-05-15 20:31:28 —-A—- C:\Windows\system32\wininet.dll
2013-05-15 20:31:26 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2013-05-15 20:31:23 —-A—- C:\Windows\system32\mshtml.dll
2013-05-15 20:31:21 —-A—- C:\Windows\system32\ieframe.dll
2013-05-15 20:31:19 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2013-05-15 09:39:38 —-A—- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-15 09:39:38 —-A—- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-15 09:39:38 —-A—- C:\Windows\system32\cdd.dll
2013-05-15 09:39:28 —-A—- C:\Windows\system32\shell32.dll
2013-05-15 09:39:27 —-A—- C:\Windows\system32\authui.dll
2013-05-15 09:39:26 —-A—- C:\Windows\system32\shdocvw.dll
2013-05-15 09:39:25 —-A—- C:\Windows\SYSWOW64\shell32.dll
2013-05-15 09:39:25 —-A—- C:\Windows\SYSWOW64\shdocvw.dll
2013-05-15 09:39:25 —-A—- C:\Windows\SYSWOW64\authui.dll
2013-05-15 09:39:25 —-A—- C:\Windows\system32\consent.exe
2013-05-15 09:39:25 —-A—- C:\Windows\system32\appinfo.dll
2013-05-15 09:39:20 —-A—- C:\Windows\system32\wwansvc.dll
2013-05-15 09:39:20 —-A—- C:\Windows\system32\wwanprotdim.dll
2013-05-15 09:39:20 —-A—- C:\Windows\system32\win32k.sys
2013-05-14 22:18:14 —-A—- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2013-04-26 21:24:45 —-D—- C:\Users\koppert\AppData\Roaming\Raptr
2013-04-26 21:24:45 —-D—- C:\Program Files (x86)\Raptr
2013-04-24 23:46:18 —-A—- C:\Windows\system32\drivers\ntfs.sys
======List of files/folders modified in the last 1 month======
2013-05-22 22:07:33 —-D—- C:\Windows\Prefetch
2013-05-22 22:07:25 —-RD—- C:\Program Files
2013-05-22 21:28:18 —-D—- C:\Windows\Temp
2013-05-22 20:39:12 —-D—- C:\Windows\system32\config
2013-05-22 20:32:14 —-D—- C:\Windows
2013-05-22 20:27:19 —-D—- C:\Windows\Downloaded Program Files
2013-05-22 20:27:18 —-RD—- C:\Program Files (x86)
2013-05-22 20:16:14 —-HD—- C:\ProgramData
2013-05-22 20:16:13 —-D—- C:\Windows\system32\drivers
2013-05-22 20:15:36 —-A—- C:\Windows\SYSWOW64\log.txt
2013-05-22 18:38:43 —-D—- C:\Windows\SysWOW64
2013-05-22 14:52:51 —-D—- C:\Users\koppert\AppData\Roaming\vlc
2013-05-22 13:24:43 —-A—- C:\Windows\ntbtlog.txt
2013-05-22 11:46:56 —-D—- C:\Windows\system32\Tasks
2013-05-22 11:46:55 —-SD—- C:\ProgramData\Microsoft
2013-05-22 11:46:51 —-D—- C:\Windows\System32
2013-05-22 11:23:45 —-D—- C:\Users\koppert\AppData\Roaming\uTorrent
2013-05-21 15:12:20 —-D—- C:\Torrent downloads
2013-05-20 22:30:06 —-D—- C:\Program Files (x86)\Steam
2013-05-20 19:13:36 —-D—- C:\Windows\system32\NDF
2013-05-17 13:55:44 —-D—- C:\Program Files (x86)\Mozilla Firefox
2013-05-16 16:00:28 —-D—- C:\Windows\inf
2013-05-16 16:00:28 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-05-16 04:18:56 —-D—- C:\Windows\rescache
2013-05-16 03:26:16 —-D—- C:\Windows\Microsoft.NET
2013-05-16 03:26:03 —-RSD—- C:\Windows\assembly
2013-05-16 03:17:29 —-D—- C:\Windows\winsxs
2013-05-16 03:15:17 —-D—- C:\Windows\SYSWOW64\nl-NL
2013-05-16 03:15:17 —-D—- C:\Windows\system32\nl-NL
2013-05-16 03:15:17 —-D—- C:\Windows\AppPatch
2013-05-16 03:15:16 —-D—- C:\Program Files\Internet Explorer
2013-05-16 03:15:16 —-D—- C:\Program Files (x86)\Internet Explorer
2013-05-16 03:13:13 —-D—- C:\Users\koppert\AppData\Roaming\Skype
2013-05-15 20:39:26 —-SHD—- C:\Windows\Installer
2013-05-15 20:39:26 —-D—- C:\ProgramData\Microsoft Help
2013-05-15 20:35:59 —-A—- C:\Windows\system32\MRT.exe
2013-05-15 20:31:56 —-D—- C:\Windows\system32\catroot
2013-05-15 20:31:55 —-D—- C:\Windows\system32\catroot2
2013-05-15 20:30:59 —-SHD—- C:\System Volume Information
2013-05-14 22:18:20 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-05-08 03:59:11 —-D—- C:\Windows\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\drivers\asmthub3.sys
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\drivers\asmtxhci.sys
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0); C:\Windows\system32\DRIVERS\CamDrL64.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys
R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
S3 wsvd;wsvd; C:\Windows\system32\DRIVERS\wsvd.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
R2 IconixService;Iconix Update Service; C:\Program Files (x86)\Common Files\Iconix\IconixService.exe
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
—————–EOF—————–
Alvast bedankt voor de moeite. Mocht het niet lukken dan wordt het een schone installatie. Maar ja, als het niet nodig is, liever niet natuurlijk.
Groetjes,
Groby
fazantje

23-05-2013 12:05

Hoi Marion,
Sorry voor de late reactie:o
Download Combofix hier en plaats het op jou bureaublad.
Schakel nu eerst jou virusscanner uit.
Deze gaat weer aan nadat computer opnieuw is opgestart.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt
van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
De scan kan, afhankelijk van de besmetting 40 tot wel 100 minuten duren, dus denk niet van hij zit vast.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats in jou volgende bericht het logje van Combofix.
Succes,
Huib;)
Marion Koppert

23-05-2013 13:38

Hoi Huib,
Moet het logje vanaf mijn laptop versturen, want na de herstart doet IE ook niks meer. Ik krijg wel de browser geopend, maar ik kan geen pagina openen, hij is “dood” zeg maar.
En je hoeft je niet te verontschuldigen voor een late reactie, ik ben allang blij dat er een keer iemand reageert. Haast hebben we niet.
Hierbij dus mijn logje van combofix:
ComboFix 13-05-23.01 - koppert 23-05-2013 13:13:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4078.2684
Gestart vanuit: c:\users\koppert\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Persoonlijke firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\koppert\AppData\Roaming\inst.exe
c:\users\koppert\AppData\Roaming\vso_ts_preview.xml
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-04-23 to 2013-05-23 ))))))))))))))))))))))))))))))
.
.
2013-05-23 11:18 . 2013-05-23 11:18 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-23 11:18 . 2013-05-23 11:18 ——– d—–w- c:\users\Default\AppData\Local\temp
2013-05-22 20:07 . 2013-05-22 20:20 ——– d—–w- c:\program files\trend micro
2013-05-22 20:07 . 2013-05-22 20:07 ——– d—–w- C:\rsit
2013-05-22 18:17 . 2013-05-22 18:17 ——– d—–w- c:\users\koppert\AppData\Roaming\Malwarebytes
2013-05-22 18:16 . 2013-05-22 18:16 ——– d—–w- c:\programdata\Malwarebytes
2013-05-22 18:16 . 2013-05-22 18:16 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-22 18:16 . 2013-04-04 12:50 25928 —-a-w- c:\windows\system32\drivers\mbam.sys
2013-05-22 16:38 . 2013-05-22 16:38 121 —-a-w- c:\windows\DeleteOnReboot.bat
2013-05-22 09:46 . 2013-05-22 10:19 ——– d—–w- c:\programdata\Spybot - Search & Destroy
2013-05-22 09:46 . 2013-05-23 10:55 ——– d—–w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-05-22 09:46 . 2013-05-22 09:46 ——– d—–w- c:\users\koppert\AppData\Local\Programs
2013-05-15 07:39 . 2013-04-10 06:01 265064 —-a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-14 20:18 . 2013-05-14 20:18 17613192 —-a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-04-26 19:24 . 2013-05-23 10:56 ——– d—–w- c:\users\koppert\AppData\Roaming\Raptr
2013-04-26 19:24 . 2013-05-22 22:17 ——– d—–w- c:\program files (x86)\Raptr
2013-04-24 21:46 . 2013-04-12 14:45 1656680 —-a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-20 17:05 . 2012-08-29 14:01 45856 —-a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-05-15 18:35 . 2011-07-18 20:31 75016696 —-a-w- c:\windows\system32\MRT.exe
2013-05-14 20:18 . 2012-07-28 10:13 692104 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 20:18 . 2011-08-10 19:09 71048 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 11:13 . 2011-03-29 01:36 22240 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 07:39 135168 —-a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 07:39 350208 —-a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 07:39 308736 —-a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 07:39 111104 —-a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 07:39 474624 —-a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 07:39 2176512 —-a-w- c:\windows\apppatch\AcGenral.dll
2013-04-07 08:54 . 2012-10-14 15:56 1455408 —-a-w- c:\windows\system32\dmwu.exe
2013-04-07 08:53 . 2012-10-14 15:56 33792 —-a-w- c:\windows\system32\ImHttpComm.dll
2013-03-29 22:38 . 2013-03-29 22:38 1054720 —-a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 22:38 . 2013-03-29 22:38 73728 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 22:38 . 2013-03-29 22:38 719360 —-a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 22:38 . 2013-03-29 22:38 523264 —-a-w- c:\windows\SysWow64\vbscript.dll
2013-03-29 22:38 . 2013-03-29 22:38 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-29 22:38 . 2013-03-29 22:38 38400 —-a-w- c:\windows\SysWow64\imgutil.dll
2013-03-29 22:38 . 2013-03-29 22:38 226304 —-a-w- c:\windows\system32\elshyph.dll
2013-03-29 22:38 . 2013-03-29 22:38 185344 —-a-w- c:\windows\SysWow64\elshyph.dll
2013-03-29 22:38 . 2013-03-29 22:38 158720 —-a-w- c:\windows\SysWow64\msls31.dll
2013-03-29 22:38 . 2013-03-29 22:38 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
2013-03-29 22:38 . 2013-03-29 22:38 138752 —-a-w- c:\windows\SysWow64\wextract.exe
2013-03-29 22:38 . 2013-03-29 22:38 137216 —-a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-29 22:38 . 2013-03-29 22:38 12800 —-a-w- c:\windows\SysWow64\mshta.exe
2013-03-29 22:38 . 2013-03-29 22:38 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 22:38 . 2013-03-29 22:38 97280 —-a-w- c:\windows\system32\mshtmled.dll
2013-03-29 22:38 . 2013-03-29 22:38 92160 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 22:38 . 2013-03-29 22:38 905728 —-a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-29 22:38 . 2013-03-29 22:38 81408 —-a-w- c:\windows\system32\icardie.dll
2013-03-29 22:38 . 2013-03-29 22:38 762368 —-a-w- c:\windows\system32\ieapfltr.dll
2013-03-29 22:38 . 2013-03-29 22:38 62976 —-a-w- c:\windows\system32\pngfilt.dll
2013-03-29 22:38 . 2013-03-29 22:38 61952 —-a-w- c:\windows\SysWow64\tdc.ocx
2013-03-29 22:38 . 2013-03-29 22:38 599552 —-a-w- c:\windows\system32\vbscript.dll
2013-03-29 22:38 . 2013-03-29 22:38 52224 —-a-w- c:\windows\system32\msfeedsbs.dll
2013-03-29 22:38 . 2013-03-29 22:38 51200 —-a-w- c:\windows\system32\imgutil.dll
2013-03-29 22:38 . 2013-03-29 22:38 48640 —-a-w- c:\windows\system32\mshtmler.dll
2013-03-29 22:38 . 2013-03-29 22:38 452096 —-a-w- c:\windows\system32\dxtmsft.dll
2013-03-29 22:38 . 2013-03-29 22:38 441856 —-a-w- c:\windows\system32\html.iec
2013-03-29 22:38 . 2013-03-29 22:38 361984 —-a-w- c:\windows\SysWow64\html.iec
2013-03-29 22:38 . 2013-03-29 22:38 281600 —-a-w- c:\windows\system32\dxtrans.dll
2013-03-29 22:38 . 2013-03-29 22:38 27648 —-a-w- c:\windows\system32\licmgr10.dll
2013-03-29 22:38 . 2013-03-29 22:38 270848 —-a-w- c:\windows\system32\iedkcs32.dll
2013-03-29 22:38 . 2013-03-29 22:38 247296 —-a-w- c:\windows\system32\webcheck.dll
2013-03-29 22:38 . 2013-03-29 22:38 235008 —-a-w- c:\windows\system32\url.dll
2013-03-29 22:38 . 2013-03-29 22:38 23040 —-a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-29 22:38 . 2013-03-29 22:38 216064 —-a-w- c:\windows\system32\msls31.dll
2013-03-29 22:38 . 2013-03-29 22:38 197120 —-a-w- c:\windows\system32\msrating.dll
2013-03-29 22:38 . 2013-03-29 22:38 173568 —-a-w- c:\windows\system32\ieUnatt.exe
2013-03-29 22:38 . 2013-03-29 22:38 167424 —-a-w- c:\windows\system32\iexpress.exe
2013-03-29 22:38 . 2013-03-29 22:38 1509376 —-a-w- c:\windows\system32\inetcpl.cpl
2013-03-29 22:38 . 2013-03-29 22:38 149504 —-a-w- c:\windows\system32\occache.dll
2013-03-29 22:38 . 2013-03-29 22:38 144896 —-a-w- c:\windows\system32\wextract.exe
2013-03-29 22:38 . 2013-03-29 22:38 1441280 —-a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-29 22:38 . 2013-03-29 22:38 1400416 —-a-w- c:\windows\system32\ieapfltr.dat
2013-03-29 22:38 . 2013-03-29 22:38 13824 —-a-w- c:\windows\system32\mshta.exe
2013-03-29 22:38 . 2013-03-29 22:38 136192 —-a-w- c:\windows\system32\iepeers.dll
2013-03-29 22:38 . 2013-03-29 22:38 135680 —-a-w- c:\windows\system32\IEAdvpack.dll
2013-03-29 22:38 . 2013-03-29 22:38 12800 —-a-w- c:\windows\system32\msfeedssync.exe
2013-03-29 22:38 . 2013-03-29 22:38 102912 —-a-w- c:\windows\system32\inseng.dll
2013-03-29 22:38 . 2013-03-29 22:38 77312 —-a-w- c:\windows\system32\tdc.ocx
2013-03-19 06:04 . 2013-04-10 02:02 5550424 —-a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 02:02 43520 —-a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 02:02 3968856 —-a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 02:02 3913560 —-a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 02:02 6656 —-a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 02:02 112640 —-a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“GoogleChromeAutoLaunch_ACE26633DC755D76AF39CE01DFEF37D8”=“c:\program files (x86)\Google\Chrome\Application\chrome.exe”
“TomTomHOME.exe”=“c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
“swg”=“c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“Skype”=“c:\program files (x86)\Skype\Phone\Skype.exe”
“Raptr”=“c:\progra~2\Raptr\raptrstub.exe”
.
“IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“CLMLServer”=“c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
“BrMfcWnd”=“c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe”
“ControlCenter3”=“c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe”
“PWRISOVM.EXE”=“c:\program files (x86)\PowerISO\PWRISOVM.EXE”
“BDRegion”=“c:\program files (x86)\Cyberlink\Shared Files\brs.exe”
“RemoteControl”=“c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe”
“LanguageShortcut”=“c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe”
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe”
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S2 IconixService;Iconix Update Service;c:\program files (x86)\Common Files\Iconix\IconixService.exe
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
2013-05-22 02:30 1165776 —-a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.93\Installer\chrmstp.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
.
——— X64 Entries ———–
.
.
“RTHDVCPL”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe”
“egui”=“c:\program files\ESET\ESET Smart Security\egui.exe”
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\koppert\AppData\Roaming\Mozilla\Firefox\Profiles\0638k6t5.default\
FF - prefs.js: browser.startup.homepage - www.google.nl
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
AddRemove-captaincooks - c:\microgaming\Casino\CaptainCooks\install.exe
AddRemove-casinolavida - c:\microgaming\Casino\casinolavida\install.exe
AddRemove-gamingclub - c:\microgaming\Casino\GamingClub\install.exe
AddRemove-jackpotcity - c:\microgaming\Casino\jackpotcity\install.exe
AddRemove-kingneptunes - c:\microgaming\Casino\KingNeptunes\install.exe
AddRemove-luckynugget - c:\microgaming\Casino\LuckyNugget\install.exe
AddRemove-Play2Win - c:\program files (x86)\Play2Win\uninst.exe
AddRemove-ukcasinoclub - c:\microgaming\Casino\UKCasinoClub\install.exe
.
.
.
“ImagePath”=“\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-05-23 13:20:57
ComboFix-quarantined-files.txt 2013-05-23 11:20
.
Pre-Run: 1.550.049.570.816 bytes beschikbaar
Post-Run: 1.550.182.379.520 bytes beschikbaar
.
- - End Of File - - 4F35073A68AECECF4DEF83EABF95B17D
Groetjes,
Marion
Ben

23-05-2013 14:10

Hallo,
Herstart je pc als het goed is heb je daarna weer internet?
Laat dat even weten.
Gr.Ben
Marion Koppert

23-05-2013 16:51

Hoi Ben,
Heb opnieuw opgestart, maar google kan alleen zo een pagina openen, niet via geschiedenis of favorieten. Mozilla kan nog steeds niet opstarten. Ik zie alleen even zo'n draaiend kringeltje en dan stopt dat.
Ik heb wél internet, chrome doet het nu nog wel. Maar er is toch iets niet helemaal jofel. Ik had eerder geprobeerd om Spybot Search and destroy te laten scannen. De scan lukte wel, maar fixen lukte niet. Liep het programma meteen vast. Ook in veilige modus, dus vandaar dat ik denk dat ik toch wel wat rotzooi op de pc heb. Dat heb je als je wat langer op vakantie gaat en zoonlief kan zich uitleven, haha.
Maar hopelijk hebben jullie iets aan de logfiles.
Groetjes,
Marion
Ben

23-05-2013 18:09

Hallo,
Doe het volgende:
Download zoek.exe naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
* Dubbelklik op Zoek.exe om de tool te starten.
* Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
firefoxlook;
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
*Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post nu de inhoud van het geopende logje in het volgende bericht.
Gr.Ben
Marion Koppert

23-05-2013 20:25

Hallo Ben
Google Chrome doet het gelukkig nog wel goed.
Hier mijn logje:
Zoek.exe Version 4.0.0.2 Updated 22-May-2013
Tool run by koppert on do 23-05-2013 at 20:12:26,54.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Common Files\Iconix\IconixService.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\koppert\Downloads\zoek (1).exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
==== Batch Command(s) Run By Tool======================
C:\Windows\System32\dmwu.exe deleted successfully
==== Deleting Files \ Folders ======================
“C:\Windows\SysNative\dmwu.exe” not found
“C:\Program Files (x86)\Common Files\DVDVideoSoft\bin” deleted
“C:\Users\koppert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd” deleted
“C:\Windows\Syswow64\jmdp” deleted
“C:\Windows\Syswow64\ARFC” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4078 MB
CPU Info: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
CPU Speed: 3054,1 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: NVIDIA GeForce GTX 550 Ti | NVIDIA GeForce GTX 550 Ti | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller | Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
CD / DVD Drives: 2x (E: | J: | ) E: TSSTcorpCDDVDW SH-216AB | J:
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C: 1811,9GB | D: 50,0GB
Hard Disks - Free: C: 1428,7GB | D: 10,2GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/15/11 | MEDION - 7292010
Time Zone: West-Europa (standaardtijd)
Motherboard *: MEDIONPC MS-7728
Internet Explorer Version: 10.0.9200.16576
Sun Java version: No Java Installed?
Country: Nederland
Language: NLD
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-05-23 11:12:02 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe
2013-05-23 11:12:02 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe
2013-05-23 11:12:02 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe
2013-05-23 11:12:02 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe
2013-05-23 11:12:02 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe
2013-05-22 16:38:43 CEBB5A5A9638E71791AD3D84729938B2 121 —-a-w- C:\Windows\DeleteOnReboot.bat
====== C:\Users\koppert\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-05-15 18:31:42 49834B94A8E8383B700EDDEF46C2AE6A 2706432 —-a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 18:31:42 28AEB03752D716BF149DBC93A9ACC17E 391168 —-a-w- C:\Windows\SysWOW64\ieui.dll
2013-05-15 18:31:40 DFDBC397D0DDBD1AFA3CB400D4C003A9 61440 —-a-w- C:\Windows\SysWOW64\iesetup.dll
2013-05-15 18:31:34 5915AA67DECA289F7B4AFB686CDB09E9 71680 —-a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 18:31:34 52AA8A8DA4175580F365D275EB53DBE3 493056 —-a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 18:31:34 3CC9825BFFE7B7429C8B79B0395ACDA8 33280 —-a-w- C:\Windows\SysWOW64\iernonce.dll
2013-05-15 18:31:34 366D8EA2ADCBA228C9487BC6D2427DDC 109056 —-a-w- C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 18:31:33 F59A16A9418044C1D505C53DA370B099 2046976 —-a-w- C:\Windows\SysWOW64\iertutil.dll
2013-05-15 18:31:32 65C95886E1B17001ADDF163AC18C5525 1130496 —-a-w- C:\Windows\SysWOW64\urlmon.dll
2013-05-15 18:31:31 0142341520F0A0F2B0E312335B96705B 690688 —-a-w- C:\Windows\SysWOW64\jscript.dll
2013-05-15 18:31:30 C9A062F32FF600C96795B43CD9A53151 2877440 —-a-w- C:\Windows\SysWOW64\jscript9.dll
2013-05-15 18:31:29 5ABB3F36AF17007F33FA275E96A2C95E 1767424 —-a-w- C:\Windows\SysWOW64\wininet.dll
2013-05-15 18:31:29 03180AFD271BFD88813F428421BC4A1A 39424 —-a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 18:31:26 7A468BC721C1D34E60389D3F2F87BBEA 14323712 —-a-w- C:\Windows\SysWOW64\mshtml.dll
2013-05-15 18:31:19 D5E5A86F49ACC11768D8339094C3AFD8 13760512 —-a-w- C:\Windows\SysWOW64\ieframe.dll
2013-05-15 07:39:25 E904178851A6A44BFA97E064EF779E9D 1796096 —-a-w- C:\Windows\SysWOW64\authui.dll
2013-05-15 07:39:25 565D78187494FB5F08B5A52DEB2AEA7A 12872704 —-a-w- C:\Windows\SysWOW64\shell32.dll
2013-05-15 07:39:25 1F05F5A16881CD928C82D53CEFCF4477 180224 —-a-w- C:\Windows\SysWOW64\shdocvw.dll
2013-05-14 20:18:14 830E8F94EDF8D6E770FD3426D8FB4FD8 17613192 —-a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-05-15 18:31:42 9B2BB51ED6D28860A48CFF46FD6D3DC1 2706432 —-a-w- C:\Windows\Sysnative\mshtml.tlb
2013-05-15 18:31:41 FE6CB2001A8C2A85B617CD3FC85D8242 526336 —-a-w- C:\Windows\Sysnative\ieui.dll
2013-05-15 18:31:41 42758AF68D3C4912C8D8A18088AD2555 51712 —-a-w- C:\Windows\Sysnative\ie4uinit.exe
2013-05-15 18:31:36 97588F2871E1FE8E3EB57B17B98DF03B 67072 —-a-w- C:\Windows\Sysnative\iesetup.dll
2013-05-15 18:31:34 EC6E8273B6CB79CA5B7B00CA82D1FCEE 136704 —-a-w- C:\Windows\Sysnative\iesysprep.dll
2013-05-15 18:31:34 A197763AA7487807279AB61CD6835CEF 89600 —-a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-05-15 18:31:34 7DAA72F6C30D81EE31EC2BDC90054326 603136 —-a-w- C:\Windows\Sysnative\msfeeds.dll
2013-05-15 18:31:34 168602AB16D30D5D6E091CA609FC7E75 39936 —-a-w- C:\Windows\Sysnative\iernonce.dll
2013-05-15 18:31:33 9D6B9124B582F0FBF275B434CE5A672C 2647552 —-a-w- C:\Windows\Sysnative\iertutil.dll
2013-05-15 18:31:32 E34F0440799F9A0F9DC4265F4ADA75C1 1365504 —-a-w- C:\Windows\Sysnative\urlmon.dll
2013-05-15 18:31:32 772EC073332D1BA2DBEC32C6D063811A 855552 —-a-w- C:\Windows\Sysnative\jscript.dll
2013-05-15 18:31:31 2C96C695B6015042AC867EA419A45C20 3958784 —-a-w- C:\Windows\Sysnative\jscript9.dll
2013-05-15 18:31:29 254502230F2259D255D4149C235173B1 53248 —-a-w- C:\Windows\Sysnative\jsproxy.dll
2013-05-15 18:31:28 27A9000C534AA9BADC9EE74940F50C6D 2242048 —-a-w- C:\Windows\Sysnative\wininet.dll
2013-05-15 18:31:23 C56EF4C50A1FEED0CC9B7AE068CBBBBB 19231232 —-a-w- C:\Windows\Sysnative\mshtml.dll
2013-05-15 18:31:21 7F4F74880E0B586EB7A9E225C34B1296 15404032 —-a-w- C:\Windows\Sysnative\ieframe.dll
2013-05-15 07:39:38 943F527DF79E6B400104341AA7023C75 144384 —-a-w- C:\Windows\Sysnative\cdd.dll
2013-05-15 07:39:28 1BFC94665BCA35F9001ADC7BFB167C63 14172672 —-a-w- C:\Windows\Sysnative\shell32.dll
2013-05-15 07:39:27 3EF480BFED1B5947A32585E30A58D4ED 1930752 —-a-w- C:\Windows\Sysnative\authui.dll
2013-05-15 07:39:26 22A0AE97360C1B146FDD9AA55AC0E989 197120 —-a-w- C:\Windows\Sysnative\shdocvw.dll
2013-05-15 07:39:25 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 —-a-w- C:\Windows\Sysnative\consent.exe
2013-05-15 07:39:25 9D2A2369AB4B08A4905FE72DB104498F 70144 —-a-w- C:\Windows\Sysnative\appinfo.dll
2013-05-15 07:39:20 FE90B750AB808FB9DD8FBB428B5FF83B 230400 —-a-w- C:\Windows\Sysnative\wwansvc.dll
2013-05-15 07:39:20 A11523523B31086DD760C0189C763359 3153920 —-a-w- C:\Windows\Sysnative\win32k.sys
2013-05-15 07:39:20 30B1489F2DCD8DC1AB6BB60CA6093615 48640 —-a-w- C:\Windows\Sysnative\wwanprotdim.dll
====== C:\Windows\Sysnative\drivers =====
2013-05-22 18:16:13 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-05-15 07:39:38 AF2E16242AA723F68F461B6EAE2EAD3D 983400 —-a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2013-05-15 07:39:38 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 —-a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys
2013-04-24 21:46:18 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 —-a-w- C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-05-22 20:07:25 ——– d—–w- C:\Program Files\trend micro
======= C:\Program Files (x86) =====
2013-05-22 09:46:47 ——– d—–w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-26 19:24:45 ——– d—–w- C:\Program Files (x86)\Raptr
======= C: =====
2013-05-22 16:38:35 B9D8456F28CE24A012BB7758CA0893B9 16956 —-a-w- C:\AdwCleaner.txt
====== C:\Users\koppert\AppData\Roaming ======
2013-05-23 14:46:02 ——– d—–w- C:\users\koppert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-05-23 11:20:58 ——– d—–w- C:\users\UpdatusUser\AppData\Local\temp
2013-05-23 11:20:58 ——– d—–w- C:\users\Public\AppData\Local\temp
2013-05-23 11:20:58 ——– d—–w- C:\users\Gebruiker\AppData\Local\temp
2013-05-23 11:20:58 ——– d—–w- C:\users\Default\AppData\Local\temp
2013-05-23 11:20:58 ——– d—–w- C:\users\Default User\AppData\Local\temp
2013-05-22 09:46:01 ——– d—–w- C:\users\koppert\AppData\Local\Programs
2013-04-26 19:24:54 ——– d—–w- C:\users\koppert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr
2013-04-26 19:24:45 ——– d—–w- C:\users\koppert\AppData\Roaming\Raptr
====== C:\Users\koppert ======
2013-05-23 11:20:58 ——– d—–w- C:\Users\Public\AppData
2013-05-22 09:46:56 ——– d—–w- C:\ProgramData\Spybot - Search & Destroy
====== C: exe-files ==
2013-05-23 11:12:02 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe
2013-05-23 11:12:02 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe
2013-05-23 11:12:02 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe
2013-05-23 11:12:02 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe
2013-05-23 11:12:02 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe
2013-05-22 20:07:25 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\koppert.exe
2013-05-22 20:05:06 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\koppert\Desktop\RSITx64.exe
2013-05-22 20:04:59 CD48C7F951ADC4FE99DA4BCFD86BF5DF 73 —-a-w- C:\Users\koppert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5AOE0KGW\RSITX64.EXE
2013-05-22 16:37:48 0A90C8A3F94564E7EAF541981EAFA52A 632031 —-a-w- C:\Users\koppert\Desktop\adwcleaner.exe
2013-05-22 09:43:21 272A7ED33C052AA6F3F56802853CCC48 55454464 —-a-w- C:\Users\koppert\Desktop\spybot-search-destroy.exe
2013-05-22 02:30:02 8DBEEA5D392D86AF6FF75E881157C88E 11299168 —-a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.93\27.0.1453.93_26.0.1410.64_chrome_updater.exe
2013-05-21 05:57:50 BD617F4C5797AD18EC30199042AE75D4 30722056 —-a-w- C:\Users\koppert\AppData\Roaming\Raptr\raptr-3.1.6-r73201-release.exe
2013-05-20 20:31:19 6890BBE8CF2A55ABCFDB16822C40C0A7 3448384 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\AirMech\AirMech.exe
2013-05-20 20:31:15 D6317A0A9B5FABD16EA6377758C5E2E8 92072 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
2013-05-20 20:31:13 384763C39D46FCD367E92CF7B5D1ED34 77736 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\vtex.exe
2013-05-20 20:31:13 07D1715D4A76136A7A7275315CFB3405 77736 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\vvis.exe
2013-05-20 20:31:12 DA49313F36F5D936256782157C18E506 87464 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\vrad.exe
2013-05-20 20:31:08 34184865AC694F973385EF5ADF45F740 137128 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\splitskybox.exe
2013-05-20 20:31:07 BD09B41F52EF48CC2F19E441BECCCFDC 86952 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\shadercompile.exe
2013-05-20 20:30:58 8D069D4730A909D270617572F7A84AC7 144808 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\hammer.exe
2013-05-20 20:30:57 2D7F73B8F2BC6932F0497E8060655003 201128 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\glview.exe
2013-05-20 20:30:54 A5910EADEA41F34354C86BEDADE6FEAA 186792 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\captioncompiler.exe
2013-05-20 20:30:54 206EBAA00DE81788A30B904AE0BA5737 102400 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\demoinfo.exe
2013-05-20 20:30:23 F901FF91F748227DC55B9E89B61B6A62 708520 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\mksheet.exe
2013-05-20 20:30:23 E51673807211C499D93E6AC89C3C3013 417192 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\vbspinfo.exe
2013-05-20 20:30:23 D628AA3FBD564E9A3A8E6820AFD3A6AF 1678248 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\hlfaceposer.exe
2013-05-20 20:30:23 D24195F8607721EE773178DCE9D01191 690600 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\normal2ssbump.exe
2013-05-20 20:30:23 CE0394AF908618167749BACDD37201B2 659880 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\vpk.exe
2013-05-20 20:30:23 A596779D15F271E865EE7FECDA6367B1 695720 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\height2normal.exe
2013-05-20 20:30:23 83EF29F6F2F1E5DE4BB1BCF17E918183 721320 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\vtf2tga.exe
2013-05-20 20:30:23 6F2672EAE4EC4BD2B9CA93E1FD3B6EA2 1690024 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\dmxedit.exe
2013-05-20 20:30:23 6EA3CD6AA0674C69B5C79716FEA0D864 637864 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\pfm2tgas.exe
2013-05-20 20:30:23 6D9AF5A5937649683796C8667BFE03D8 2749352 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\qc_eyes.exe
2013-05-20 20:30:23 4BA8FBC11BFC46ECF045A2B66ED815AF 1890728 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\studiomdl.exe
2013-05-20 20:30:23 3F75DEA2345927963830A458FD878008 304552 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\motionmapper.exe
2013-05-20 20:30:23 3A63FBCDFBE13B75812E34DFF6995EAD 423336 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\bspzip.exe
2013-05-20 20:30:23 2FD631F9966A5075B1D364586C0079E4 1458088 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\vbsp.exe
2013-05-20 20:30:23 0F92F31E8FE77FAE12D955A23E2B93C3 468904 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\hlmv.exe
2013-05-20 20:30:23 08F780BD9A49F23770494A5925DCED3B 3241896 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\elementviewer.exe
2013-05-20 20:30:23 06953C786A98EBA2F3AB4DB03FD652C8 706472 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\height2ssbump.exe
2013-05-20 17:19:34 47876C11373B62C974CA845F0434EC5C 4214336 —-a-w- C:\Program Files (x86)\Raptr\vcredist_x86.exe
2013-05-20 17:19:32 DFBADE9590DC2A8C3AEEA2CE528DA909 55360 —-a-w- C:\Program Files (x86)\Raptr\raptrstub.exe
2013-05-20 17:19:32 86D03FB2D2C9C29446692BA5C0574CEE 46144 —-a-w- C:\Program Files (x86)\Raptr\raptr_im.exe
2013-05-20 17:19:30 22908B8D27FE9EFE2BE1903C3ED23CC6 64576 —-a-w- C:\Program Files (x86)\Raptr\raptr.exe
2013-05-20 17:19:30 1FCC19E1FAB0AFF4A25C9775A70DF055 2405456 —-a-w- C:\Program Files (x86)\Raptr\ffmpeg.exe
2013-05-20 17:19:28 6AC4042DD83C99F68E84A2A71FB5E0AE 45120 —-a-w- C:\Program Files (x86)\Raptr\f2p_ping.exe
2013-05-20 17:05:18 4B817450226F93C31ADD5BCC27FED27A 1015984 —-a-w- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
2013-05-18 14:56:19 7C271BBD974C760F516F1C9F9B61E0F2 106496 —-a-w- C:\Program Files (x86)\Steam\SteamApps\coldfire522\source sdk base\hl2.exe
=== C: other files ==
2013-05-23 15:49:16 D9B71461E815FC816900359FF4B41013 39717 —-a-w- C:\Users\koppert\Downloads\iron-man-3_english-733412 (1).zip
2013-05-23 15:40:57 50654D0F305042177A6D5AB384942023 39694 —-a-w- C:\Users\koppert\Downloads\ef43c15f174f0bb5e750c69fde5889405d266a00.zip
2013-05-23 15:39:54 48F9AAAE5498CB1909722E3494842683 34216 —-a-w- C:\Users\koppert\Downloads\Iron.Man.3.2013.R6.720p.x264.AC3._www.ENGSUB.NET.zip
2013-05-23 15:38:53 B8871D0B6A38B49AE28914B104BD30C1 38266 —-a-w- C:\Users\koppert\Downloads\Iron.Man.3.2013.R6.LiNE.x264._www.ENGSUB.NET.zip
2013-05-23 15:37:55 FE6BEA0AA128DF7EF9ADB147C42FD97C 42088 —-a-w- C:\Users\koppert\Downloads\Iron.Man.3.2013.R6.HDScr.LINE.600MB._www.ENGSUB.NET.zip
2013-05-23 15:35:46 D9B71461E815FC816900359FF4B41013 39717 —-a-w- C:\Users\koppert\Downloads\Iron.Man.3.2013.R6.HDScr.LINE.NoSUBS.NoBLURS.XViD.AC3.HQ.Hive-CM8._www.ENGSUB.NET.zip
2013-05-23 15:33:09 7BF26819C5B64266E895403AF15CA8CD 38812 —-a-w- C:\Users\koppert\Downloads\iron-man-3_english-733185.zip
2013-05-23 15:32:05 D9B71461E815FC816900359FF4B41013 39717 —-a-w- C:\Users\koppert\Downloads\iron-man-3_english-733412.zip
2013-05-23 15:30:42 FCC199AF4DC72DD9DF88F0373BB360CA 34105 —-a-w- C:\Users\koppert\Downloads\956b71a2aa95af09f28fa36db3c3955d089796f6.zip
2013-05-23 15:18:52 AB725CB9C757EC3906ECBF82F991FC7A 29677 —-a-w- C:\Users\koppert\Downloads\Ondertitel.com-4-Snitch-2013-BDRip-XviD-AN0NYM0US.zip
2013-05-23 14:46:51 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 —-a-w- C:\Users\koppert\AppData\Roaming\Raptr\data\jordi1337\config\certificates\x509\tls_peers\xmpp-server7.raptr.com
2013-05-23 14:46:47 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 —-a-w- C:\Users\koppert\AppData\Roaming\Raptr\data\jordi1337\config\certificates\x509\tls_peers\xmpp-server2.raptr.com
2013-05-23 10:56:46 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 —-a-w- C:\Users\koppert\AppData\Roaming\Raptr\data\jordi1337\config\certificates\x509\tls_peers\xmpp-server5.raptr.com
2013-05-23 08:37:16 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 —-a-w- C:\Users\koppert\AppData\Roaming\Raptr\data\jordi1337\config\certificates\x509\tls_peers\xmpp-server8.raptr.com
2013-05-22 22:18:03 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 —-a-w- C:\Users\koppert\AppData\Roaming\Raptr\data\jordi1337\config\certificates\x509\tls_peers\xmpp-server4.raptr.com
2013-05-22 18:16:13 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-22 16:38:43 CEBB5A5A9638E71791AD3D84729938B2 121 —-a-w- C:\Windows\DeleteOnReboot.bat
2013-05-22 11:24:32 613C29DBA2D59564527A4A568ED4B481 4860 —-a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\IncrediBar-0000.zip
2013-05-22 11:24:32 613C29DBA2D59564527A4A568ED4B481 4860 —-a-w- C:\Backup My Data\All Users\Spybot - Search & Destroy\Quarantine\IncrediBar-0000.zip
2013-05-20 20:31:13 86BD57000A5CD2DFA3A939BD9D135D42 238 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\vtex.bat
2013-05-20 20:31:07 BDA83C1C2CFA59B4C8FEBE9803B3717B 454 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\set_sdk_env.bat
2013-05-20 20:31:00 F434B725B541E0F7ECB896FFF2409DC5 265 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\HLMV.bat
2013-05-20 20:30:57 623B0B2CE9360BC3CD57EDDBE0ABB3EA 264 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\Hammer.bat
2013-05-20 20:30:56 60B8D5BCECAAB70BBC4209178569EA8E 276 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\Faceposer.bat
2013-05-20 20:30:54 1479DA9CB7BC8DC4C6B392749EC965DE 240 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\check_sdk_env.bat
2013-05-20 20:30:23 1B958C1F563F4AF9F8340D074E012ABD 7255976 —-a-w- C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\bin\itemtest.com
2013-05-20 17:19:00 C13E49E66953F4DE54BE6AD1E7330ACB 7558318 —-a-w- C:\Program Files (x86)\Raptr\library.zip
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“GoogleChromeAutoLaunch_ACE26633DC755D76AF39CE01DFEF37D8”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –no-startup-window”
“TomTomHOME.exe”=“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
“swg”=“C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”
“Raptr”=“C:\PROGRA~2\Raptr\raptrstub.exe –startup”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“IAStorIcon”=“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“CLMLServer”=“C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
“BrMfcWnd”=“C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN”
“ControlCenter3”=“C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun”
“PWRISOVM.EXE”=“C:\Program Files (x86)\PowerISO\PWRISOVM.EXE”
“BDRegion”=“C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe”
“RemoteControl”=“C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe”
“LanguageShortcut”=“C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“iTunesHelper”=“C:\Program Files (x86)\iTunes\iTunesHelper.exe”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“GoogleChromeAutoLaunch_ACE26633DC755D76AF39CE01DFEF37D8”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –no-startup-window”
“TomTomHOME.exe”=“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
“swg”=“C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”
“Raptr”=“C:\PROGRA~2\Raptr\raptrstub.exe –startup”
==== Startup Registry Enabled x64 ======================
“RTHDVCPL”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”
“egui”=“C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Firefox Extensions ======================
ProfilePath: C:\Users\koppert\AppData\Roaming\Mozilla\Firefox\Profiles\0638k6t5.default
- Undetermined - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
- Undetermined - C:\Program Files\IB Updater\Firefox
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\koppert\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx
DVDVideoSoft Browser Extension - koppert - Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.nl/”
New Values:
“Start Page”=“http://www.google.nl/”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR”
{2B675658-493F-4B1B-B497-C210AA17D7A4} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_nlNL492”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
==== HijackThis Entries ======================
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –no-startup-window
O4 - HKCU\..\Run: “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU\..\Run: C:\PROGRA~2\Raptr\raptrstub.exe –startup
O4 - HKUS\S-1-5-21-2579152848-2309383289-322844936-1001\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-2579152848-2309383289-322844936-1001\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-2579152848-2309383289-322844936-1001\..\RunOnce: C:\Windows\Web\Wallpaper\MEDION\start.vbs (User ‘UpdatusUser’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing)
O9 - Extra ‘Tools’ menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra ‘Tools’ menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra ‘Tools’ menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing) (HKCU)
O9 - Extra ‘Tools’ menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing) (HKCU)
O9 - Extra button: Casino La Vida - {11E47561-BAE2-4F72-8213-8818E62BB124} - C:\Microgaming\Casino\casinolavida\casinogame.exe (file missing) (HKCU)
O9 - Extra button: Jackpot City - {2E9CD141-9025-4018-802A-8F3DEF6B07FC} - C:\Microgaming\Casino\jackpotcity\casinogame.exe (file missing) (HKCU)
O9 - Extra button: UK Casino Club - {309B0300-0C8A-4A4C-8610-E6DCC6150B6F} - C:\Microgaming\Casino\UKCasinoClub\casinogame.exe (file missing) (HKCU)
O9 - Extra button: King Neptunes - {41B00985-B707-4422-882E-9418812B0736} - C:\Microgaming\Casino\KingNeptunes\casinogame.exe (file missing) (HKCU)
O9 - Extra button: Lucky Nugget Casino - {525A59B5-5432-492C-9063-D168EFDBC4BE} - C:\Microgaming\Casino\LuckyNugget\casinogame.exe (file missing) (HKCU)
O9 - Extra button: Captain Cooks Casino - {7FC4233C-B0D1-41F4-998E-9F1470EA21D9} - C:\Microgaming\Casino\CaptainCooks\casinogame.exe (file missing) (HKCU)
O9 - Extra button: Gaming Club - {C59EF4A1-3B78-4F58-8BDA-1C530689F32F} - C:\Microgaming\Casino\GamingClub\casinogame.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files (x86)\Common Files\Iconix\IconixService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\koppert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\koppert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\koppert\AppData\Local\Mozilla\Firefox\Profiles\0638k6t5.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\koppert\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\koppert\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on do 23-05-2013 at 20:20:49,71 ======================
Groetjes,
Marion
Ben

23-05-2013 20:38
Hallo,
Download de Junkware Removal Tool by Thisisu naar je bureaublad
Het is aanbevolen om beveiligingssoftware tijdelijk uit te schakelen, deze kan namelijk conflicteren met JRT.exe
Windows XP: Start de tool doormiddel van dubbelklik.
Windows Vista/7/8: Rechtsklik JRT.exe en kies voor “Uitvoeren als administrator”.
De tool zal daarna je systeem scannen.
De scan kan afhankelijk van je systeemspecificaties soms vrij lang duren, wacht geduldig af.
Als de scan voltooid is zal een logje (JRT.txt) op je bureaublad opgeslagen worden en automatisch openen.
Post de inhoud van deze log in je volgende bericht.
Vertel meteen hoe hert hierna gaat.(je heb een pb)
Gr.Ben
Marion Koppert

23-05-2013 21:14

Hoi Ben,
Je hebt pb terug.
Hier mijn logje:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by koppert on do 23-05-2013 at 20:53:31,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\koppert\AppData\Roaming\mozilla\firefox\profiles\0638k6t5.default\minidumps
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on do 23-05-2013 at 20:56:11,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Internet Explore gaat weer goed nu, mijn favorieten kon ik niet openen,nu weer wel. Mozilla Firefox blijft problemen geven, kan ik niet openen. Misschien verwijderen en opnieuw installeren? Kan dat natuurlijk altijd eens proberen.
Groetjes en bedankt zover,
Marion

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Vermoedelijk vervuilde pc-mozilla start niet meer

Marion Koppert

Marion Koppert

fazantje

Marion Koppert

Ben

Marion Koppert

Ben

Marion Koppert

Ben

Marion Koppert