Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
lg
Gaarne u advies bij deze zeer trage laptop.
Waar naar mijn ide iets draait op de achtergrond, kan niets verdachts vinden.
Na handmatige schoonmaak, hierbij de gervraagde log files
# AdwCleaner v3.004 - Report created 20/09/2013 at 11:03:10
# Updated 15/09/2013 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : Bob en Hillie - PC_VAN_BOBENHIL
# Running from : C:\Users\Bob en Hillie\Desktop\adwcleaner.exe
# Option : Clean
***** *****
***** *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Bob en Hillie\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Bob en Hillie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Bob en Hillie\AppData\Roaming\Mozilla\Firefox\Profiles\deo5p4j7.default\Extensions\ffxtlbr@delta.com
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\Bob en Hillie\AppData\Roaming\Mozilla\Firefox\Profiles\deo5p4j7.default\bProtector_extensions.rdf
File Deleted : C:\Users\Bob en Hillie\AppData\Roaming\Mozilla\Firefox\Profiles\deo5p4j7.default\bprotector_prefs.js
File Deleted : C:\Users\Bob en Hillie\AppData\Roaming\Mozilla\Firefox\Profiles\deo5p4j7.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Bob en Hillie\AppData\Roaming\Mozilla\Firefox\Profiles\deo5p4j7.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Bob en Hillie\AppData\Roaming\Mozilla\Firefox\Profiles\deo5p4j7.default\user.js
***** *****
***** *****
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes
Key Deleted : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
Key Deleted : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Key Deleted : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\a68ddde63fef42
Key Deleted : HKLM\SOFTWARE\a68ddde63fef42
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
***** *****
-\\ Internet Explorer v9.0.8112.16506
-\\ Mozilla Firefox v2.0 (nl)
Line Deleted : user_pref(“browser.search.selectedEngine”, “Ask.com”);
Line Deleted : user_pref(“browser.search.order.1”, “Ask.com”);
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.09.20.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bob en Hillie :: PC_VAN_BOBENHIL
20-9-2013 13:23:29
mbam-log-2013-09-20 (13-23-29).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 191886
Verstreken tijd: 14 minuut/minuten, 50 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of random's system information tool 1.09 (written by random/random)
Run by Bob en Hillie at 2013-09-20 13:42:57
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 59 GB (55%) free of 106 GB
Total RAM: 1790 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:43:22, on 20-9-2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16506)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Powercinema\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Bob en Hillie\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Bob en Hillie.exe
C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPNetworkCommunicator.exe
C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
O4 - HKLM\..\Run: “c:\Program Files\Powercinema\PCMService.exe”
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: Skytel.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKCU\..\Run: “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler
O4 - HKCU\..\Run: “C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe” -deviceID “CN1AJ474ZW05MQ:NW” -scfn “HP Deskjet 3070 B611 series (NET)” -AutoStart 1
O4 - HKCU\..\Run: C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: C:\Program Files\Picasa2\PicasaMediaDetector.exe (User ‘SYSTEEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\Program Files\Picasa2\PicasaMediaDetector.exe (User ‘Default user’)
O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249135194638
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
–
End of file - 9402 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HP Photo Creations Messager.job
C:\Windows\tasks\Recovery DVD Creator.job
C:\Windows\tasks\Uitgebreide garantie.job
======Registry dump======
Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll
CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll
“RtHDVCpl”=C:\Windows\RtHDVCpl.exe
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
“StartCCC”=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
“RoxWatchTray”=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
“PCMService”=c:\Program Files\Powercinema\PCMService.exe
“GrooveMonitor”=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
“Skytel”=C:\Windows\Skytel.exe
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
“Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“MSC”=c:\Program Files\Microsoft Security Client\msseces.exe
“ISUSPM”=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
“HP Deskjet 3070 B611 series (NET)”=C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
“Sidebar”=C:\Program Files\windows sidebar\sidebar.exe
cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0ANAAzADgANAAwADYANwA4ADQALQBUADQALQBYAEwAKwAxAC0AQgBBAFIAOQBPACsAMQAtAEYATAArADkALQBGADkATQA2ACsAMQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAFgATwA5ACsAMQAtAEYAOQBNADMAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAyADgANwA2ADEALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEUATgArADEALQBUAEIATgArADEALQBGADkAMABVAFUARQArADMALQBMADkAMABNAEoAKwAxAC0ARgA5ADAATQAxADIASgBUACsAMQAtAFMAVABGADkAMABVAFUARQAxACsAMQAtAFMAVABGADkAMABVAFUARQAyACsAMQAtAEYAOQAwAE0AMQAyAFIAKwAxADEALQBWAEkAUAAxADIAKwAxAA&prod=90&ver=9.0.894
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE
C:\Users\Bob en Hillie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk - C:\Windows\system32\RunDll32.exe
“AppInit_DLLs”=“C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL”
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0
“BindDirectlyToPropertySetStorage”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“vidc.cvid”=iccvid.dll
“MSVideo8”=VfWWDM32.dll
“msacm.l3codecp”=
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“msacm.siren”=sirenacm.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2013-09-20 13:42:59 —-D—- C:\Program Files\trend micro
2013-09-20 13:42:57 —-D—- C:\rsit
2013-09-20 12:00:43 —-D—- C:\Windows\pss
2013-09-20 11:42:28 —-D—- C:\Users\Bob en Hillie\AppData\Roaming\Malwarebytes
2013-09-20 11:16:23 —-D—- C:\Program Files\Microsoft Security Client
2013-09-20 11:15:04 —-A—- C:\Windows\system32\drivers\netio.sys
2013-09-20 11:02:04 —-D—- C:\AdwCleaner
2013-09-20 11:01:31 —-D—- C:\ProgramData\Malwarebytes
2013-09-20 11:01:30 —-D—- C:\Program Files\Malwarebytes' Anti-Malware
2013-09-20 11:01:30 —-A—- C:\Windows\system32\drivers\mbam.sys
2013-09-12 15:43:37 —-A—- C:\Windows\system32\mshtmled.dll
2013-09-12 15:43:36 —-A—- C:\Windows\system32\vbscript.dll
2013-09-12 15:43:33 —-A—- C:\Windows\system32\jsproxy.dll
2013-09-12 15:43:33 —-A—- C:\Windows\system32\ieUnatt.exe
2013-09-12 15:43:33 —-A—- C:\Windows\system32\ieui.dll
2013-09-12 15:43:32 —-A—- C:\Windows\system32\wininet.dll
2013-09-12 15:43:32 —-A—- C:\Windows\system32\msfeeds.dll
2013-09-12 15:43:31 —-A—- C:\Windows\system32\url.dll
2013-09-12 15:43:31 —-A—- C:\Windows\system32\jscript9.dll
2013-09-12 15:43:31 —-A—- C:\Windows\system32\jscript.dll
2013-09-12 15:43:30 —-A—- C:\Windows\system32\iertutil.dll
2013-09-12 15:43:28 —-A—- C:\Windows\system32\urlmon.dll
2013-09-12 15:43:25 —-A—- C:\Windows\system32\mshtml.dll
2013-09-12 15:43:23 —-A—- C:\Windows\system32\ieframe.dll
2013-09-12 15:13:16 —-A—- C:\Windows\system32\themeui.dll
2013-09-12 15:11:13 —-A—- C:\Windows\system32\win32k.sys
2013-08-28 16:29:48 —-A—- C:\Windows\system32\WMVDECOD.DLL
======List of files/folders modified in the last 1 month======
2013-09-20 13:43:15 —-D—- C:\Windows\Temp
2013-09-20 13:42:59 —-RD—- C:\Program Files
2013-09-20 13:40:28 —-D—- C:\Windows\system32\drivers
2013-09-20 12:19:10 —-D—- C:\Windows\inf
2013-09-20 12:19:07 —-D—- C:\Windows\Debug
2013-09-20 12:19:07 —-D—- C:\Windows
2013-09-20 12:14:50 —-D—- C:\Windows\Microsoft.NET
2013-09-20 11:43:01 —-D—- C:\Windows\system32\LogFiles
2013-09-20 11:18:00 —-SHD—- C:\Windows\Installer
2013-09-20 11:17:12 —-D—- C:\Windows\system32\catroot
2013-09-20 11:17:06 —-SD—- C:\ProgramData\Microsoft
2013-09-20 11:16:14 —-D—- C:\Windows\winsxs
2013-09-20 11:15:43 —-AD—- C:\Windows\System32
2013-09-20 11:15:20 —-A—- C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 11:14:53 —-SHD—- C:\System Volume Information
2013-09-20 11:03:10 —-HD—- C:\ProgramData
2013-09-20 10:53:35 —-D—- C:\Program Files\Picasa2
2013-09-20 10:44:46 —-D—- C:\Windows\system32\drivers\UMDF
2013-09-20 10:43:18 —-RSD—- C:\Windows\assembly
2013-09-20 10:32:10 —-D—- C:\ProgramData\Norton
2013-09-20 10:32:02 —-D—- C:\Program Files\Common Files\Symantec Shared
2013-09-20 10:30:37 —-D—- C:\ProgramData\Symantec
2013-09-20 10:25:02 —-D—- C:\ProgramData\NortonInstaller
2013-09-20 10:16:52 —-D—- C:\Program Files\CCleaner
2013-09-12 16:35:20 —-D—- C:\ProgramData\Microsoft Help
2013-09-12 15:50:32 —-D—- C:\Windows\system32\migration
2013-09-12 15:50:30 —-D—- C:\Program Files\Internet Explorer
2013-09-12 15:46:16 —-D—- C:\Windows\system32\catroot2
2013-09-12 15:33:50 —-D—- C:\Windows\system32\MRT
2013-09-12 15:29:14 —-A—- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys
R3 Cam5603D;USB2.0 350K WebCam; C:\Windows\System32\Drivers\BisonCam.sys
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys
R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys
S0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys
S3 Dot4;Microsoft IEEE-1284.4-stuurprogramma; C:\Windows\system32\DRIVERS\Dot4.sys
S3 Dot4Print;Stuurprogramma voor printerklasse voor IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys
S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys
S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys
S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 WinUSB;WinUsb-stuurprogramma; C:\Windows\system32\DRIVERS\WinUSB.sys
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 CLSched;CyberLink Task Scheduler (CTS); c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
—————–EOF—————–
