Printen loopt vast op windows 7 x64

[Gast Robin Hofman]

Nogmaals twee logs, kreeg wel een paar fouten over niet opstartende programmas (rocketdock en mijn theme loader aura een windows 8 skin) das echter geen bezwaar ik knikker de ovirige resten eraf met revo en dan ccleaner dan is dat ook weer opgelost.

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

Malwarebytes : Free anti-malware download

Databaseversie: v2013.04.10.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

robin :: HOFMAN [administrator]

Bescherming: Ingeschakeld

10-4-2013 11:08:39

mbam-log-2013-04-10 (11-08-39).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 445140

Verstreken tijd: 11 minuut/minuten, 32 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2

C:\Downloads\Halo.Combat.Evolved.v1.09.Plus.5.Trainer.zip (PUP.HackTool.HotKeysHook) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\robin\Downloads\halo109-5.zip (PUP.HackTool.HotKeysHook) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

ComboFix 13-04-10.01 - robin 10-04-2013 11:29:19.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8191.5590 [GMT 2:00]

Gestart vanuit: c:\users\robin\Documents\Downloads\Programs\ComboFix_3.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Sunbelt VIPRE *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Sunbelt VIPRE *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\WinPCap

c:\programdata\B94650ED57.sys

c:\programdata\Download and Sa

c:\programdata\Download and Sa\50a379ba6b500.html

c:\programdata\Download and Sa\50a379ba6b539.js

c:\programdata\Download and Sa\data\50a379ba6b539.js

c:\programdata\Download and Sa\data\jsondb.js

c:\programdata\Download and Sa\dgkekafilpafnkinmcappmbhaljdobhe.crx

c:\programdata\Download and Sa\settings.ini

c:\programdata\Download and Sa\uninstall.exe

c:\programdata\mazuki.dll

c:\programdata\Microsoft\Windows\Start Menu\Programs\Download and Sa

c:\programdata\Microsoft\Windows\Start Menu\Programs\Download and Sa\Download and Sa.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\Download and Sa\Uninstall.lnk

c:\users\robin\AppData\Local\Temp\pvxinst594.exe

c:\users\robin\AppData\Roaming\chrtmp

c:\users\robin\AppData\Roaming\FrameWork\Worker

c:\users\robin\AppData\Roaming\log.txt

c:\users\robin\AppData\Roaming\PGSKz.vbs

c:\users\robin\AppData\Roaming\Qiseu

c:\users\robin\AppData\Roaming\Qiseu\zatap.fil

c:\users\robin\AppData\Roaming\Qiseu\zatap.tmp

c:\users\robin\AppData\Roaming\vso_ts_preview.xml

c:\users\robin\x.exe

c:\windows\IsUn0413.exe

c:\windows\iun6002.exe

c:\windows\msvrc20.dll

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\SwSys1.bmp

c:\windows\SwSys2.bmp

c:\windows\SysWow64\cc32100mt.dll

c:\windows\SysWow64\muzapp.exe

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\SET440A.tmp

c:\windows\SysWow64\test

c:\windows\SysWow64\themeui.dll.tmp

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

c:\windows\SysWow64\uxtheme.dll.tmp

c:\windows\SysWow64\wpcap.dll

c:\windows\UA000011.DLL

c:\windows\wininit.ini

c:\windows\XSxS

D:\install.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-03-10 to 2013-04-10 ))))))))))))))))))))))))))))))

.

.

2073-10-27 08:55 . 2009-10-03 16:32 1118208 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\Strings.dll

2073-10-27 08:55 . 2009-10-03 16:32 1835008 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\haloceded.exe

2073-10-27 08:55 . 2009-10-03 16:31 2404352 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\haloce.exe

2013-04-10 10:22 . 2013-04-10 10:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-04-10 10:22 . 2013-04-10 10:22 -------- d-----w- c:\users\UpdatusUser.HOFMAN\AppData\Local\temp

2013-04-10 10:22 . 2013-04-10 10:22 -------- d-----w- c:\users\UpdatusUser.HOFMAN.000\AppData\Local\temp

2013-04-10 10:22 . 2013-04-10 10:22 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-04-10 10:22 . 2013-04-10 10:22 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp

2013-04-10 10:22 . 2013-04-10 10:22 -------- d-----w- c:\users\Gast\AppData\Local\temp

2013-04-10 10:22 . 2013-04-10 10:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-10 10:22 . 2013-04-10 10:22 -------- d-----w- c:\users\AppData\AppData\Local\temp

2013-04-10 10:22 . 2013-04-10 10:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-04-10 10:22 . 2013-04-10 10:22 -------- d-----w- c:\users\wdlive\AppData\Local\temp

2013-04-10 10:22 . 2013-04-10 10:22 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2013-04-10 10:22 . 2013-04-10 10:22 -------- d-----w- c:\users\LogMeInRemoteUser.HOFMAN\AppData\Local\temp

2013-04-10 09:11 . 2013-04-10 09:11 -------- d-----w- c:\users\robin\AppData\Roaming\Pelikan Software KFT

2013-04-10 09:10 . 2013-04-10 09:10 20216 ----a-w- c:\windows\system32\plkmon64.dll

2013-04-10 09:10 . 2013-04-10 09:11 -------- d-----w- c:\program files\priPrinter

2013-04-10 01:59 . 2013-04-10 01:59 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{930A6E2C-D772-4859-9F4D-C6EEF35C5344}\offreg.dll

2013-04-09 08:18 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{930A6E2C-D772-4859-9F4D-C6EEF35C5344}\mpengine.dll

2013-04-08 09:40 . 2013-04-08 09:40 -------- d--h--w- c:\programdata\CanonIJEPPEX2

2013-04-08 09:40 . 2013-04-08 09:40 -------- d--h--w- c:\programdata\CanonEPP

2013-04-08 00:27 . 2013-04-08 00:28 -------- d-----w- c:\programdata\PrevxCSI

2013-04-03 21:19 . 2013-04-06 13:25 -------- d-----w- c:\users\robin\AppData\Roaming\System

2013-04-03 19:13 . 2013-04-03 19:13 -------- d-----w- c:\users\robin\AppData\Roaming\Roxio Log Files

2013-04-03 10:31 . 2008-06-24 12:45 1414440 ----a-w- c:\windows\SysWow64\ShellManager310E2D762.dll

2013-04-03 00:17 . 2013-04-03 00:17 -------- d-----w- c:\users\robin\AppData\Roaming\PicaJet.Com

2013-04-03 00:17 . 2013-04-03 00:17 -------- d-----w- c:\program files (x86)\PicaJet.Com

2013-04-01 23:37 . 2013-04-08 20:51 -------- d-----w- c:\program files\Blue Coat K9 Web Protection

2013-04-01 19:44 . 2013-04-01 19:44 -------- d-----w- c:\program files (x86)\WinDirStat

2013-04-01 08:49 . 2013-04-01 08:49 -------- d-----w- c:\windows\nl

2013-04-01 08:45 . 2012-09-12 13:20 57856 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2013-04-01 08:39 . 2013-04-01 08:39 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7660a9f21ce2eb404\DXSETUP.exe

2013-04-01 08:39 . 2013-04-01 08:39 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7660a9f21ce2eb404\dsetup32.dll

2013-04-01 08:39 . 2013-04-01 08:39 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7660a9f21ce2eb404\DSETUP.dll

2013-04-01 08:39 . 2013-04-01 08:39 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\729292571ce2eb403\DXSETUP.exe

2013-04-01 08:39 . 2013-04-01 08:39 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\729292571ce2eb403\dsetup32.dll

2013-04-01 08:39 . 2013-04-01 08:39 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\729292571ce2eb403\DSETUP.dll

2013-04-01 08:39 . 2013-04-01 08:39 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\70b585751ce2eb402\DSETUP.dll

2013-04-01 08:39 . 2013-04-01 08:39 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\70b585751ce2eb402\DXSETUP.exe

2013-04-01 08:39 . 2013-04-01 08:39 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\70b585751ce2eb402\dsetup32.dll

2013-03-31 12:53 . 2013-03-31 12:53 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2013-03-28 22:39 . 2013-02-22 07:17 203544 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2013-03-28 22:39 . 2013-02-22 07:17 102936 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2013-03-28 22:24 . 2013-03-20 08:07 233472 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe

2013-03-28 22:24 . 2013-03-20 08:07 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys

2013-03-28 22:24 . 2012-12-18 09:08 110592 ----a-w- c:\windows\SysWow64\FsUsbExDevice.Dll

2013-03-28 10:55 . 2013-03-28 10:55 -------- d-----w- c:\users\robin\AppData\Roaming\Nitreal Games

2013-03-24 20:46 . 2013-03-24 20:46 -------- d-----w- c:\program files (x86)\AVAST Software

2013-03-24 18:33 . 2006-09-13 04:00 80896 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP86.DLL

2013-03-24 18:33 . 2006-09-13 04:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD86.DLL

2013-03-24 18:33 . 2013-03-24 18:33 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2013-03-24 18:33 . 2006-09-13 04:00 234496 ----a-w- c:\windows\system32\CNMLM86.DLL

2013-03-24 18:32 . 2013-03-24 18:32 -------- d--h--w- c:\program files\CanonBJ

2013-03-22 16:41 . 2013-03-22 16:41 -------- d-----w- c:\users\robin\AppData\Roaming\ARA

2013-03-20 19:54 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2013-03-20 19:54 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-20 11:44 . 2013-03-20 11:44 -------- d-----w- c:\programdata\AVS4YOU

2013-03-20 11:43 . 2013-03-20 11:43 -------- d-----w- c:\users\robin\AppData\Roaming\AVS4YOU

2013-03-20 11:41 . 2013-03-20 11:42 -------- d-----w- c:\program files (x86)\AVS4YOU

2013-03-20 11:41 . 2013-03-20 11:42 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia

2013-03-19 10:13 . 2013-03-19 10:13 -------- d-----w- c:\program files\iPod

2013-03-19 10:13 . 2013-03-19 10:14 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-19 10:13 . 2013-03-19 10:14 -------- d-----w- c:\program files\iTunes

2013-03-19 07:03 . 2013-03-19 07:03 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-16 22:51 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-03-16 22:51 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-03-15 21:45 . 2013-03-15 21:45 -------- d-----w- c:\users\Gebruiker

2013-03-14 20:07 . 2013-03-14 20:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-04 12:50 . 2012-12-28 22:49 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-19 07:03 . 2012-07-02 13:09 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-19 07:03 . 2010-06-02 08:25 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-15 05:53 . 2012-11-15 12:04 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-03-15 05:53 . 2012-11-15 12:04 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 05:53 . 2012-03-01 18:08 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-03-15 05:53 . 2012-01-19 18:40 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-03-15 05:53 . 2012-01-19 18:40 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 04:16 . 2012-01-19 18:43 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2012-01-19 18:43 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2012-01-19 18:43 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2012-01-19 18:43 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2012-01-19 18:43 2555680 ----a-w- c:\windows\system32\nvsvcr.dll

2013-03-15 04:16 . 2012-01-19 18:43 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-13 16:24 . 2012-03-01 18:11 3065455 ----a-w- c:\windows\system32\nvcoproc.bin

2013-03-13 05:53 . 2012-11-13 00:41 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-13 05:53 . 2012-07-25 12:59 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 02:04 . 2010-03-12 14:35 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-03-11 23:10 . 2010-03-10 15:36 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-03-06 23:33 . 2012-03-22 17:34 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-03-06 23:33 . 2011-09-02 20:36 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-03-06 23:33 . 2011-09-02 20:36 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-03-06 23:33 . 2011-09-02 20:36 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-03-06 23:33 . 2011-09-02 20:36 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-03-06 23:33 . 2011-09-02 20:36 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-03-06 23:32 . 2011-09-02 20:36 41664 ----a-w- c:\windows\avastSS.scr

2013-03-06 23:32 . 2011-09-02 20:36 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-03-05 21:03 . 2013-03-05 21:03 57880 ----a-w- C:\cc_20130305_220309.reg

2013-03-01 11:21 . 2013-03-01 11:21 127216 ----a-w- c:\windows\system32\drivers\bckd.sys

2013-02-13 13:21 . 2013-02-13 13:21 40208 ----a-w- c:\windows\system32\Partizan.exe

2013-02-13 13:04 . 2013-02-13 13:04 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys

2013-02-13 13:02 . 2013-02-13 13:02 2 --shatr- c:\windows\winstart.bat

2013-02-12 13:06 . 2013-02-13 13:02 12800 ----a-w- c:\windows\SysWow64\drivers\UnHackMeDrv.sys

2013-02-12 05:45 . 2013-03-12 21:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-12 21:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-12 21:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 05:45 . 2013-03-12 21:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 04:48 . 2013-03-12 21:00 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-12 21:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-18 09:45 . 2013-01-18 09:44 1386 ----a-w- c:\windows\TweakSoftCleanup.cmd

2013-01-13 21:17 . 2013-02-27 23:38 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17 . 2013-02-27 23:38 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16 . 2013-02-27 23:38 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12 . 2013-02-27 23:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11 . 2013-02-27 23:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11 . 2013-02-27 23:38 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11 . 2013-02-27 23:38 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11 . 2013-02-27 23:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11 . 2013-02-27 23:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35 . 2013-02-27 23:38 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35 . 2013-02-27 23:38 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35 . 2013-02-27 23:38 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32 . 2013-02-27 23:38 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31 . 2013-02-27 23:38 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 23:38 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 23:38 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 23:38 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31 . 2013-02-27 23:38 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 23:38 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-01-13 20:22 . 2013-02-27 23:38 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-01-13 20:20 . 2013-02-27 23:38 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-01-13 20:09 . 2013-02-27 23:38 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08 . 2013-02-27 23:38 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-01-13 20:08 . 2013-02-27 23:38 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-01-13 19:59 . 2013-02-27 23:38 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-01-13 19:58 . 2013-02-27 23:38 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-01-13 19:54 . 2013-02-27 23:38 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-01-13 19:53 . 2013-02-27 23:38 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53 . 2013-02-27 23:38 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-01-13 19:51 . 2013-02-27 23:38 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-01-13 19:49 . 2013-02-27 23:38 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-01-13 19:48 . 2013-02-27 23:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-01-13 19:46 . 2013-02-27 23:38 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-01-13 19:43 . 2013-02-27 23:38 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38 . 2013-02-27 23:38 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-01-13 19:38 . 2013-02-27 23:38 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-01-13 19:38 . 2013-02-27 23:38 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-01-13 19:37 . 2013-02-27 23:38 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-01-13 19:25 . 2013-02-27 23:38 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-01-13 19:24 . 2013-02-27 23:38 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-01-13 19:24 . 2013-02-27 23:38 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-01-13 19:20 . 2013-02-27 23:38 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2013-01-13 19:20 . 2013-02-27 23:38 1238528 ----a-w- c:\windows\system32\d3d10.dll

2013-01-13 19:15 . 2013-02-27 23:38 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-01-13 19:10 . 2013-02-27 23:38 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-01-13 19:02 . 2013-02-27 23:38 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-01-13 18:34 . 2013-02-27 23:38 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32 . 2013-02-27 23:38 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-01-13 18:09 . 2013-02-27 23:38 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-01-13 17:26 . 2013-02-27 23:38 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-01-13 17:05 . 2013-02-27 23:38 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[-] 2011-02-25 . BCE664D75BF98468CAD13299350FE1E2 . 3044352 . . [6.1.7600.16385] .. c:\windows\explorer.exe

[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\UXBackup\explorer.exe

[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\explorer.exe

[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[-] 2009-10-01 . 729E20DD55B937628DF177FB4D2BF484 . 2868224 . . [6.1.7600.16385] .. c:\windows\Resources\Themes\Harmony 7 Blue\Explorer\X64\explorer.exe

[-] 2009-09-21 . F20ED3125219DB7A96BDBC95FF18E2F4 . 2868224 . . [6.1.7600.16385] .. c:\windows\Resources\Themes\Gaia09 VS for Seven 2\Explorer\x64\BIG\explorer.exe

[-] 2009-09-18 . 9880F8FADFF45A0175E0BBDFD9D31F5B . 2868224 . . [6.1.7600.16385] .. c:\windows\Resources\Themes\Gaia09 VS for Seven 2\Explorer\x64\SMALL\explorer.exe

[-] 2009-02-11 . 6AB9C63EE594BFA0D68411D6E6F4343B . 2902016 . . [6.1.7000.0] .. c:\windows\Resources\Themes\explorer\windows\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-02-23 10:17 222712 ----a-w- c:\users\robin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-02-23 10:17 222712 ----a-w- c:\users\robin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-02-23 10:17 222712 ----a-w- c:\users\robin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GreedyTorrent"="c:\program files (x86)\GreedyTorrent\greedytorrent.exe" [2007-03-08 2526661]

"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-27 3536320]

"Xmarks"="c:\program files (x86)\Xmarks\IE Extension\xmarkssync.exe" [2012-03-07 1122848]

"BC55F11532CFBAE7212C1D0517CC9E3E46CFDB87._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]

"Spotify Web Helper"="c:\users\robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-10 1104280]

"MSGTAG"="c:\program files (x86)\MSGTAG\MSGTAG.exe" [2003-09-16 1320448]

"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]

"GameTracker"="c:\program files (x86)\GameTracker\GTLite.exe" [2013-03-08 4019992]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Spotify"="c:\users\robin\AppData\Roaming\Spotify\Spotify.exe" [2013-04-10 4503448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-10-25 103904]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"Breakaway"="c:\program files (x86)\Breakaway\breakaway.exe" [2010-02-21 6742016]

"UX Launcher"="c:\program files (x86)\UX Pack\uxlaunch.exe" [2012-11-07 236696]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-03-24 310640]

"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

.

c:\users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ClickOff.lnk - c:\program files (x86)\ClickOff\Clickoff.exe [2010-6-17 80416]

Dropbox.lnk - c:\users\robin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

GigaTribe.lnk - c:\program files (x86)\GigaTribe\gigatribe.exe [2010-3-11 5122760]

MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe [2011-10-5 5385552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DelayedDesktopSwitchTimeout "= 1 (0x1)

"DisableStatusMessages"= 1 (0x1)

"HideFastUserSwitching"= 0 (0x0)

"SoftwareSASGeneration"= 3 (0x3)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"RequireSignedAppInit_DLLs"=0 (0x0)

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer6"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe

"smp.exe"="c:\program files (x86)\Pure Networks\Speed Meter Pro\smp.exe" -autorun -nosplash

"WsdtReplacer"=c:\program files (x86)\AGI\core\4.2.0.10755\WebshotSupplantLauncher.exe

.

R0 DiskSec;Magix Volume Filter Driver; [x]

R0 ExeLock;ExeLock;c:\windows\system32\DRIVERS\ExeLock.sys [x]

R1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]

R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2012-08-03 35064]

R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [x]

R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]

R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

R1 SAS***IL;SAS***IL;c:\program files (x86)\SUPERAntiSpyware\SAS***IL.SYS [2010-05-28 67656]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cpuz133;cpuz133; [x]

R2 mceBackup Service;mceBackup Service;c:\program files (x86)\The Digital Lifestyle.com\mcBackup 3.0\mceBackupService.exe [2010-01-27 49664]

R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2008-07-11 145448]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-04-05 1518976]

R3 aswVmm;aswVmm; [x]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]

R3 CEDRIVER55;CEDRIVER55;c:\program files (x86)\Cheat Engine\dbk64.sys [2010-03-31 51712]

R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-07-08 2428968]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-22 102936]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys [2012-08-13 25704]

R3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-10-25 1038304]

R3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-10-25 1030112]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\farmntio.sys [2011-01-26 24664]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS [2013-03-20 37344]

R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2010-02-12 66608]

R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2012-07-05 252416]

R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-06-10 1192448]

R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-12-26 19016]

R3 KooRaRooMediaServer;KooRaRoo Media Server;c:\program files (x86)\KooRaRoo Media\KooRaRooMediaServer.exe [2012-09-17 4958968]

R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 342320]

R3 maximir;maximir;c:\windows\system32\DRIVERS\maximir.sys [2007-06-19 11360]

R3 maxivista;Maxi_Vista_DriverA;c:\windows\system32\DRIVERS\maxivista.sys [2007-06-19 11360]

R3 netr7364;Sitecom RT73-stuurprogramma voor draadloze netwerken voor Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]

R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-06 24176]

R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-10-25 163472]

R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2011-10-25 191104]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 REN2CAP_DRIVER;Hear;c:\windows\system32\drivers\ren2cap.sys [2011-11-07 46728]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]

R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-01-01 19952]

R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 42912]

R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-07-01 224488]

R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-07-01 39016]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2011.SP4c\RpcAgentSrv.exe [2008-08-14 93848]

R3 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R3 SensorsVService;SensorsVService;c:\program files (x86)\SensorsViewPro42\svservice.exe [2011-12-02 935424]

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]

R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_amd64.sys [2010-07-02 525040]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-22 203544]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]

R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16640]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-06-01 736104]

R3 tvnserver;TightVNC Server;c:\users\robin\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]

R3 TVService;TVService;c:\program files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe [2012-04-10 212992]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 131416]

R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-01-18 43792]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]

R3 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2012-10-15 423576]

R3 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2012-10-15 423576]

R3 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2012-10-15 423576]

R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-08-15 15680000]

R3 vpcuxd;Stubservice voor USB-virtualisatie;c:\windows\system32\drivers\vpcuxd.sys [2010-11-20 16384]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1255736]

R4 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/10 17:50]; [x]

R4 ALSysIO;ALSysIO; [x]

R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]

R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]

R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]

R4 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSIE4B7.tmp [2011-12-15 102400]

S0 aswRvrt;aswRvrt; [x]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]

S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 c2scsi64;c2scsi64;c:\windows\system32\DRIVERS\c2scsi64.sys [2009-07-24 167920]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]

S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [2010-05-20 34840]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-11 271424]

S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]

S1 sensorsview;sensorsview;c:\program files (x86)\SensorsViewPro42\drv\sensorsview32_64.sys [2008-07-26 14544]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-26 237400]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-10-26 119640]

S1 VD_FileDisk;VD_FileDisk; [x]

S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2012/10/15 16:53];c:\program files (x86)\HP\DVDPlay\000.fcl [2009-10-29 21:37 146928]

S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/05 13:47];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 148976]

S2 ACT2_Service;Ashampoo Core Tuner 2 Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [2011-08-22 1421216]

S2 ACT2PM;Ashampoo CoreTuner 2 ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [2011-06-10 15160]

S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-10-26 37280]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]

S2 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2013-03-01 127216]

S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2013-03-01 2649840]

S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]

S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\Comodo\launcher_service.exe [2012-08-23 70352]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]

S2 CrossLoopService;CrossLoop Service;c:\users\robin\AppData\Local\CrossLoop\CrossLoopService.exe [2012-01-06 569072]

S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2012-02-28 3128856]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 GPPService;GPPService;c:\program files (x86)\GPPSoft\GPP Remote Server\GPP Remote Service.exe [2012-12-08 31232]

S2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2013-03-08 1677080]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-10-07 375176]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]

S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2010-12-03 341296]

S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2012-01-31 34048]

S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-04-20 75248]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-10-25 793056]

S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]

S2 SpyroService;Spyro Portal Service;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe [2012-09-20 50688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-05 92632]

S2 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]

S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]

S3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);c:\windows\system32\DRIVERS\vaclcskd.sys [2009-12-05 66016]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-08-24 1885792]

S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]

S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-06-23 82816]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 146264]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-06-20 14:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-10 04:43 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-13 05:53]

.

2013-04-10 c:\windows\Tasks\AutoKMS.job

- c:\autokms\AutoKMS.exe [2013-03-25 13:51]

.

2013-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6d55976a0201.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10 20:48]

.

2013-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10 20:48]

.

2013-04-10 c:\windows\Tasks\{4D320239-786C-402E-85E4-E4A986D1A5EA}.job

- c:\programdata\CloudSoft\ContinueToSave\ContinueToSave.exe [2013-01-17 19:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-02-23 10:17 261624 ----a-w- c:\users\robin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-02-23 10:17 261624 ----a-w- c:\users\robin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-02-23 10:17 261624 ----a-w- c:\users\robin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]

"priPrinterTray"="c:\program files\priPrinter\pritray.exe" [2013-03-24 38648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm

IE: &Add animation to IncrediMail Style Box - c:\program files (x86)\IncrediMail\bin\resources\WebMenuImg.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download alle links met IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download FLV video inhoud met IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm

IE: Download met IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

TCP: DhcpNameServer = 192.168.1.1

DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} - hxxp://download.flatcast.net/objects/NpFv530.dll

FF - ProfilePath - c:\users\robin\AppData\Roaming\Mozilla\Firefox\Profiles\569q2ulw.default-1352767345455\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - ExtSQL: 2013-02-25 10:09; adblocker@avast.com; c:\program files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi

FF - ExtSQL: 2013-02-25 18:49; firefox@mega.co.nz; c:\users\robin\AppData\Roaming\Mozilla\Firefox\Profiles\569q2ulw.default-1352767345455\extensions\firefox@mega.co.nz.xpi

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

ShellExecuteHooks-UPB:{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

SafeBoot-SBPIMSvc

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)

AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dMC Power Pack - c:\windows\system32\SpoonUninstall.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-LEGO Racers - c:\windows\IsUn0413.exe

AddRemove-WYSIWYG_Web_Builder_8 - c:\windows\iun6002.exe

AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\programdata\Download and Sa\uninstall.exe

AddRemove-{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} - c:\programdata\{0ACE0403-C75D-488C-A403-7A57E9848B62}\iMesh_V10_en_Setup.exe

AddRemove-Fishing Craze Deluxe - c:\users\robin\AppData\Local\Zylom Games\Fishing Craze Deluxe\GameInstlr.exe

AddRemove-PassportPhoto - c:\program files (x86)\PassportPhoto\Uninstall.exe

.

.

"ImagePath"="system32\DRIVERS\atksgt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\audiodg.exe pid: 5936 2C: C:]

--

"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\conhost.exe pid: 2560 28: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\conhost.exe pid: 5352 24: C:]

--

"ImagePath"="System32\Drivers\CSN5PDTS82x64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\csrss.exe pid: 964 40: C:]

--

"ImagePath"="system32\DRIVERS\dtsoftbus01.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\dwm.exe pid: 1332 28: C:]

--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\exfat]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\explorer.exe pid: 1816 3C: C:]

--

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\lsm.exe pid: 1052 214: C:]

--

"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SearchIndexer.exe pid: 5028 3C: C:]

--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ServiceModelService 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\services.exe pid: 1036 4C: C:]

--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\shieldm]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\sidebar.exe pid: 4648 48: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\sidebar.exe pid: 4648 130: C:]

--

"ImagePath"="%SystemRoot%\System32\spoolsv.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\spoolsv.exe pid: 2224 34: C:]

--

"ImagePath"="\SystemRoot\system32\drivers\storvsc.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 1144 90: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 1316 194: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 1400 38: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 1464 38: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 1492 38: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 1612 38: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 2256 38: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 2292 38: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 2984 38: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 3704 98: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 4976 94: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 5248 9C: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\svchost.exe pid: 6184 90: C:]

--

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wmplayer.exe pid: 6684 5C: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wmpnetwk.exe pid: 3856 40: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ALSysIO]

"ImagePath"=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\cpuz133]

"ImagePath"=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\HyperDeskCustomThemeEnabler]

"ImagePath"="\"c:\windows\Installer\MSIE4B7.tmp\" -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]

"ImagePath"="\??\c:\program files (x86)\HP\DVDPlay\000.fcl"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"=""

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-649540913-2565671888-2073646634-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):59,20,86,00,3f,01,02,6c,42,37,94,0d,7c,1b,58,bb,03,6a,54,b5,5a,

54,ed,ed,0d,0c,d8,77,4b,ca,eb,5b,dc,e4,8d,9f,ac,c1,9f,5c,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-649540913-2565671888-2073646634-1000_Classes\Wow6432Node\CLSID\{d7aa87f0-6417-4943-9e19-63b7fbdd6275}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000c4

"Therad"=dword:0000001e

"SpecVersion"=dword:0000004d

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB44881D-19AA-8BFF-B6BC-E5FDC57CF3A2}\InProcServer32*]

"iafkihiibfdfblepad"=hex:66,61,6c,6a,6d,6b,6c,65,6e,6e,65,69,00,00

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

"OODLED04.00.00.01PRO"="E01AA38E125A55C21CB7EC7663B616C29AFAD9D7F7C8F913C563190A8F84265882DD2653ACDB48E438125B2CCE9A1A403942DA0FFB4C25496EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A2D97226D213B555C038D530D6EB3452A0DF07C387D1E9DC399C00F51842016C4CD555EFC447300A3E1E08888D6AB75618AEEF16338736DE62CF14031C1548D11707071B4B43AB7D1C22DB3B66680223D70529C7D03B1493C6D69974CA62AE2435EC125C2CCE1169F1155FECACE8614E27A97C9C348D3B6E31F5E372C859C7CA10E7F0E100476ACAE916D46F86977A889199962B37168AF32BA6A67B419ECAC2578E03ADE07A69B274F865E9A0101518E90109E1B45E05BD09947EDD61C71219FC290C956C2E6044C3C29CD62AE49FD541C6C9FD0F64CF7C5FA0E940D9DF9BF03637B2C3C69AC8B74FAEEB85D619AAAF7281B194AA1AB37086DFC91B61660C837C6803B4156B3DDAD02B27975F276A2597FAFE0DEE65A0F11C9966BAB04EA99A90A36CBA03407E8CC9D98684FD7AB84D913551A24A212769814BE8BF86FEDF17F281427C3E2DEE417C12A617727691D084E23066AB1AFCD45AA5DEA023533C6AE84FBBF27A3B98806FDE08EE016E176D596A043B8892FC48920CBCA34D1A729CFD10746CEEE326E8EE7D0F7C71AC0C74BAE81AD85941A469D41858E64E1659C77FF76C89541BE7A8096285898EEBDA4A1AAC24CB9BCF95F114166B5BF37E6B1E01F18542EA415105913115AE29DF90682ABA37734E5C9530048594C5907E49DF579809DD74307BD59FC650DB14AC5EDBE4C8CC82F7790F079E1D56BDF73533E51D40207B38B3A0080E322AD227EA974706C34203202C106C204317310635929BB06D5C8B7F8BA19B7B337CABBEA7B6DE8CC959CED3EECAE90B16A0E01607700033DA2F561B6C03A34D42824F3963586CBC303716A32F939EA3E4A2610CA3FC250C747273DB7D6ACA27895CFD7B93BB4C9FFCE45CA350E53E7434AF9B4BFA8AB464DB5FD1995BA54BF768104BEBA24871026D50FAED275E8CC7BD3CCBBF7010E72B679633AE16A4F56C70051B76EC855F726ECB1C1DFDC0E3316DA3045659278E13A01BAC79317BAEF767872B0CC1A030C5A50B40D39370B485E225277F04918C90C3D329DCA4DFEE52C948099FE76A10156AA83BB51879FEDC74E16F322C30D75FC38C643FDD304277C35B96A797D7C2BA47A0B46BB409DB95A9E16967070AFDFBC5F4F18B3BEBC824B9390C21FE811B577C56A8A1007172CF3E0DF49D3ACA1C2A232037B011B537DCC2BEF30C3DA483CFFC8D650A8AA70271A4B4475562C166EEE985EDA0A8D6D56A27ABACEAE922794CF1EF90D6D4C4DD247F89EA150CDF24955A8024D1BB39"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\CleanMem\mini_monitor.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\GPPSoft\GPP Remote Server\GPPRS.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\SysWOW64\IoctlSvc.exe

c:\program files (x86)\GPPSoft\GPP Remote Server\GPPRS.exe

c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Voltooingstijd: 2013-04-10 12:41:30 - machine werd herstart

ComboFix-quarantined-files.txt 2013-04-10 10:41

.

Pre-Run: 255.927.463.936 bytes beschikbaar

Post-Run: 257.638.670.336 bytes beschikbaar

.

- - End Of File - - 0641401A133D343FB364ED794392AEB6

[kape]

Combofix heeft heel wat ongewenst spul opgeruimd. Blijkbaar heb je ook Hitman Pro op deze PC. Is dat een up-to-date-versie ? Zo ja, laat deze ook nog eens scannen.

[Gast Robin Hofman]

Hitman pro is versie 3.4 online is 3.7 beschikbaar zal hem eens opnieuw instaleren en even een scan doen , ik kan ondertussen weer gewoon printen weet niet waardoor maar elke opdracht die ik nu verzend komt gewoon aan.

- - - Updated - - -

hitman scan loopt zal alleen als hij wat vind wat meer werk hebben met handmatig verwijderen aangezien de license is verlopen

[Gast Robin Hofman]

HitmanPro 3.7.3.193

Home - SurfRight

Computer name . . . . : HOFMAN

Windows . . . . . . . : 6.1.1.7601.X64/4

User name . . . . . . : HOFMAN\robin

UAC . . . . . . . . . : Enabled

License . . . . . . . : Pro

Scan date . . . . . . : 2013-04-10 15:17:07

Scan mode . . . . . . : Normal

Scan duration . . . . : 8m 5s

Disk access mode . . : Direct disk access (SRB)

Cloud . . . . . . . . : Internet

Reboot . . . . . . . : Yes

Threats . . . . . . . : 8

Traces . . . . . . . : 59

Objects scanned . . . : 3.912.094

Files scanned . . . . : 107.501

Remnants scanned . . : 864.468 files / 2.940.125 keys

Malware _____________________________________________________________________

C:\$RECYCLE.BIN\S-1-5-21-649540913-2565671888-2073646634-1000\$R61KVSZ.878\HP\Activation\32 Patch\hitmanpro.3.7.x.(x86)-patch.exe -> Quarantined

Size . . . . . . . : 77.312 bytes

Age . . . . . . . : 0.0 days (2013-04-10 14:34:45)

Entropy . . . . . : 7.6

SHA-256 . . . . . : 8F665ECF872A04F75EC92082DFCECAB49AAC5833FC874C3011271FCCF4D3731A

> G Data . . . . . . : Gen:Trojan.Heur.FU.euW@aytgAkf (Engine A)

Fuzzy . . . . . . : 116.0

C:\$RECYCLE.BIN\S-1-5-21-649540913-2565671888-2073646634-1000\$R61KVSZ.878\HP\Activation\64 Patch\hitmanpro.3.7.x.(x64)-patch.exe -> Quarantined

Size . . . . . . . : 77.312 bytes

Age . . . . . . . : 0.0 days (2013-04-10 14:34:45)

Entropy . . . . . : 7.6

SHA-256 . . . . . : 3E419D594A947529241FA092E622713A0E6236FF80B507C958B62A06EE13DEF9

> G Data . . . . . . : Gen:Trojan.Heur.FU.euW@aytgAkf (Engine A)

Fuzzy . . . . . . : 116.0

C:\Program Files (x86)\LeeGT-Games\Royal Envoy 2 Collectors Edition\Royal Envoy 2 Collector's Edition.exe -> Quarantined

Size . . . . . . . : 5.317.784 bytes

Age . . . . . . . : 382.0 days (2012-03-24 14:24:07)

Entropy . . . . . : 7.6

SHA-256 . . . . . : 478A17F638388742D6DEC621F0B8419F197D24BE90AD2B51036A9D2F3F4A66F1

RSA Key Size . . . : 2048

Authenticode . . . : Invalid

> Ikarus . . . . . . : Trojan.Crypt!IK

Fuzzy . . . . . . : 118.0

References

C:\Users\Public\Desktop\Royal Envoy 2 Collectors Edition.lnk

C:\Users\robin\Desktop\GAMES\oudere\kan weg\Royal Envoy 2 Collectors Edition.lnk

C:\Program Files\priPrinter\Patch.exe -> Quarantined

Size . . . . . . . : 799.744 bytes

Age . . . . . . . : 0.2 days (2013-04-10 11:11:03)

Entropy . . . . . : 6.9

SHA-256 . . . . . : 8D86354018E98F6B4D8EE61AD9227860B438C5872C7006FF000B06E8BFC6CCA8

Product . . . . . : priPrinter Professional v5.5.0.2024 Patch

Publisher . . . . : .:[RiF]:.

Description . . . : priPrinter Professional v5.5.0.2024 Patch

Version . . . . . : 2013.4.1.1

Copyright . . . . : Copyright ⓒ 2010-2013

> G Data . . . . . . : Trojan.Generic.8889119

Fuzzy . . . . . . : 94.0

C:\Users\robin\Documents\Downloads\Programs\_.exe -> Quarantined

Size . . . . . . . : 420.412 bytes

Age . . . . . . . : 10.6 days (2013-03-31 01:32:11)

Entropy . . . . . : 7.9

SHA-256 . . . . . : A92E90921AF8DEB74A8D294E9C18A47E9A82EBAF441939FCE9AC3BFD8DF78FA0

Product . . . . . : Game

Publisher . . . . :

Description . . . : Game Setup

Version

Copyright . . . . :

> Emsisoft . . . . . : Trojan.Win32.Agent.amn!A2

Fuzzy . . . . . . : 112.0

C:\Users\robin\Documents\Downloads\Programs\earth_demo.exe -> Quarantined

Size . . . . . . . : 8.228.864 bytes

Age . . . . . . . : 181.6 days (2012-10-11 00:22:34)

Entropy . . . . . : 6.8

SHA-256 . . . . . : C356FFD559BEC0E27F57E7227604251BCD02B0845077C4E59F0DFBBDF0D9B695

> Ikarus . . . . . . : Trojan-Dropper.Win32.Daws!IK

Fuzzy . . . . . . : 106.0

C:\Users\robin\Documents\Downloads\Programs\storm_demo.exe -> Quarantined

Size . . . . . . . : 5.070.848 bytes

Age . . . . . . . : 181.6 days (2012-10-11 00:23:49)

Entropy . . . . . : 5.0

SHA-256 . . . . . : 9C9D73AB16CF0056DA0B6A1E2463A40106FE8CE5ED19BE1A78AA62A8FBE5C66B

> Ikarus . . . . . . : Trojan-Dropper.Win32.Daws!IK

Fuzzy . . . . . . : 106.0

C:\Users\robin\Podcasts\tcshalo.exe -> Deleted

Size . . . . . . . : 636.065 bytes

Age . . . . . . . : 74.8 days (2013-01-25 20:51:58)

Entropy . . . . . : 5.2

SHA-256 . . . . . : D8C7AE805D2CF3A2D44761163A3DF8A4235EB2829D4B2265BF01A1DC17FE119F

> G Data . . . . . . : Trojan.Generic.1816409 (Engine-A)

> Ikarus . . . . . . : Trojan.SuspectCRC!IK

Fuzzy . . . . . . : 106.0

References

HKU\S-1-5-21-649540913-2565671888-2073646634-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\robin\Podcasts\tcshalo.exe

HKU\S-1-5-21-649540913-2565671888-2073646634-1024\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\robin\Podcasts\tcshalo.exe

Suspicious files ____________________________________________________________

C:\games\Build-a-lot - On Vacation NL\Buildalot6.exe

Size . . . . . . . : 4.142.424 bytes

Age . . . . . . . : 409.2 days (2012-02-26 10:08:40)

Entropy . . . . . : 7.8

SHA-256 . . . . . : B4558F69D7325228E1C4338E139A91447C5E66005C8DCFB043E8DDC1ACD694F5

Product . . . . . : Build-a-lot: On Vacation

Publisher . . . . : HipSoft

Description . . . : Buildalot6

Version . . . . . : 1.0.0.1

Copyright . . . . : Copyright © 2011, HipSoft LLC

RSA Key Size . . . : 1024

Authenticode . . . : Invalid

Fuzzy . . . . . . : 29.0

Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.

Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

Program contains PE structure anomalies. This is not typical for most programs.

References

C:\Users\robin\Desktop\GAMES\oudere\kan weg\Buildalot6 - Snelkoppeling.lnk

HKU\S-1-5-21-649540913-2565671888-2073646634-1024\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\games\Build-a-lot - On Vacation NL\Buildalot6.exe

C:\games\Farm Frenzy - Viking Heroes\FarmFrenzy_Vikings.exe

Size . . . . . . . : 6.124.888 bytes

Age . . . . . . . : 542.7 days (2011-10-15 22:00:31)

Entropy . . . . . : 7.7

SHA-256 . . . . . : 19057294F34E5B5583E256E483424C8B19546BB98A6FCF765C1A76BCFCEAE131

Product . . . . . : Farm Frenzy 3

Description . . . : Farm Frenzy 3

Version . . . . . : 0.5.0

RSA Key Size . . . : 1024

Authenticode . . . : Invalid

Fuzzy . . . . . . : 27.0

Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.

Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

Authors name is missing in version info. This is not common to most programs.

Program contains PE structure anomalies. This is not typical for most programs.

References

C:\Users\robin\Desktop\GAMES\oudere\kan weg\FarmFrenzyVikings.lnk

C:\games\Fate of the Pharaoh\Pharaoh.exe

Size . . . . . . . : 1.656.152 bytes

Age . . . . . . . : 409.2 days (2012-02-26 10:03:00)

Entropy . . . . . : 6.5

SHA-256 . . . . . : F0240DF680E9DF0B206751FCAE52EA80565D33D2461BA9812F0631981AC9D882

RSA Key Size . . . : 1024

Authenticode . . . : Invalid

Fuzzy . . . . . . : 26.0

Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.

Authors name is missing in version info. This is not common to most programs.

Version control is missing. This file is probably created by an individual. This is not typical for most programs.

References

C:\Users\robin\Desktop\GAMES\oudere\kan weg\Pharaoh - Snelkoppeling.lnk

C:\Windows\SysWOW64\DBCLIENT.DLL

Size . . . . . . . : 210.032 bytes

Age . . . . . . . : 1090.0 days (2010-04-16 16:01:02)

Entropy . . . . . : 6.4

SHA-256 . . . . . : 8395C8F23C50D2203FC3F4A9847ABADDF6F240C593E17A4B3625F3985F423236

Publisher . . . . : Inprise Corporation

Description . . . : Borland Database Engine

Version . . . . . : 5.0.1.32

Copyright . . . . : Copyright Inprise Corp. 1991-1998

RSA Key Size . . . : 512

Authenticode . . . : Self-signed

Fuzzy . . . . . . : 26.0

Program is code signed with a weak certificate. This is common to malware.

Program is code self-signed.

The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.

C:\Windows\SysWOW64\White_Christmas_3D_Screensaver.scr

Size . . . . . . . : 2.558.496 bytes

Age . . . . . . . : 474.8 days (2011-12-22 20:37:51)

Entropy . . . . . : 6.8

SHA-256 . . . . . : 11CB475B6D15A97456FAD4CE3F3FD492A17DE1006A6A486CE1BE8BC28547EEE0

Product . . . . . : White Christmas 3D Screensaver

Publisher . . . . : 3Planesoft

Description . . . : White Christmas 3D Screensaver

Version . . . . . : 1.0.0.2

Copyright . . . . : Copyright © 2011 3Planesoft. All rights reserved.

RSA Key Size . . . : 2048

Authenticode . . . : Invalid

Fuzzy . . . . . . : 22.0

Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.

The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.

D:\spelen mar\Christmas Wonderland 2 NL\christmasWonderland2.exe

Size . . . . . . . : 9.270.616 bytes

Age . . . . . . . : 101.6 days (2012-12-30 01:03:09)

Entropy . . . . . : 7.4

SHA-256 . . . . . : 28D5552FBDB2EB7A97F2CE67C3EAE911BC547DBB5A4F279EB0CF998BA155C997

Product . . . . . : Halloween Hullabaloo

Description . . . : Halloween Hullabaloo

Version . . . . . : 1,0,0,195

Copyright . . . . : Copyright © 2011

RSA Key Size . . . : 1024

Authenticode . . . : Invalid

Fuzzy . . . . . . : 24.0

Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.

Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

Program contains PE structure anomalies. This is not typical for most programs.

Authors name is missing in version info. This is not common to most programs.

References

C:\Users\robin\Desktop\GAMES\christmasWonderland2.lnk

D:\spelen mar\Sparkle\Sparkle.exe

Size . . . . . . . : 771.400 bytes

Age . . . . . . . : 695.9 days (2011-05-15 17:17:17)

Entropy . . . . . : 7.4

SHA-256 . . . . . : 05778165A2B5482F4C082E759FBC3523D1CF6F98B83A2E286E2273082E425476

RSA Key Size . . . : 1024

Authenticode . . . : Invalid

Fuzzy . . . . . . : 30.0

Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.

Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

Authors name is missing in version info. This is not common to most programs.

Version control is missing. This file is probably created by an individual. This is not typical for most programs.

References

C:\Users\robin\Desktop\GAMES\oudere\Sparkle.lnk

D:\spelen mar\THC- De Tribloos - kopie\TheTribloos.exe

Size . . . . . . . : 3.294.552 bytes

Age . . . . . . . : 448.0 days (2012-01-18 14:06:19)

Entropy . . . . . : 7.7

SHA-256 . . . . . : 5B0C594EB30DCBDFF92E1DFE80A2127235A7E004A74311BBF8DA5BB30D5255CC

RSA Key Size . . . : 1024

Authenticode . . . : Invalid

Fuzzy . . . . . . : 35.0

Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.

Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

Authors name is missing in version info. This is not common to most programs.

Version control is missing. This file is probably created by an individual. This is not typical for most programs.

Program contains PE structure anomalies. This is not typical for most programs.

References

C:\Users\robin\Desktop\GAMES\oudere\TheTribloos - Snelkoppeling.lnk

Potential Unwanted Programs _________________________________________________

C:\Users\robin\AppData\LocalLow\BabylonToolbar\ (Babylon)

HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon)

HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)

HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)

HKLM\SOFTWARE\Classes\Wow6432Node\AppID\secman.DLL\ (Babylon)

HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ (Babylon)

HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)

HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1000\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1000\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1000\Software\Softonic\ (Softonic)

HKU\S-1-5-21-649540913-2565671888-2073646634-1000_Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1000_Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1000_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1000_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1003\Software\BabylonToolbar\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)

HKU\S-1-5-21-649540913-2565671888-2073646634-1003\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1003\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1003\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1003\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1024_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1024_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1024_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1024_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1024_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1024_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)

HKU\S-1-5-21-649540913-2565671888-2073646634-1024_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)

[kape]

Combofix heeft er voor gezorgd dat het probleem met het printen opgelost is. Doe nu nog even dit:

Download AdwCleaner by Xplode naar je bureaublad.

Sluit alle openstaande vensters.

• Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  
• Voor XP: Gewoon dubbelklikken op AdwCleaner.
  
• Klik vervolgens op Verwijderen.
  
• Klik bij AdwCleaner – Informatie op OK
  
• Klik bij AdwCleaner – Herstarten Noodzakelijk op OK
  

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal. Nadat de PC opnieuw is opgestart, opent een logfile. Post de inhoud van dit log in je volgende bericht.

[Gast Robin Hofman]

# AdwCleaner v2.200 - Verslag gemaakt op 10/04/2013 om 20:43:42

# Geactualiseerd op 02/04/2013 door Xplode

# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)

# Gebruiker : robin - HOFMAN

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : I:\adwcleaner.exe

# Optie [Zoeken]

***** [Diensten] *****

***** [Files / Mappen] *****

File Aanwezig : C:\Users\robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

File Aanwezig : C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url

File Aanwezig : C:\Users\robin\Desktop\QuickStores.url

File Aanwezig : C:\Windows\SysWOW64\conduitEngine.tmp

Map Aanwezig : C:\Program Files (x86)\AGI

Map Aanwezig : C:\Program Files (x86)\Conduit

Map Aanwezig : C:\Program Files (x86)\continuetosave

Map Aanwezig : C:\Program Files (x86)\DAEMON Tools Toolbar

Map Aanwezig : C:\Program Files (x86)\IncrediMail_MediaBar_Nederlands_2

Map Aanwezig : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de

Map Aanwezig : C:\ProgramData\ClickIT

Map Aanwezig : C:\ProgramData\clsoft ltd

Map Aanwezig : C:\ProgramData\InstallMate

Map Aanwezig : C:\ProgramData\Premium

Map Aanwezig : C:\ProgramData\RightClick

Map Aanwezig : C:\ProgramData\Trymedia

Map Aanwezig : C:\Users\robin\AppData\Local\APN

Map Aanwezig : C:\Users\robin\AppData\Local\Conduit

Map Aanwezig : C:\Users\robin\AppData\Local\PackageAware

Map Aanwezig : C:\Users\robin\AppData\LocalLow\AGI

Map Aanwezig : C:\Users\robin\AppData\LocalLow\BabylonToolbar

Map Aanwezig : C:\Users\robin\AppData\LocalLow\Conduit

Map Aanwezig : C:\Users\robin\AppData\LocalLow\ConduitEngine

Map Aanwezig : C:\Users\robin\AppData\LocalLow\Download and Sa

Map Aanwezig : C:\Users\robin\AppData\LocalLow\facemoods.com

Map Aanwezig : C:\Users\robin\AppData\LocalLow\IncrediMail_MediaBar_Nederlands_2

Map Aanwezig : C:\Users\robin\AppData\LocalLow\PriceGong

Map Aanwezig : C:\Users\robin\AppData\LocalLow\Toolbar4

Map Aanwezig : C:\Users\robin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Map Aanwezig : C:\Users\robin\AppData\Roaming\QuickStoresToolbar

Map Aanwezig : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Register] *****

Sleutel Aanwezig : HKCU\Software\AGI

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\Conduit

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\conduitEngine

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\Headlight

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_Nederlands_2

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\PriceGong

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\SmartBar

Sleutel Aanwezig : HKCU\Software\AppDataLow\SProtector

Sleutel Aanwezig : HKCU\Software\AppDataLow\Toolbar

Sleutel Aanwezig : HKCU\Software\Conduit

Sleutel Aanwezig : HKCU\Software\Headlight

Sleutel Aanwezig : HKCU\Software\IM

Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}

Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95324E44-4B0A-47A9-8F77-9C6415E51C29}

Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}

Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95324E44-4B0A-47A9-8F77-9C6415E51C29}

Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Sleutel Aanwezig : HKCU\Software\Softonic

Sleutel Aanwezig : HKCU\Software\SMTTB2009

Sleutel Aanwezig : HKLM\Software\AGI

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\FCTB000062781.FCTB000062781Pos

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\FCTB000062781.IEToolbar

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\FCTB000062781.IEToolbar.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\FCTB000062781.JSOptionsImpl

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\FCTB000062781.JSOptionsImpl.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Prod.cap

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar.CT2727678

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Sleutel Aanwezig : HKLM\Software\Conduit

Sleutel Aanwezig : HKLM\Software\IncrediMail_MediaBar_Nederlands_2

Sleutel Aanwezig : HKLM\Software\INMEDIAKG\OpenCandy

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8931AC1-CFFE-48FC-9C0A-02666401677B}

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\166d7f2a8376c9730268061dcfba3071

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6e3a7825b842a7c92dc6c5545a3f7259

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a99a6f5c86e5d786f50a28213bfdca9a

Sleutel Aanwezig : HKLM\Software\SP Global

Sleutel Aanwezig : HKLM\Software\SProtector

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\FCTB000062781

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5586B441-CEED-4801-912D-55E451AF12BE}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6C524F9-A5F6-4A43-95CB-585EC6BC1E6D}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_Nederlands_2 Toolbar

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Waarde Aanwezig : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Waarde Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{95324E44-4B0A-47A9-8F77-9C6415E51C29}]

Waarde Aanwezig : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

Waarde Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.autocompletepro.com/?si=7981&bi=400

-\\ Mozilla Firefox v19.0.2 (nl)

File : C:\Users\robin\AppData\Roaming\Mozilla\Firefox\Profiles\569q2ulw.default-1352767345455\prefs.js

Aanwezig : user_pref("aol_toolbar.default.homepage.check", false);

Aanwezig : user_pref("aol_toolbar.default.search.check", false);

Aanwezig : user_pref("extensions.50a379ba6b3e2.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Aanwezig : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Aanwezig : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Aanwezig : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Aanwezig : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Aanwezig : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Aanwezig : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Aanwezig : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Aanwezig : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Aanwezig : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Aanwezig : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

-\\ Chromium vww.yandex.ru/?clid=143106

File : C:\Users\robin\AppData\Local\Chromium\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

-\\ Opera v [Onmogelijk de versie te verkrijgen]

File : C:\Users\robin\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[R1].txt - [15425 octets] - [10/04/2013 20:43:42]

########## EOF - C:\AdwCleaner[R1].txt - [15486 octets] ##########

[Gast Robin Hofman]

# AdwCleaner v2.200 - Verslag gemaakt op 10/04/2013 om 20:49:21

# Geactualiseerd op 02/04/2013 door Xplode

# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)

# Gebruiker : robin - HOFMAN

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : I:\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

File Verwijdert : C:\Users\robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

File Verwijdert : C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url

File Verwijdert : C:\Users\robin\Desktop\QuickStores.url

File Verwijdert : C:\Windows\SysWOW64\conduitEngine.tmp

Map Verwijdert : C:\Program Files (x86)\AGI

Map Verwijdert : C:\Program Files (x86)\Conduit

Map Verwijdert : C:\Program Files (x86)\continuetosave

Map Verwijdert : C:\Program Files (x86)\DAEMON Tools Toolbar

Map Verwijdert : C:\Program Files (x86)\IncrediMail_MediaBar_Nederlands_2

Map Verwijdert : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de

Map Verwijdert : C:\ProgramData\ClickIT

Map Verwijdert : C:\ProgramData\clsoft ltd

Map Verwijdert : C:\ProgramData\InstallMate

Map Verwijdert : C:\ProgramData\Premium

Map Verwijdert : C:\ProgramData\RightClick

Map Verwijdert : C:\ProgramData\Trymedia

Map Verwijdert : C:\Users\robin\AppData\Local\APN

Map Verwijdert : C:\Users\robin\AppData\Local\Conduit

Map Verwijdert : C:\Users\robin\AppData\Local\PackageAware

Map Verwijdert : C:\Users\robin\AppData\LocalLow\AGI

Map Verwijdert : C:\Users\robin\AppData\LocalLow\BabylonToolbar

Map Verwijdert : C:\Users\robin\AppData\LocalLow\Conduit

Map Verwijdert : C:\Users\robin\AppData\LocalLow\ConduitEngine

Map Verwijdert : C:\Users\robin\AppData\LocalLow\Download and Sa

Map Verwijdert : C:\Users\robin\AppData\LocalLow\facemoods.com

Map Verwijdert : C:\Users\robin\AppData\LocalLow\IncrediMail_MediaBar_Nederlands_2

Map Verwijdert : C:\Users\robin\AppData\LocalLow\PriceGong

Map Verwijdert : C:\Users\robin\AppData\LocalLow\Toolbar4

Map Verwijdert : C:\Users\robin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Map Verwijdert : C:\Users\robin\AppData\Roaming\QuickStoresToolbar

Map Verwijdert : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Register] *****

Sleutel Verwijdert : HKCU\Software\AGI

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\conduitEngine

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Headlight

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_Nederlands_2

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\PriceGong

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar

Sleutel Verwijdert : HKCU\Software\AppDataLow\SProtector

Sleutel Verwijdert : HKCU\Software\AppDataLow\Toolbar

Sleutel Verwijdert : HKCU\Software\Conduit

Sleutel Verwijdert : HKCU\Software\Headlight

Sleutel Verwijdert : HKCU\Software\IM

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95324E44-4B0A-47A9-8F77-9C6415E51C29}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95324E44-4B0A-47A9-8F77-9C6415E51C29}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Sleutel Verwijdert : HKCU\Software\Softonic

Sleutel Verwijdert : HKCU\Software\SMTTB2009

Sleutel Verwijdert : HKLM\Software\AGI

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\FCTB000062781.FCTB000062781Pos

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\FCTB000062781.IEToolbar

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\FCTB000062781.IEToolbar.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\FCTB000062781.JSOptionsImpl

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\FCTB000062781.JSOptionsImpl.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2727678

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Sleutel Verwijdert : HKLM\Software\Conduit

Sleutel Verwijdert : HKLM\Software\IncrediMail_MediaBar_Nederlands_2

Sleutel Verwijdert : HKLM\Software\INMEDIAKG\OpenCandy

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8931AC1-CFFE-48FC-9C0A-02666401677B}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\166d7f2a8376c9730268061dcfba3071

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6e3a7825b842a7c92dc6c5545a3f7259

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a99a6f5c86e5d786f50a28213bfdca9a

Sleutel Verwijdert : HKLM\Software\SP Global

Sleutel Verwijdert : HKLM\Software\SProtector

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\FCTB000062781

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5586B441-CEED-4801-912D-55E451AF12BE}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6C524F9-A5F6-4A43-95CB-585EC6BC1E6D}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_Nederlands_2 Toolbar

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{95324E44-4B0A-47A9-8F77-9C6415E51C29}]

Waarde Verwijdert : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.autocompletepro.com/?si=7981&bi=400 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (nl)

File : C:\Users\robin\AppData\Roaming\Mozilla\Firefox\Profiles\569q2ulw.default-1352767345455\prefs.js

C:\Users\robin\AppData\Roaming\Mozilla\Firefox\Profiles\569q2ulw.default-1352767345455\user.js ... Verwijdert !

Verwijdert : user_pref("aol_toolbar.default.homepage.check", false);

Verwijdert : user_pref("aol_toolbar.default.search.check", false);

Verwijdert : user_pref("extensions.50a379ba6b3e2.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Verwijdert : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Verwijdert : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Verwijdert : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Verwijdert : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Verwijdert : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Verwijdert : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Verwijdert : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Verwijdert : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

-\\ Chromium vww.yandex.ru/?clid=143106

File : C:\Users\robin\AppData\Local\Chromium\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

-\\ Opera v [Onmogelijk de versie te verkrijgen]

File : C:\Users\robin\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[R1].txt - [15514 octets] - [10/04/2013 20:43:42]

AdwCleaner[s1].txt - [334 octets] - [10/04/2013 20:46:10]

AdwCleaner[s2].txt - [16053 octets] - [10/04/2013 20:49:21]

########## EOF - C:\AdwCleaner[s2].txt - [16114 octets] ##########

[kape]

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Sluit alle openstaande vensters

Start AdwCleaner en klik Deinstallatie.

Klik op "Ja"

AdwCleaner is nu verwijderd van je pc.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). Hoe je de herstelpunten verwijdert lees je hier.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.

[Gast Robin Hofman]

Ik kan weer printen dus ja mijn probleem is hiermee opgelost.

Mag ik jullie hier hartelijk voor bedanken daarom maar even een werkende versie voor hitman pro x86 en x64,

Mocht ik jullie ooit van dienst kunnen zijn schroom me dan niet om te vragen ik sta graag voor jullie klaar.

Groetjes Robin Klik hier voor hitman