Ga naar inhoud

explorer.exe werkt niet meer


Stroekes

Aanbevolen berichten

Hallo,

Ik heb sinds enkele maanden het probleem zoals beschreven in deze archief-post: http://www.pc-helpforum.be/f182/problemen-met-windows-32717/ .

De problemen komen en gaan in vlagen, soms werkt hij weken weer goed, de andere keer is er niets mee aan te vangen. Het probleem is dus dat windows explorer blijft vasthangen, waardoor ik alle programma's waar ik als administrator moet voor aangemeld zijn niet kan openen. Ook games en soms banale programma's reageren niet als je ze probeert te openen. Verder geraak ik zeer traag afgemeld tenzij ik op forceren klik, doordat ik moet wachten op explorer.exe. Ik weet niet of dit ermee te maken heeft, maar het valt me ook op dat adobe flash player vaak crasht wanneer ik bvb. facebook gebruik. Wanneer de problemen zich voordoen speelt het aanmeldingsgeluid niet af.

Opvallend is ook dat als ik de pc een tijdje laat rusten (zo'n kwartier à half uur) explorer.exe zich blijkbaar herstelt en de programma's wel ineens allemaal open gaan (vaak gepaard met heel wat beveiligingsvragen).

Ik geef hieronder meteen een hijackthis logfile mee. Hopelijk kan iemand me helpen zoals dat hierboven is gebeurd, alvast bedankt!

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 11:45:50, on 19/08/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16660)

CHROME: 28.0.1500.95

FIREFOX: 17.0 (nl)

Boot mode: Normal

Running processes:

C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe

C:\Windows\DAODx.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe

C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stroek\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stroek\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

O4 - HKCU\..\Run: [beid] C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Stroek\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Stroek\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Stroek\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9309 bytes

Link naar reactie
Delen op andere sites

Logje ziet er probleemloos uit.

Download 51a5bf3d99e8a-ComboFixlogo16.pngComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

  • Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  • Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  • Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  • Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  • Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  • Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  • Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  • Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  • Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.

  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Illegal operation attempted on a registry key that has been marked for deletion.

Link naar reactie
Delen op andere sites

Alvast bedankt om zo snel te reageren! Combofix liep probleemloos, de log volgt hieronder.

ComboFix 13-08-19.02 - Stroek 20/08/2013 11:16:53.1.6 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.4094.2791 [GMT 2:00]

Gestart vanuit: c:\users\Stroek\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Public\38.doc

c:\windows\IsUn0413.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-07-20 to 2013-08-20 ))))))))))))))))))))))))))))))

.

.

2013-08-20 09:24 . 2013-08-20 09:24 -------- d-----w- c:\users\Dominique\AppData\Local\temp

2013-08-20 09:24 . 2013-08-20 09:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-20 08:56 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{977211E5-250F-491E-8CD7-AF6DD770ED8F}\mpengine.dll

2013-08-18 21:05 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-08-16 12:17 . 2013-08-16 12:17 -------- d-----w- c:\programdata\Solidshield

2013-08-16 10:15 . 2013-08-16 10:15 -------- d-----w- c:\program files (x86)\Microsoft WSE

2013-08-15 01:01 . 2013-08-15 01:03 -------- d-----w- c:\windows\system32\MRT

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-15 01:01 . 2011-02-22 18:57 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-07-28 10:43 . 2012-11-12 17:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-28 10:43 . 2012-11-12 17:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-17 15:12 . 2013-07-17 15:12 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C94D217-5337-416F-8AFF-D393E37304E4}\gapaengine.dll

2013-07-09 04:45 . 2013-08-14 06:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-06-20 22:06 . 2013-06-20 22:06 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-06-05 03:34 . 2013-07-10 11:21 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-10 11:21 624128 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-10 11:21 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2013-05-30 21:49 . 2013-05-30 21:49 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-05-30 21:49 . 2013-05-30 21:49 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-05-30 21:49 . 2013-05-30 21:49 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-05-30 21:49 . 2013-05-30 21:49 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-05-30 21:49 . 2013-05-30 21:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-05-30 21:49 . 2013-05-30 21:49 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-05-30 21:49 . 2013-05-30 21:49 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-05-30 21:49 . 2013-05-30 21:49 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-05-30 21:49 . 2013-05-30 21:49 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-05-30 21:49 . 2013-05-30 21:49 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-05-30 21:49 . 2013-05-30 21:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-05-30 21:49 . 2013-05-30 21:49 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-05-30 21:49 . 2013-05-30 21:49 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-05-30 21:49 . 2013-05-30 21:49 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-05-30 21:49 . 2013-05-30 21:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-05-30 21:49 . 2013-05-30 21:49 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-05-30 21:49 . 2013-05-30 21:49 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-05-30 21:49 . 2013-05-30 21:49 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-05-30 21:49 . 2013-05-30 21:49 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-05-30 21:49 . 2013-05-30 21:49 81408 ----a-w- c:\windows\system32\icardie.dll

2013-05-30 21:49 . 2013-05-30 21:49 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-05-30 21:49 . 2013-05-30 21:49 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-05-30 21:49 . 2013-05-30 21:49 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-05-30 21:49 . 2013-05-30 21:49 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-05-30 21:49 . 2013-05-30 21:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-05-30 21:49 . 2013-05-30 21:49 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-05-30 21:49 . 2013-05-30 21:49 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-05-30 21:49 . 2013-05-30 21:49 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-05-30 21:49 . 2013-05-30 21:49 441856 ----a-w- c:\windows\system32\html.iec

2013-05-30 21:49 . 2013-05-30 21:49 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-05-30 21:49 . 2013-05-30 21:49 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-05-30 21:49 . 2013-05-30 21:49 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-05-30 21:49 . 2013-05-30 21:49 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-05-30 21:49 . 2013-05-30 21:49 235008 ----a-w- c:\windows\system32\url.dll

2013-05-30 21:49 . 2013-05-30 21:49 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-05-30 21:49 . 2013-05-30 21:49 216064 ----a-w- c:\windows\system32\msls31.dll

2013-05-30 21:49 . 2013-05-30 21:49 197120 ----a-w- c:\windows\system32\msrating.dll

2013-05-30 21:49 . 2013-05-30 21:49 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-05-30 21:49 . 2013-05-30 21:49 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-05-30 21:49 . 2013-05-30 21:49 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-05-30 21:49 . 2013-05-30 21:49 149504 ----a-w- c:\windows\system32\occache.dll

2013-05-30 21:49 . 2013-05-30 21:49 144896 ----a-w- c:\windows\system32\wextract.exe

2013-05-30 21:49 . 2013-05-30 21:49 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-05-30 21:49 . 2013-05-30 21:49 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-05-30 21:49 . 2013-05-30 21:49 13824 ----a-w- c:\windows\system32\mshta.exe

2013-05-30 21:49 . 2013-05-30 21:49 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-05-30 21:49 . 2013-05-30 21:49 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-05-30 21:49 . 2013-05-30 21:49 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-05-30 21:49 . 2013-05-30 21:49 102912 ----a-w- c:\windows\system32\inseng.dll

2013-05-30 21:48 . 2013-05-30 21:48 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-05-30 21:48 . 2013-05-30 21:48 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-05-30 21:48 . 2013-05-30 21:48 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-05-30 21:48 . 2013-05-30 21:48 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-05-30 21:48 . 2013-05-30 21:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-05-30 21:48 . 2013-05-30 21:48 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-05-30 21:48 . 2013-05-30 21:48 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-05-30 21:48 . 2013-05-30 21:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-05-30 21:48 . 2013-05-30 21:48 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-05-30 21:48 . 2013-05-30 21:48 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-05-30 21:48 . 2013-05-30 21:48 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-05-30 21:48 . 2013-05-30 21:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-05-30 21:48 . 2013-05-30 21:48 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-05-30 21:48 . 2013-05-30 21:48 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-05-30 21:48 . 2013-05-30 21:48 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-05-30 21:48 . 2013-05-30 21:48 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-05-30 21:48 . 2013-05-30 21:48 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-05-30 21:48 . 2013-05-30 21:48 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-05-30 21:48 . 2013-05-30 21:48 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-05-30 21:48 . 2013-05-30 21:48 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2013-05-30 21:48 . 2013-05-30 21:48 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-05-30 21:48 . 2013-05-30 21:48 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-05-30 21:48 . 2013-05-30 21:48 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-05-30 21:48 . 2013-05-30 21:48 1238528 ----a-w- c:\windows\system32\d3d10.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-18 393216]

"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys;c:\windows\SYSNATIVE\DRIVERS\a38usb.sys [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;tsusbhub [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 10:44]

.

2013-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000Core.job

- c:\users\Stroek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 14:16]

.

2013-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000UA.job

- c:\users\Stroek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 14:16]

.

2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 21:18]

.

2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 21:18]

.

2013-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000Core.job

- c:\users\Stroek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 20:04]

.

2013-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000UA.job

- c:\users\Stroek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 20:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 2342800]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Stroek\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

TCP: DhcpNameServer = 195.130.130.131 195.130.131.131

FF - ProfilePath - c:\users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/startpage|Google

.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Stroek\AppData\Local\Akamai\netsession_win.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-120555910-2794771251-531984787-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:43,26,cb,f6,de,85,1e,6f,c1,8b,81,84,43,0e,57,bd,19,35,54,f2,e6,73,00,

92,a7,b9,ee,2f,5a,5b,b0,4f,51,a1,14,80,18,ac,9b,df,fa,be,43,ed,fa,c6,73,14,\

"??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa

.

[HKEY_USERS\S-1-5-21-120555910-2794771251-531984787-1000\Software\SecuROM\License information*]

"datasecu"=hex:d7,3c,81,c8,1a,77,fd,b1,bd,e8,50,f7,d9,77,98,f8,c0,26,b0,22,49,

d6,f7,45,5d,91,7f,9c,5a,02,26,1a,b7,f9,53,2e,39,35,3c,e0,90,6f,77,dc,f0,3d,\

"rkeysecu"=hex:f4,a1,dd,d2,a2,18,38,c1,1b,1e,14,a3,4e,36,f6,c0

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-08-20 11:25:58

ComboFix-quarantined-files.txt 2013-08-20 09:25

.

Pre-Run: 672.153.149.440 bytes free

Post-Run: 672.655.831.040 bytes free

.

- - End Of File - - 96C5368BE80EACD19E5556F639B34F24

A36C5E4F47E84449FF07ED3517B43A31

Link naar reactie
Delen op andere sites

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Schakel alle antivirus- en antispywareprogramma's uit, want deze kunnen namelijk conflicteren met ComboFix.

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Open een nieuw leeg Kladblok scherm, kopieer en plak hierin de volgende code.

 
Firefox::
FF - ProfilePath - c:\users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - 

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

CFScript.gif

Nu zal ComboFix vanzelf worden gestart.

Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.

Link naar reactie
Delen op andere sites

ComboFix 13-08-19.02 - Stroek 20/08/2013 15:06:36.2.6 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.4094.2791 [GMT 2:00]

Gestart vanuit: c:\users\Stroek\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Stroek\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-07-20 to 2013-08-20 ))))))))))))))))))))))))))))))

.

.

2013-08-20 13:15 . 2013-08-20 13:15 -------- d-----w- c:\users\Dominique\AppData\Local\temp

2013-08-20 13:15 . 2013-08-20 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-20 08:56 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{977211E5-250F-491E-8CD7-AF6DD770ED8F}\mpengine.dll

2013-08-18 21:05 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-08-16 12:17 . 2013-08-16 12:17 -------- d-----w- c:\programdata\Solidshield

2013-08-16 10:15 . 2013-08-16 10:15 -------- d-----w- c:\program files (x86)\Microsoft WSE

2013-08-15 01:01 . 2013-08-15 01:03 -------- d-----w- c:\windows\system32\MRT

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-15 01:01 . 2011-02-22 18:57 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-07-28 10:43 . 2012-11-12 17:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-28 10:43 . 2012-11-12 17:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-17 15:12 . 2013-07-17 15:12 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C94D217-5337-416F-8AFF-D393E37304E4}\gapaengine.dll

2013-07-09 04:45 . 2013-08-14 06:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-06-20 22:06 . 2013-06-20 22:06 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-06-05 03:34 . 2013-07-10 11:21 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-10 11:21 624128 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-10 11:21 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2013-05-30 21:49 . 2013-05-30 21:49 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-05-30 21:49 . 2013-05-30 21:49 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-05-30 21:49 . 2013-05-30 21:49 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-05-30 21:49 . 2013-05-30 21:49 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-05-30 21:49 . 2013-05-30 21:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-05-30 21:49 . 2013-05-30 21:49 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-05-30 21:49 . 2013-05-30 21:49 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-05-30 21:49 . 2013-05-30 21:49 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-05-30 21:49 . 2013-05-30 21:49 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-05-30 21:49 . 2013-05-30 21:49 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-05-30 21:49 . 2013-05-30 21:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-05-30 21:49 . 2013-05-30 21:49 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-05-30 21:49 . 2013-05-30 21:49 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-05-30 21:49 . 2013-05-30 21:49 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-05-30 21:49 . 2013-05-30 21:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-05-30 21:49 . 2013-05-30 21:49 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-05-30 21:49 . 2013-05-30 21:49 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-05-30 21:49 . 2013-05-30 21:49 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-05-30 21:49 . 2013-05-30 21:49 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-05-30 21:49 . 2013-05-30 21:49 81408 ----a-w- c:\windows\system32\icardie.dll

2013-05-30 21:49 . 2013-05-30 21:49 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-05-30 21:49 . 2013-05-30 21:49 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-05-30 21:49 . 2013-05-30 21:49 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-05-30 21:49 . 2013-05-30 21:49 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-05-30 21:49 . 2013-05-30 21:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-05-30 21:49 . 2013-05-30 21:49 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-05-30 21:49 . 2013-05-30 21:49 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-05-30 21:49 . 2013-05-30 21:49 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-05-30 21:49 . 2013-05-30 21:49 441856 ----a-w- c:\windows\system32\html.iec

2013-05-30 21:49 . 2013-05-30 21:49 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-05-30 21:49 . 2013-05-30 21:49 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-05-30 21:49 . 2013-05-30 21:49 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-05-30 21:49 . 2013-05-30 21:49 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-05-30 21:49 . 2013-05-30 21:49 235008 ----a-w- c:\windows\system32\url.dll

2013-05-30 21:49 . 2013-05-30 21:49 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-05-30 21:49 . 2013-05-30 21:49 216064 ----a-w- c:\windows\system32\msls31.dll

2013-05-30 21:49 . 2013-05-30 21:49 197120 ----a-w- c:\windows\system32\msrating.dll

2013-05-30 21:49 . 2013-05-30 21:49 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-05-30 21:49 . 2013-05-30 21:49 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-05-30 21:49 . 2013-05-30 21:49 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-05-30 21:49 . 2013-05-30 21:49 149504 ----a-w- c:\windows\system32\occache.dll

2013-05-30 21:49 . 2013-05-30 21:49 144896 ----a-w- c:\windows\system32\wextract.exe

2013-05-30 21:49 . 2013-05-30 21:49 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-05-30 21:49 . 2013-05-30 21:49 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-05-30 21:49 . 2013-05-30 21:49 13824 ----a-w- c:\windows\system32\mshta.exe

2013-05-30 21:49 . 2013-05-30 21:49 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-05-30 21:49 . 2013-05-30 21:49 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-05-30 21:49 . 2013-05-30 21:49 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-05-30 21:49 . 2013-05-30 21:49 102912 ----a-w- c:\windows\system32\inseng.dll

2013-05-30 21:48 . 2013-05-30 21:48 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-05-30 21:48 . 2013-05-30 21:48 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-05-30 21:48 . 2013-05-30 21:48 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-05-30 21:48 . 2013-05-30 21:48 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-05-30 21:48 . 2013-05-30 21:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-05-30 21:48 . 2013-05-30 21:48 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-05-30 21:48 . 2013-05-30 21:48 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-05-30 21:48 . 2013-05-30 21:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-05-30 21:48 . 2013-05-30 21:48 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-05-30 21:48 . 2013-05-30 21:48 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-05-30 21:48 . 2013-05-30 21:48 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-05-30 21:48 . 2013-05-30 21:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-05-30 21:48 . 2013-05-30 21:48 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-30 21:48 . 2013-05-30 21:48 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-05-30 21:48 . 2013-05-30 21:48 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-05-30 21:48 . 2013-05-30 21:48 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-05-30 21:48 . 2013-05-30 21:48 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-05-30 21:48 . 2013-05-30 21:48 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-05-30 21:48 . 2013-05-30 21:48 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-05-30 21:48 . 2013-05-30 21:48 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-05-30 21:48 . 2013-05-30 21:48 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2013-05-30 21:48 . 2013-05-30 21:48 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-05-30 21:48 . 2013-05-30 21:48 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-05-30 21:48 . 2013-05-30 21:48 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-05-30 21:48 . 2013-05-30 21:48 1238528 ----a-w- c:\windows\system32\d3d10.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-18 393216]

"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys;c:\windows\SYSNATIVE\DRIVERS\a38usb.sys [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;tsusbhub [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 10:44]

.

2013-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000Core.job

- c:\users\Stroek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 14:16]

.

2013-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000UA.job

- c:\users\Stroek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 14:16]

.

2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 21:18]

.

2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 21:18]

.

2013-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000Core.job

- c:\users\Stroek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 20:04]

.

2013-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-120555910-2794771251-531984787-1000UA.job

- c:\users\Stroek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 20:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 2342800]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Stroek\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

TCP: DhcpNameServer = 195.130.130.131 195.130.131.131

FF - ProfilePath - c:\users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-120555910-2794771251-531984787-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:43,26,cb,f6,de,85,1e,6f,c1,8b,81,84,43,0e,57,bd,19,35,54,f2,e6,73,00,

92,a7,b9,ee,2f,5a,5b,b0,4f,51,a1,14,80,18,ac,9b,df,fa,be,43,ed,fa,c6,73,14,\

"??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa

.

[HKEY_USERS\S-1-5-21-120555910-2794771251-531984787-1000\Software\SecuROM\License information*]

"datasecu"=hex:d7,3c,81,c8,1a,77,fd,b1,bd,e8,50,f7,d9,77,98,f8,c0,26,b0,22,49,

d6,f7,45,5d,91,7f,9c,5a,02,26,1a,b7,f9,53,2e,39,35,3c,e0,90,6f,77,dc,f0,3d,\

"rkeysecu"=hex:f4,a1,dd,d2,a2,18,38,c1,1b,1e,14,a3,4e,36,f6,c0

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-08-20 15:17:15

ComboFix-quarantined-files.txt 2013-08-20 13:17

ComboFix2.txt 2013-08-20 09:25

.

Pre-Run: 672.454.766.592 bytes free

Post-Run: 672.305.061.888 bytes beschikbaar

.

- - End Of File - - EE6C4DA5565B24EBE0F218BF81C4063E

A36C5E4F47E84449FF07ED3517B43A31

Link naar reactie
Delen op andere sites

Download adwcleaner.pngAdwCleaner by Xplode naar het bureaublad.

  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner om hem te starten.
  • Klik vervolgens op Verwijderen.
  • Klik bij AdwCleaner – Informatie op OK
  • Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.

Nadat de PC opnieuw is opgestart, opent een logfile.

Post aansluitend de inhoud van dit log in je volgende bericht.

Link naar reactie
Delen op andere sites

# AdwCleaner v3.000 - Report created 20/08/2013 at 16:06:34

# Updated 20/08/2013 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Stroek - STROEK-PC

# Running from : C:\Users\Stroek\Desktop\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar

Folder Deleted : C:\Users\Stroek\AppData\Roaming\dvdvideosoftiehelpers

Folder Deleted : C:\Users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\Conduit

Folder Deleted : C:\Users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\Extensions\DTToolbar@toolbarnet.com

File Deleted : C:\Users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\searchplugins\daemon-search.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj

Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v21.0 (nl)

[ File : C:\Users\Stroek\AppData\Roaming\Mozilla\Firefox\Profiles\42uyk3to.default\prefs.js ]

Line Deleted : user_pref("CT2269050..clientLogIsEnabled", true);

Line Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

Line Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

Line Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Line Deleted : user_pref("CT2269050.AppTrackingLastCheckTime", "Thu Mar 10 2011 13:41:20 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.CurrentServerDate", "10-3-2011");

Line Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");

Line Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Thu Mar 10 2011 13:41:10 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");

Line Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Thu Mar 10 2011 13:46:10 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.FirstServerDate", "10-3-2011");

Line Deleted : user_pref("CT2269050.FirstTimeFF3", true);

Line Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);

Line Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Line Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);

Line Deleted : user_pref("CT2269050.Initialize", true);

Line Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);

Line Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);

Line Deleted : user_pref("CT2269050.InstalledDate", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.InvalidateCache", false);

Line Deleted : user_pref("CT2269050.IsGrouping", false);

Line Deleted : user_pref("CT2269050.IsMulticommunity", false);

Line Deleted : user_pref("CT2269050.IsOpenThankYouPage", true);

Line Deleted : user_pref("CT2269050.IsOpenUninstallPage", true);

Line Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);

Line Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");

Line Deleted : user_pref("CT2269050.LastLogin_3.3.2.1", "Thu Mar 10 2011 13:41:10 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.LatestVersion", "3.2.5.2");

Line Deleted : user_pref("CT2269050.Locale", "en");

Line Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");

Line Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Line Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");

Line Deleted : user_pref("CT2269050.RadioIsPodcast", false);

Line Deleted : user_pref("CT2269050.RadioLastCheckTime", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");

Line Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");

Line Deleted : user_pref("CT2269050.RadioMediaID", "12473383");

Line Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");

Line Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");

Line Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");

Line Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");

Line Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);

Line Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);

Line Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

Line Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");

Line Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Thu Mar 10 2011 13:41:09 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Thu Mar 10 2011 13:41:10 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.SettingsLastUpdate", "1299585172");

Line Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);

Line Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Mar 10 2011 13:41:09 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");

Line Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");

Line Deleted : user_pref("CT2269050.UserID", "UN29215516318565458");

Line Deleted : user_pref("CT2269050.WeatherNetwork", "");

Line Deleted : user_pref("CT2269050.WeatherPollDate", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.WeatherUnit", "C");

Line Deleted : user_pref("CT2269050.alertChannelId", "666138");

Line Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com\"}");

Line Deleted : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.isAppTrackingManagerOn", true);

Line Deleted : user_pref("CT2269050.myStuffEnabled", true);

Line Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);

Line Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

Line Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

Line Deleted : user_pref("CT2269050.testingCtid", "");

Line Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Thu Mar 10 2011 13:41:10 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Thu Mar 10 2011 13:41:11 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/BE", "\"0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BE", "\"0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1280150108\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "poKjTfHs0NrVUIalKI8jyg==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"01ffa8b1cc6cb1:0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2.1", "\"0652eeacc6cb1:0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.2.1", "\"0652eeacc6cb1:0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"634333631231730000\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634339976460000000");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1299585172\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634351849102130000\"");

Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2269050");

Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");

Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "dvdvideosofttb");

Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);

Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");

Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");

Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");

Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 10 2011 13:41:10 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);

Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Mar 10 2011 13:41:18 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");

Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Mar 10 2011 13:41:09 GMT+0100 (Romance (standaardtijd))");

Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");

Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Line Deleted : user_pref("CommunityToolbar.alert.userId", "a28a2577-e81f-460d-9b42-e37271167856");

Line Deleted : user_pref("CommunityToolbar.globalUserId", "323e2b7c-f7ce-4ee2-896c-2c94bed3eec2");

Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Line Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);

-\\ Google Chrome v

[ File : C:\Users\Stroek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [14185 octets] - [20/08/2013 16:06:03]

AdwCleaner[s0].txt - [14167 octets] - [20/08/2013 16:06:34]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14228 octets] ##########

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.