malware virus

[j.van.haaren]

vorige week hebben jullie me heel goed geholpen maar op mijn andere pc heb ik het zelfde probleem.

ik krijg telkens ongewenste sites malware.

moet ik nu het zelfde doen als vorige week?

[kape]

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

[j.van.haaren]

Logfile of random's system information tool 1.09 (written by random/random)

Run by eigenaar at 2013-11-15 16:34:49

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 20 GB (13%) free of 150 GB

Total RAM: 4095 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:34:52, on 15-11-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16736)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Brother\BPRSP\resources\BrSupSsp.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files\trend micro\eigenaar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://dutch.toggle.com/nl/index.php?rvs=google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

O4 - HKLM\..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [EmbMachineComms.exe] C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe

O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Brother BPPO.lnk = ?

O8 - Extra context menu item: Openen in PDF Viewer Plus - res://C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SecretZone Assist Service (SZASSIST) - Clarus, Inc. - C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13192 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

atieclxx

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe"

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"

"taskhost.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"

"C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\SysWOW64\IoctlSvc.exe

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 2772

"C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe"

"C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler

"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

"C:\Brother\BPRSP\resources\BrSupSsp.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"

"C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"

"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Users\eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup

"C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN

"C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

-BootProc

"C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

-BootProc

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files (x86)\Browny02\BrYNSvc.exe"

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c0f353a1-cb18-4b0d-aba1-91485c88842b -SystemEventPortName:HostProcess-08016b70-354c-4bb5-a99d-725433ac28b1 -IoCancelEventPortName:HostProcess-3a36b7bb-ec3f-4fde-93cb-2bf4154393c3 -NonStateChangingEventPortName:HostProcess-84d4ea56-03e5-4f14-9ab3-f7c98454a61a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4d1f0c75-e53c-4100-9ce7-40bbd79177d0 -DeviceGroupId:WpdFsGroup

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

C:\Windows\system32\svchost.exe -k SDRSVC

"C:\Program Files (x86)\Windows Live\Mail\wlmail.exe"

"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding

"C:\Program Files\Internet Explorer\iexplore.exe" Windows 7 malware virus

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5568 CREDAT:267521 /prefetch:2

C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe -Embedding

"C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LPX2CMB\RSITx64.exe"

"C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LPX2CMB\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759461233-1512547366-3970981607-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759461233-1512547366-3970981607-1000UA.job

C:\Windows\tasks\WinMaximizer-eigenaar-Startup.job

C:\Windows\tasks\WinMaximizer64-eigenaar-Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2013-08-30 245592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-10 256080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}]

PlusIEEventHelper Class - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-10 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2013-08-30 245592]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-10 256080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-08-30 201784]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-10 194640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"=C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 136176]

"EmbMachineComms.exe"=C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe [2010-10-26 100352]

"ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2009-05-05 222496]

"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2013-03-22 248208]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-02 98304]

"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10 49208]

"Adobe Photo Downloader"=C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-10 67488]

"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2013-08-30 4858968]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

"ControlCenter4"=C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [2012-09-06 143360]

"BrStsMon00"=C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2012-06-06 3076096]

"IndexSearch"=C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [2010-03-08 46368]

"PaperPort PTD"=C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [2010-03-08 29984]

"PPort12reminder"=C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [2010-02-09 328992]

"PDFHook"=C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [2010-03-05 636192]

"PDF5 Registry Controller"=C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [2010-03-05 62752]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Brother BPPO.lnk - C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe

C:\Users\eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-11-14 00:10:35 ----A---- C:\Windows\SYSWOW64\ieui.dll

2013-11-14 00:10:35 ----A---- C:\Windows\system32\ieui.dll

2013-11-14 00:10:34 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2013-11-14 00:10:34 ----A---- C:\Windows\system32\iesetup.dll

2013-11-14 00:10:34 ----A---- C:\Windows\system32\iernonce.dll

2013-11-14 00:10:33 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe

2013-11-14 00:10:33 ----A---- C:\Windows\SYSWOW64\iesysprep.dll

2013-11-14 00:10:33 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2013-11-14 00:10:33 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-14 00:10:33 ----A---- C:\Windows\system32\ie4uinit.exe

2013-11-14 00:10:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2013-11-14 00:10:32 ----A---- C:\Windows\system32\iesysprep.dll

2013-11-14 00:10:31 ----A---- C:\Windows\system32\iertutil.dll

2013-11-14 00:10:30 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2013-11-14 00:10:30 ----A---- C:\Windows\system32\msfeeds.dll

2013-11-14 00:10:29 ----A---- C:\Windows\SYSWOW64\jscript.dll

2013-11-14 00:10:29 ----A---- C:\Windows\system32\jscript.dll

2013-11-14 00:10:28 ----A---- C:\Windows\system32\jscript9.dll

2013-11-14 00:10:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2013-11-14 00:10:27 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2013-11-14 00:10:26 ----A---- C:\Windows\system32\urlmon.dll

2013-11-14 00:10:25 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2013-11-14 00:10:25 ----A---- C:\Windows\system32\jsproxy.dll

2013-11-14 00:10:24 ----A---- C:\Windows\SYSWOW64\wininet.dll

2013-11-14 00:10:24 ----A---- C:\Windows\system32\wininet.dll

2013-11-14 00:10:22 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2013-11-14 00:10:21 ----A---- C:\Windows\system32\ieframe.dll

2013-11-14 00:10:20 ----A---- C:\Windows\system32\mshtml.dll

2013-11-14 00:10:17 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2013-11-13 23:30:52 ----A---- C:\Windows\system32\drivers\afd.sys

2013-11-13 23:30:46 ----A---- C:\Windows\system32\crypt32.dll

2013-11-13 23:30:45 ----A---- C:\Windows\SYSWOW64\crypt32.dll

2013-11-13 23:30:38 ----A---- C:\Windows\SYSWOW64\authui.dll

2013-11-13 23:30:38 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-13 23:30:38 ----A---- C:\Windows\system32\credui.dll

2013-11-13 23:30:38 ----A---- C:\Windows\system32\authui.dll

2013-11-13 23:30:37 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll

2013-11-13 23:30:37 ----A---- C:\Windows\SYSWOW64\credui.dll

2013-11-13 23:30:31 ----A---- C:\Windows\SYSWOW64\schannel.dll

2013-11-13 23:30:31 ----A---- C:\Windows\system32\schannel.dll

2013-11-13 23:30:31 ----A---- C:\Windows\system32\drivers\ksecpkg.sys

2013-11-13 23:30:31 ----A---- C:\Windows\system32\drivers\ksecdd.sys

2013-11-13 23:30:30 ----A---- C:\Windows\SYSWOW64\sspicli.dll

2013-11-13 23:30:30 ----A---- C:\Windows\SYSWOW64\secur32.dll

2013-11-13 23:30:30 ----A---- C:\Windows\SYSWOW64\ncrypt.dll

2013-11-13 23:30:30 ----A---- C:\Windows\system32\sspisrv.dll

2013-11-13 23:30:30 ----A---- C:\Windows\system32\sspicli.dll

2013-11-13 23:30:30 ----A---- C:\Windows\system32\secur32.dll

2013-11-13 23:30:30 ----A---- C:\Windows\system32\ncrypt.dll

2013-11-13 23:30:30 ----A---- C:\Windows\system32\lsass.exe

2013-11-13 23:30:30 ----A---- C:\Windows\system32\lsasrv.dll

2013-11-13 23:30:30 ----A---- C:\Windows\system32\drivers\cng.sys

2013-11-13 23:30:28 ----A---- C:\Windows\SYSWOW64\gdi32.dll

2013-11-13 23:30:28 ----A---- C:\Windows\system32\gdi32.dll

2013-11-13 23:30:26 ----A---- C:\Windows\system32\IKEEXT.DLL

2013-11-13 23:30:25 ----A---- C:\Windows\system32\FWPUCLNT.DLL

2013-11-13 23:30:24 ----A---- C:\Windows\SYSWOW64\nshwfp.dll

2013-11-13 23:30:24 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL

2013-11-13 23:30:24 ----A---- C:\Windows\system32\nshwfp.dll

2013-11-11 16:47:52 ----D---- C:\Program Files\trend micro

2013-11-11 16:47:49 ----D---- C:\rsit

2013-11-07 20:22:48 ----D---- C:\Users\eigenaar\AppData\Roaming\Malwarebytes

2013-11-07 20:22:44 ----D---- C:\ProgramData\Malwarebytes

2013-11-07 20:22:42 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-07 20:22:42 ----A---- C:\Windows\system32\drivers\mbam.sys

2013-11-07 18:27:29 ----D---- C:\Users\eigenaar\AppData\Roaming\IsolatedStorage

2013-11-07 18:27:29 ----D---- C:\ProgramData\IsolatedStorage

2013-11-07 18:26:08 ----D---- C:\Users\eigenaar\AppData\Roaming\Solvusoft

2013-11-07 18:23:05 ----D---- C:\Spacekace

2013-11-06 21:05:17 ----D---- C:\Program Files\CCleaner

2013-10-24 18:28:35 ----D---- C:\Program Files\Nuance

2013-10-24 18:27:50 ----D---- C:\ProgramData\zeon

2013-10-22 21:23:58 ----D---- C:\Users\eigenaar\AppData\Roaming\ControlCenter4

2013-10-22 21:03:18 ----D---- C:\Brother

2013-10-22 21:03:13 ----D---- C:\ProgramData\ControlCenter4

2013-10-22 21:03:13 ----D---- C:\Program Files (x86)\Browny02

2013-10-22 21:03:04 ----D---- C:\Program Files (x86)\ControlCenter4

2013-10-22 21:03:04 ----A---- C:\Windows\Brfaxrx.ini

2013-10-22 21:02:43 ----N---- C:\Windows\SYSWOW64\BrDctF2L.dll

2013-10-22 21:02:40 ----N---- C:\Windows\SYSWOW64\BrDctF2S.dll

2013-10-22 21:02:40 ----N---- C:\Windows\SYSWOW64\BrDctF2.dll

2013-10-22 21:02:40 ----D---- C:\Program Files (x86)\Brother

2013-10-22 20:52:38 ----D---- C:\bro

2013-10-22 20:17:08 ----D---- C:\ProgramData\Oracle

2013-10-22 20:16:58 ----A---- C:\Windows\SYSWOW64\javaws.exe

2013-10-22 20:16:52 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

2013-10-22 20:16:52 ----A---- C:\Windows\SYSWOW64\javaw.exe

2013-10-22 20:16:52 ----A---- C:\Windows\SYSWOW64\java.exe

2013-10-22 19:51:37 ----A---- C:\Windows\system32\drivers\usbport.sys

2013-10-22 19:51:37 ----A---- C:\Windows\system32\drivers\usbehci.sys

2013-10-22 19:51:37 ----A---- C:\Windows\system32\drivers\usbccgp.sys

2013-10-22 19:51:36 ----A---- C:\Windows\system32\drivers\usbuhci.sys

2013-10-22 19:51:36 ----A---- C:\Windows\system32\drivers\usbohci.sys

2013-10-22 19:51:36 ----A---- C:\Windows\system32\drivers\usbhub.sys

2013-10-22 19:51:36 ----A---- C:\Windows\system32\drivers\usbd.sys

2013-10-21 20:19:19 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2013-10-21 20:19:19 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2013-10-21 20:19:19 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll

2013-10-21 20:19:16 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys

2013-10-21 20:19:16 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys

2013-10-21 20:19:11 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll

2013-10-21 20:19:11 ----A---- C:\Windows\SYSWOW64\tsgqec.dll

2013-10-21 20:19:11 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll

2013-10-21 20:19:11 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll

2013-10-21 20:19:11 ----A---- C:\Windows\SYSWOW64\aaclient.dll

2013-10-21 20:19:11 ----A---- C:\Windows\system32\wksprtPS.dll

2013-10-21 20:19:11 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll

2013-10-21 20:19:11 ----A---- C:\Windows\system32\tsgqec.dll

2013-10-21 20:19:10 ----A---- C:\Windows\SYSWOW64\mstsc.exe

2013-10-21 20:19:10 ----A---- C:\Windows\system32\wksprt.exe

2013-10-21 20:19:10 ----A---- C:\Windows\system32\TSWbPrxy.exe

2013-10-21 20:19:10 ----A---- C:\Windows\system32\rdpudd.dll

2013-10-21 20:19:10 ----A---- C:\Windows\system32\rdpendp_winip.dll

2013-10-21 20:19:10 ----A---- C:\Windows\system32\MsRdpWebAccess.dll

2013-10-21 20:19:10 ----A---- C:\Windows\system32\aaclient.dll

2013-10-21 20:19:09 ----A---- C:\Windows\SYSWOW64\mstscax.dll

2013-10-21 20:19:09 ----A---- C:\Windows\system32\rdpcorets.dll

2013-10-21 20:19:09 ----A---- C:\Windows\system32\mstsc.exe

2013-10-21 20:19:08 ----A---- C:\Windows\system32\mstscax.dll

2013-10-21 20:18:02 ----A---- C:\Windows\SYSWOW64\qdvd.dll

2013-10-21 20:18:02 ----A---- C:\Windows\system32\qdvd.dll

======List of files/folders modified in the last 1 month======

2013-11-15 16:34:52 ----D---- C:\Windows\Temp

2013-11-15 16:33:43 ----D---- C:\Windows\Prefetch

2013-11-15 12:18:56 ----D---- C:\Users\eigenaar\AppData\Roaming\Dropbox

2013-11-15 10:10:53 ----D---- C:\Windows\system32\config

2013-11-14 11:24:26 ----D---- C:\Windows\rescache

2013-11-14 10:12:34 ----D---- C:\Windows\winsxs

2013-11-14 10:12:15 ----D---- C:\Windows\Panther

2013-11-14 10:09:57 ----D---- C:\Program Files (x86)\Internet Explorer

2013-11-14 10:09:56 ----D---- C:\Windows\SysWOW64

2013-11-14 10:09:56 ----D---- C:\Windows\System32

2013-11-14 10:09:55 ----D---- C:\Program Files\Internet Explorer

2013-11-14 10:09:54 ----D---- C:\Windows\SYSWOW64\nl-NL

2013-11-14 10:09:53 ----D---- C:\Windows\system32\nl-NL

2013-11-14 10:09:53 ----D---- C:\Windows\system32\drivers

2013-11-14 00:10:51 ----D---- C:\Windows\system32\catroot2

2013-11-14 00:10:51 ----D---- C:\Windows\system32\catroot

2013-11-14 00:10:16 ----SHD---- C:\Windows\Installer

2013-11-14 00:10:15 ----HD---- C:\Config.Msi

2013-11-14 00:10:09 ----A---- C:\Windows\win.ini

2013-11-14 00:08:47 ----D---- C:\Windows\system32\MRT

2013-11-14 00:07:02 ----D---- C:\Windows\debug

2013-11-14 00:06:58 ----A---- C:\Windows\system32\MRT.exe

2013-11-14 00:06:16 ----SHD---- C:\System Volume Information

2013-11-11 16:47:52 ----RD---- C:\Program Files

2013-11-08 09:32:57 ----RD---- C:\Program Files (x86)

2013-11-07 20:35:14 ----D---- C:\Windows

2013-11-07 20:32:44 ----D---- C:\Windows\system32\Tasks

2013-11-07 20:32:41 ----D---- C:\Windows\Tasks

2013-11-07 20:22:44 ----HD---- C:\ProgramData

2013-11-07 19:21:51 ----D---- C:\Windows\inf

2013-11-07 14:11:49 ----A---- C:\Windows\Brpfx04a.ini

2013-11-06 23:07:57 ----D---- C:\Users\eigenaar\AppData\Roaming\DAEMON Tools Lite

2013-11-06 23:07:50 ----D---- C:\Windows\ModemLogs

2013-11-06 23:07:50 ----D---- C:\Windows\Minidump

2013-11-06 23:07:50 ----D---- C:\Windows\Logs

2013-10-27 22:29:44 ----D---- C:\Program Files (x86)\DealPly

2013-10-24 18:37:21 ----A---- C:\Windows\brpcfx.ini

2013-10-24 18:37:19 ----A---- C:\Windows\BRPARAM.INI

2013-10-24 18:35:14 ----D---- C:\Windows\system32\DriverStore

2013-10-24 18:28:00 ----D---- C:\ProgramData\Nuance

2013-10-24 18:27:49 ----D---- C:\Program Files (x86)\Nuance

2013-10-24 18:27:07 ----D---- C:\ProgramData\ScanSoft

2013-10-24 18:26:20 ----D---- C:\Program Files (x86)\Common Files

2013-10-24 18:18:25 ----SD---- C:\Users\eigenaar\AppData\Roaming\Microsoft

2013-10-24 16:23:55 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2013-10-22 21:33:01 ----D---- C:\Users\eigenaar\AppData\Roaming\PC-FAX TX

2013-10-22 20:16:52 ----D---- C:\Program Files (x86)\Java

2013-10-21 20:28:12 ----D---- C:\Windows\SYSWOW64\wbem

2013-10-21 20:28:12 ----D---- C:\Windows\system32\wbem

2013-10-21 20:28:12 ----D---- C:\Windows\system32\drivers\nl-NL

2013-10-21 20:28:12 ----D---- C:\Windows\PolicyDefinitions

2013-10-21 20:03:23 ----D---- C:\Program Files (x86)\BitTorrent

2013-10-21 20:03:22 ----D---- C:\Users\eigenaar\AppData\Roaming\BitTorrent

2013-10-19 17:21:54 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-08-30 65336]

R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-08-30 204880]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2012-03-30 52856]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-10-30 21136]

R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-08-30 72016]

R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-08-30 1030952]

R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-08-30 378944]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-08-30 64288]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-08-30 33400]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-08-30 80816]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-03 6366720]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-03 186880]

R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]

R3 BrSerIb;Brother Serial Interface Driver(WDM); C:\Windows\system32\DRIVERS\BrSerIb.sys [2012-11-15 95344]

R3 BrUsbSIb;Brother Serial USB Driver(WDM); C:\Windows\system32\DRIVERS\BrUsbSIb.sys [2012-11-15 21872]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]

R3 rt61x64;Linksys Wireless-G PCI Adapter Driver; C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys [2010-04-07 446304]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]

R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-03 6366720]

S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]

S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]

S3 cpuz132;cpuz132; \??\C:\Users\eigenaar\AppData\Local\Temp\cpuz132\cpuz132_x64.sys []

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488]

S3 mdf15;mdf15; \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mdf15.sys [2010-03-18 12288]

S3 mvd21;mvd21; \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd21.sys [2010-06-14 64512]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]

S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

S3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2013-02-22 160256]

S3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 57856]

S3 USB28xxBGA;USB 2861 Device; C:\Windows\system32\DRIVERS\emBDA64.sys [2011-03-06 683136]

S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys [2011-03-06 1189504]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-03 202752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-08-30 46808]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152]

R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-03-22 93072]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

R3 BrYNSvc;BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-06-05 266240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 135664]

S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S2 SZASSIST;SecretZone Assist Service; C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-07-30 90112]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-03-30 654848]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 135664]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-10-03 194032]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

[kape]

Download Zoek.zip naar het bureaublad.

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

chromelook; 
firefoxlook; 
 {2d8d9acc-f6d7-4362-8876-a275ca929591};c
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r64
 "AppInit_DLLs"=-;r64
 C:\Program Files (x86)\DealPly;fs
  emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Firefox Defaults
  
• Reset Chrome
  
• IE Defaults
  
• Auto Clean
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post nu de inhoud van het geopende logje in het volgende bericht.
  

[j.van.haaren]

Zoek.exe Version 4.0.0.5 Updated 14-November-2013

Tool run by eigenaar on za 16-11-2013 at 10:39:57,84.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\eigenaar\AppData\Local\Temp\Rar$EX05.752\zoek.exe [script inserted] [Checkboxes used]

==== System Restore Info ======================

16-11-2013 10:44:35 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Atari deleted successfully

C:\PROGRA~2\DealPly deleted successfully

C:\PROGRA~2\TomTom DesktopSuite deleted successfully

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

C:\ProgramData\\Babylon deleted successfully

C:\ProgramData\\Big Fish Games deleted successfully

C:\ProgramData\\CorelDRAW Graphics Suite X5 deleted successfully

C:\ProgramData\\Oracle deleted successfully

C:\Users\eigenaar\AppData\Roaming\Atari deleted successfully

C:\Users\eigenaar\AppData\Roaming\Reviversoft deleted successfully

C:\Users\eigenaar\AppData\Roaming\Solvusoft deleted successfully

C:\Users\eigenaar\AppData\Roaming\SynthMaker deleted successfully

C:\Users\Pieter\AppData\Roaming\Google deleted successfully

C:\Users\eigenaar\AppData\Local\Conduit deleted successfully

C:\Users\eigenaar\AppData\Local\MigWiz deleted successfully

C:\Users\eigenaar\AppData\Local\PackageAware deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully

HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03} deleted successfully

HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8AD43791-97EE-4FCB-95C5-06C00A67F700} deleted successfully

HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully

HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E398376B-E950-4B75-9F7A-A2C65C605FD5} deleted successfully

HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully

HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:

Added to C:\Users\eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\DealPly not found

C:\PROGRA~2\TornTV.com deleted

C:\PROGRA~2\1ClickDownload deleted

C:\PROGRA~2\Conduit deleted

C:\ProgramData\\Ask deleted

C:\ProgramData\\boost_interprocess deleted

C:\ProgramData\\Tarma Installer deleted

C:\Users\eigenaar\AppData\Local\Ilivid Player deleted

C:\Users\eigenaar\AppData\Local\CRE deleted

C:\Users\eigenaar\AppData\Local\APN deleted

C:\Users\eigenaar\AppData\Local\Babylon deleted

C:\Users\eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted

C:\Windows\SysNative\roboot64.exe deleted

C:\windows\SysNative\Tasks\WinMaximizer-eigenaar-Startup deleted

C:\windows\SysNative\Tasks\WinMaximizer64-eigenaar-Startup deleted

C:\Windows\Tasks\WinMaximizer-eigenaar-Startup.job deleted

C:\Windows\Tasks\WinMaximizer64-eigenaar-Startup.job deleted

C:\Users\eigenaar\AppData\LocalLow\IAC deleted

C:\Users\eigenaar\AppData\LocalLow\facemoods.com deleted

C:\Users\eigenaar\AppData\LocalLow\DataMngr deleted

C:\Users\eigenaar\AppData\LocalLow\Conduit deleted

C:\Users\Pieter\AppData\LocalLow\AskToolbar deleted

C:\Users\Pieter\AppData\LocalLow\facemoods.com deleted

C:\user.js deleted

"C:\Users\eigenaar\AppData\Roaming\TVSM\prefs" deleted

"C:\Users\eigenaar\AppData\Roaming\TVSM" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-10-22 20:03:04 7D6E128FDC85D9EC2130ECAEC7FB7C76 66 ----a-w- C:\Windows\Brfaxrx.ini

====== C:\Users\eigenaar\AppData\Local\Temp ====

====== Java Cache =====

2013-10-22 19:18:28 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-413c13ee

2013-10-22 19:18:15 399263C9A2834C1EB6329D8FAA969E64 100 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap

2013-10-22 19:18:15 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-7eef390b

2013-10-22 19:18:14 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-40392d82

2013-11-14 23:01:43 37C5C378CAC200CDA3B32EA9337D52E8 79 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4eb386c2-6.0.lap

2013-11-14 23:01:50 7B7A2E080B7666937AC3F375D9E3DEC9 39234 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\76354827-73a5c781

2013-10-22 19:18:15 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-1653ae62

====== C:\Windows\SysWOW64 =====

2013-11-13 23:10:36 FED1803F2F9C4BDBA8267EA2DE47CFE2 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2013-11-13 23:10:35 FEB2F07A980A9844AD1B5E886C9B5338 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll

2013-11-13 23:10:34 E841206E319069920C394A5E3842568F 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2013-11-13 23:10:33 8D98D99DC6D4033591354156CEB25153 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll

2013-11-13 23:10:33 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-13 23:10:33 70F131E94E1B4496469A563C85279192 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2013-11-13 23:10:32 DA5374911037841F81072A4DCBB02D93 2049024 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-11-13 23:10:30 AD6639EF2BD655C7E630B6BCF7203463 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-11-13 23:10:29 6AD683FF326836EB6AE63B1F144A4F9D 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-11-13 23:10:27 D42525513055C0A65FD4BEFAFACEB134 2877952 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-11-13 23:10:27 A5897063A4B6796EFB7B34CEC5BC739F 1138176 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-11-13 23:10:25 98B05ADD60BAA432E708BAFEBE5B1D70 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2013-11-13 23:10:24 5FD4335DCD343D0FEA9FA6B18ED408D9 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-11-13 23:10:22 1191434BB424F18C2609AB5C955DD14E 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2013-11-13 23:10:17 02A04841906A8892AD6CC7BDBCB5F61D 14355968 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-11-13 22:30:45 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\SysWOW64\crypt32.dll

2013-11-13 22:30:38 EE7CB55F77465CDAC4C80F587FF7C278 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll

2013-11-13 22:30:37 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\SysWOW64\credui.dll

2013-11-13 22:30:37 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 22:30:31 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll

2013-11-13 22:30:30 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll

2013-11-13 22:30:30 42B924C5F3924C1EB2539F22C10D7DF1 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll

2013-11-13 22:30:30 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll

2013-11-13 22:30:28 56E3313690866F99CD17AA1342F64AE1 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll

2013-11-13 22:30:24 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 22:30:24 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-11-13 23:10:36 668653D2C9ED9E7529386DD8138FAAEB 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2013-11-13 23:10:35 8D0D46B480BB260FA2AEA1201F15E784 526336 ----a-w- C:\Windows\Sysnative\ieui.dll

2013-11-13 23:10:34 59AD440EFC7A653B55D5DC34E75960B2 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll

2013-11-13 23:10:34 2CA49EB6296DBC1A5CEE141009A6F757 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll

2013-11-13 23:10:33 9F1D74E792DADA30809FCA64F705C042 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe

2013-11-13 23:10:33 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2013-11-13 23:10:32 F08BF4FC30F31350DCAB06F2B59ED1E9 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll

2013-11-13 23:10:31 A96B3E9D360DE75B09EE77698A54412B 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-11-13 23:10:30 1E47964351EA38C20A8E28B413769C80 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-11-13 23:10:29 EFB4937249C7E4D57F69CC4B1986BC4B 855552 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-11-13 23:10:28 90868BDD4047BF951E03620961945149 3959808 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-11-13 23:10:26 F13305A81317DDAEA3968D2D8EC0C0A4 1364992 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-11-13 23:10:25 B83DB27D36C697760E0D33AE0CF76AAD 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2013-11-13 23:10:24 9706C99DAEBE3FEAC811B239617E98C4 2241536 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-11-13 23:10:21 9991ABD246ED906CF420B2CA08BF685A 15404544 ----a-w- C:\Windows\Sysnative\ieframe.dll

2013-11-13 23:10:20 25C356A79B7002E0A20AAF592ED59DE4 19269632 ----a-w- C:\Windows\Sysnative\mshtml.dll

2013-11-13 22:30:46 780F6ECC4F55D76C9730E6B6C9B31913 1474048 ----a-w- C:\Windows\Sysnative\crypt32.dll

2013-11-13 22:30:38 8563BA40DF4F1E93A61B70E2C8B60CF8 190464 ----a-w- C:\Windows\Sysnative\SmartcardCredentialProvider.dll

2013-11-13 22:30:38 4403D5ECE7D8323CAF1207D1AA38FA01 197120 ----a-w- C:\Windows\Sysnative\credui.dll

2013-11-13 22:30:38 34152997FB906895290E0199AC94B85F 1930752 ----a-w- C:\Windows\Sysnative\authui.dll

2013-11-13 22:30:31 31FFED18C7B836CEC1B559347E32E151 340992 ----a-w- C:\Windows\Sysnative\schannel.dll

2013-11-13 22:30:30 B08EA91C774AA734E0B9881F85CD9F42 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll

2013-11-13 22:30:30 7C46EC9CCDE6E793713FA01DB2EB918E 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll

2013-11-13 22:30:30 747B9BA5412422F27934CB21131F0A3E 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll

2013-11-13 22:30:30 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\Sysnative\lsass.exe

2013-11-13 22:30:30 208EAAFF40DA400190AA0605C797BEA2 28160 ----a-w- C:\Windows\Sysnative\secur32.dll

2013-11-13 22:30:30 086F906B1D30C0A5D35FE0F6362DAB21 1447936 ----a-w- C:\Windows\Sysnative\lsasrv.dll

2013-11-13 22:30:28 56325BB1FF19F2A5AC8713756AC41140 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll

2013-11-13 22:30:26 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL

2013-11-13 22:30:25 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL

2013-11-13 22:30:24 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll

====== C:\Windows\Sysnative\drivers =====

2013-11-13 22:30:52 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys

2013-11-13 22:30:31 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys

2013-11-13 22:30:31 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys

2013-11-13 22:30:30 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys

2013-11-07 19:22:42 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2013-10-22 18:51:37 E73A7A04FDAC9DD46EE2A4257F09E91C 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys

2013-10-22 18:51:37 ACCEA6BC68D0C9A78EB97EE159028B4E 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys

2013-10-22 18:51:37 311C1DD1088E55BEAE15954D17F50646 52736 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys

2013-10-22 18:51:36 A83D0EC9AE4C31704442099D40BA2471 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys

2013-10-22 18:51:36 9406D801042FAF859CF81B2C886413DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys

2013-10-22 18:51:36 861C197502A5057E68F0AC75D9EFCDD7 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys

2013-10-22 18:51:36 280E90CBF4B2DDD169F0728CB44D726F 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys

2013-10-21 19:19:16 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys

2013-10-21 19:19:16 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-11-11 15:47:52 -------- d-----w- C:\Program Files\trend micro

2013-10-24 17:28:35 -------- d-----w- C:\Program Files\Nuance

======= C:\PROGRA~2 =====

2013-10-24 17:26:20 -------- d-----w- C:\PROGRA~2\COMMON~1\ScanSoft Shared

2013-10-22 20:03:13 -------- d-----w- C:\PROGRA~2\Browny02

2013-10-22 20:03:04 -------- d-----w- C:\PROGRA~2\ControlCenter4

2013-10-22 20:02:40 -------- d-----w- C:\PROGRA~2\Brother

2013-10-22 19:17:04 -------- d-----w- C:\PROGRA~2\COMMON~1\Java

======= C: =====

====== C:\Users\eigenaar\AppData\Roaming ======

2013-11-07 17:27:35 -------- d-----w- C:\Users\eigenaar\AppData\Local\FileViewPro

2013-11-07 17:27:29 -------- d-----w- C:\Users\eigenaar\AppData\Roaming\IsolatedStorage

2013-11-07 17:24:06 -------- d-----w- C:\Users\eigenaar\AppData\Local\Programs

2013-10-22 20:23:58 -------- d-----w- C:\Users\eigenaar\AppData\Roaming\ControlCenter4

2013-10-22 19:20:37 -------- d-----w- C:\Users\eigenaar\AppData\Local\Apps

====== C:\Users\eigenaar ======

2013-11-07 19:21:54 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\eigenaar\Downloads\mbam-setup-1.75.0.1300.exe

2013-11-07 17:27:29 -------- d-----w- C:\ProgramData\IsolatedStorage

2013-11-07 17:22:03 65295BFEAC7F8D27FC637C6F2E03DCFB 2388400 ----a-w- C:\Users\eigenaar\Downloads\FileViewPro_2013.exe

2013-11-06 20:03:51 5F3D2EB5C6CB581C892734BA197BD8D3 4178040 ----a-w- C:\Users\eigenaar\Downloads\ccsetup326.exe

2013-11-06 19:27:06 79B2816DF722E273961E09BFBAC0A90C 1303552 ----a-w- C:\Users\eigenaar\Downloads\ZiggoWifiSpots.exe

2013-11-01 19:25:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2013-10-24 17:27:50 -------- d-----w- C:\ProgramData\zeon

2013-10-24 17:27:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12

2013-10-22 20:09:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother

2013-10-22 20:03:13 -------- d-----w- C:\ProgramData\ControlCenter4

2013-10-22 19:16:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

====== C: exe-files ==

2013-11-15 15:33:32 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LPX2CMB\RSITx64.exe

2013-11-13 23:10:33 9F1D74E792DADA30809FCA64F705C042 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-11-13 23:10:33 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-13 23:10:33 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 ----a-w- C:\Windows\System32\ie4uinit.exe

2013-11-13 23:10:30 D7D5768B8A697FCBAEE2CFE137070F02 770736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2013-11-13 23:10:30 39D0074C59F6D1A62731942C7FA8B60B 775344 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-11-13 22:30:30 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\System32\lsass.exe

2013-11-11 15:47:53 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\eigenaar.exe

=== C: other files ==

2013-11-13 22:30:52 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-11-13 22:30:31 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-11-13 22:30:31 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-11-13 22:30:30 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"EmbMachineComms.exe"="C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe"

"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"

"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBKeyScan"="C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

"Adobe Photo Downloader"="C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"

"avast"="C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun"

"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"

"IndexSearch"="C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

"PaperPort PTD"="C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

"PPort12reminder"="C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe -r C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

"PDFHook"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe"

"PDF5 Registry Controller"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"EmbMachineComms.exe"="C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe"

"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"

"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

==== Startup Folders ======================

2011-04-14 19:44:45 1053 ----a-w- C:\Users\eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2013-10-22 20:27:51 2719 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother BPPO.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08-10-2013 19:47]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18-05-2010 14:11]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18-05-2010 14:11]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759461233-1512547366-3970981607-1000Core.job --a------ C:D?C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe []

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759461233-1512547366-3970981607-1000UA.job --a------ C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [18-10-2010 10:22]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\0" [c:\program files (x86)\internet explorer\iexplore.exe]

"C:\Windows\SysNative\tasks\5009" [wscript.exe C:\Users\eigenaar\AppData\Local\Temp\launchie.vbs //B]

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1759461233-1512547366-3970981607-1000Core" [C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1759461233-1512547366-3970981607-1000UA" [C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\Start Registry Reviver" [C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{DE456AD9-E711-4DE1-BCE3-EEF10F75CD87}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\{46512339-EE89-4B6E-BD61-E39F8C6B7B19}" [C:\Users\eigenaar\Desktop\frui\flstudio608_install.exe]

"C:\Windows\SysNative\tasks\{4BB9EC91-6CAB-4CC7-8675-EC2EE1636508}" [C:\Program Files (x86)\Nitro PDF\Professional\NitroPDF.exe]

"C:\Windows\SysNative\tasks\{508CFF7E-7CDF-400C-BF0B-A135171E5D5D}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [20-09-2013 10:03]

==== Firefox Extensions ======================

ExtDir: C:\Users\eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

- Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi

==== Firefox Plugins ======================

==== Deleted Firefox Extensions ======================

C:\Users\eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\trtv3@trtv.com.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bicnnkjibmphdeigoodpjlcklcnaobdj - C:\Program Files (x86)\TornTV.com\torntv10.crx[]

jplinpmadfkdgipabgcdchbdikologlh - C:\Program Files (x86)\1ClickDownload\1click12.crx[]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\eigenaar\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\eigenaar\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

1Click Downloader - eigenaar - Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh

Plus-HD-2.2 - eigenaar - Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo

BittorrentBar_NL - eigenaar - Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn

Google Wallet - eigenaar - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh deleted successfully

C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jplinpmadfkdgipabgcdchbdikologlh_0.localstorage deleted successfully

C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jplinpmadfkdgipabgcdchbdikologlh_0.localstorage-journal deleted successfully

C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo deleted successfully

C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfakeonomonapccoamcmdgpoaicnpnoo_0.localstorage deleted successfully

C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kfakeonomonapccoamcmdgpoaicnpnoo_0 deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

"Search Bar"="Bing"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://dutch.toggle.com/nl/index.php?rvs=google"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Search Page"="http://dutch.toggle.com/nl/index.php?rvs=google"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{EEE6C360-6118-11DC-9C72-001320C79847}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Bar"="Bing"

"Start Page"="Google"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Search Page"="Bing"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Search Page"="Bing"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing?}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{D36A7629-633E-4E42-A787-5BE185EFA07D} Google Url="{searchTerms} - Google zoeken"

==== Reset Google Chrome ======================

C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Pieter\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VY6OM7N2 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\eigenaar\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VY6OM7N2" not found

==== EOF on za 16-11-2013 at 11:05:21,33 ======================

[kape]

Download AdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op de knop Scan.
  
• Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  
• Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  
• Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  
• Plaats dit logbestand in het volgende bericht.
  

[j.van.haaren]

# AdwCleaner v3.012 - Report created 16/11/2013 at 12:59:44

# Updated 11/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : eigenaar - PC43108-A

# Running from : C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EF0LX01G\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WinMaximizer

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-2.2

Key Deleted : HKCU\Software\AppDataLow\Software\smartbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\Software\Uniblue

Key Deleted : HKLM\Software\WinMaximizer

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods

Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v

[ File : C:\Users\eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6696 octets] - [16/11/2013 12:58:37]

AdwCleaner[s0].txt - [6574 octets] - [16/11/2013 12:59:44]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6634 octets] ##########

[kape]

Mooie opruiming ... Krijg je nu nog ongewenste popups ?

[j.van.haaren]

Er kom nu niets vreemds meer voor de dag hartelijk bedank voor het oplossen ik zal nu mijn virus en malware scanners weer aan zetten

wat kan ik nog meer doen om geen rotzooi meer binnen te krijgen.

[kape]

Verwijder zeker de gebruikte tools en ruim de aanwezige restjes nog eerst op:

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings
  

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.