• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

graag ff controle

Status
Niet open voor verdere reacties.
fokkemaat

fokkemaat

Enthousiast
Lid geworden
7 dec 2006
Berichten
2.091
Waarderingsscore
0
[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:06:27, on 28-9-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal


Running processes:
c:\program files (x86)\malwarebytes anti-malware\mbam.exe
c:\program files (x86)\gadwin systems\printscreen\printscreen.exe
c:\program files (x86)\google\chrome\application\chrome.exe
c:\program files (x86)\secunia\psi\psi_tray.exe
c:\program files\avast software\avast\avastui.exe
c:\program files (x86)\divx\divx update\divxupdate.exe
c:\program files (x86)\real\realplayer\update\realsched.exe
c:\users\ernst jan\appdata\roaming\dropbox\bin\dropbox.exe
c:\program files (x86)\itunes\ituneshelper.exe
c:\program files (x86)\google\chrome\application\chrome.exe
c:\program files (x86)\google\chrome\application\chrome.exe
c:\program files (x86)\google\chrome\application\chrome.exe
c:\program files (x86)\bluestacks\hd-agent.exe
c:\program files (x86)\trend micro\hijackthis\hijackthis.exe


r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://www.bing.com/search?q={searchterms}&form=avasdf&pc=av01[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://www.bing.com/search?q={searchterms}&form=avasdf&pc=av01[/noparse]
r1 - hkcu\software\microsoft\internet explorer\search,default_search_url = www.google.com
r1 - hkcu\software\microsoft\internet explorer\search,searchassistant = www.google.com
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o2 - bho: (no name) - {3049c3e9-b461-4bc5-8870-4c09146192ca} - (no file)
o2 - bho: java(tm) plug-in ssv helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre1.8.0_20\bin\ssv.dll
o2 - bho: avast! online security - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
o2 - bho: aanmeldhulp voor windows live id - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre1.8.0_20\bin\jp2ssv.dll
o4 - hklm\..\run: [apsdaemon] c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
o4 - hklm\..\run: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [divxmediaserver] c:\program files (x86)\divx\divx media server\divxmediaserver.exe
o4 - hklm\..\run: [avastui.exe] c:\program files\avast software\avast\avastui.exe /nogui
o4 - hklm\..\run: [quicktime task] c:\program files (x86)\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [divxupdate] c:\program files (x86)\divx\divx update\divxupdate.exe /checknow
o4 - hklm\..\run: [tkbellexe] c:\program files (x86)\real\realplayer\update\realsched.exe -osboot
o4 - hklm\..\run: [ituneshelper] c:\program files (x86)\itunes\ituneshelper.exe
o4 - hklm\..\run: [bluestacks agent] c:\program files (x86)\bluestacks\hd-agent.exe
o4 - hkcu\..\run: [gadwin printscreen] c:\program files (x86)\gadwin systems\printscreen\printscreen.exe /nosplash
o4 - hkcu\..\run: [xvid] c:\program files (x86)\xvid\checkupdate.exe
o4 - hkcu\..\run: [sidebar] c:\program files\windows sidebar\sidebar.exe /autorun
o4 - hkcu\..\run: [googlechromeautolaunch_6424bc8420e0248c7ff6b2381e6f015b] c:\program files (x86)\google\chrome\application\chrome.exe --no-startup-window
o4 - hkcu\..\run: [ccleaner monitoring] c:\program files (x86)\ccleaner\ccleaner64.exe /monitor
o4 - startup: dropbox.lnk = ernst jan\appdata\roaming\dropbox\bin\dropbox.exe
o4 - global startup: realplayer cloud service ui.lnk = c:\program files (x86)\real\realplayer\rpds\bin64\rpsystray.exe
o4 - global startup: secunia psi tray.lnk = c:\program files (x86)\secunia\psi\psi_tray.exe
o8 - extra context menu item: add to google photos screensa&ver - res://c:\windows\system32\gphotos.scr/200
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~2\micros~1\office12\excel.exe/3000
o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - (no file)
o9 - extra 'tools' menuitem: sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - (no file)
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~2\micros~1\office12\refiebar.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o16 - dpf: {7530bfb8-7293-4d34-9923-61a11451afc5} - [noparse]http://download.eset.com/special/eos/onlinescanner.cab[/noparse]
o20 - appinit_dlls: c:\users\ernst jan\appdata\local\smartbar\application\resources\crdlil.dll
o23 - service: adobe acrobat update service (adobearmservice) - adobe systems incorporated - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
o23 - service: adobe flash player update service (adobeflashplayerupdatesvc) - adobe systems incorporated - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: apple mobile device - apple inc. - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
o23 - service: avast! antivirus - avast software - c:\program files\avast software\avast\avastsvc.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: bluestacks android service (bsthdandroidsvc) - bluestack systems, inc. - c:\program files (x86)\bluestacks\hd-service.exe
o23 - service: bluestacks log rotator service (bsthdlogrotatorsvc) - bluestack systems, inc. - c:\program files (x86)\bluestacks\hd-logrotatorservice.exe
o23 - service: bluestacks updater service (bsthdupdatersvc) - bluestack systems, inc. - c:\program files (x86)\bluestacks\hd-updaterservice.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: google updateservice (gupdate) (gupdate) - google inc. - c:\program files (x86)\google\update\googleupdate.exe
o23 - service: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files (x86)\google\update\googleupdate.exe
o23 - service: google updater service (gusvc) - google - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
o23 - service: @%systemroot%\system32\ieetwcollectorres.dll,-1000 (ieetwcollectorservice) - unknown owner - c:\windows\system32\ieetwcollector.exe (file missing)
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: mbamscheduler - malwarebytes corporation - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
o23 - service: mbamservice - malwarebytes corporation - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: nmsaccess - unknown owner - c:\program files (x86)\burnaware free\nmsaccess32.exe
o23 - service: nvidia display driver service (nvsvc) - unknown owner - c:\windows\system32\nvvsvc.exe (file missing)
o23 - service: online games manager (ogmservice) - realnetworks, inc. - c:\program files (x86)\online games manager\ogmservice.exe
o23 - service: openvpn service (openvpnservice) - the openvpn project - c:\program files (x86)\openvpn\bin\openvpnserv.exe
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: realnetworks downloader resolver service - unknown owner - c:\program files (x86)\realnetworks\realdownloader\rndlresolversvc.exe
o23 - service: realplayer cloud service - realnetworks, inc. - c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe
o23 - service: realplayer update service (realplayerupdatesvc) - unknown owner - c:\program files (x86)\real\updateservice\realplayerupdatesvc.exe
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: sisoftware deployment agent service (sandraagentsrv) - sisoftware - c:\program files\sisoftware\sisoftware sandra lite 2011.sp5\rpcagentsrv.exe
o23 - service: secunia psi agent - secunia - c:\program files (x86)\secunia\psi\psia.exe
o23 - service: secunia update agent - secunia - c:\program files (x86)\secunia\psi\sua.exe
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wat\watux.exe,-601 (watadminsvc) - unknown owner - c:\windows\system32\wat\watadminsvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
--
end of file - 10977 bytes
[/hjt]
 
Hallo,

Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

Download
51a612a8b27e2-Zoek.png
Zoek.exe naar het bureaublad.
  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.


Zoek.exe uitvoeren (voor meer informatie kunt u deze handleiding raadplegen)
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
  • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
    Code: 
    firefoxlook;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Zoek.exe logbestand plaatsen
  • Voeg het logbestand met de naam "Zoek-results.log" toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)
 
Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by Ernst Jan on zo 28-09-2014 at 21:39:34,25.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ernst Jan\Desktop\Downloads\zoek.exe [Scan all users] [Script inserted]


===== Runcheck 21:46:40,69 =====


--- Create Environment Variables 21:46:43,23
--- Checking Input 21:47:03,11
--- Torpig Check 21:47:10,43
--- AU AppData Check 21:47:15,03
--- Remove From Windows Installer 21:47:21,14
--- Empty Folders Check 21:49:26,41
--- IE Startpage Check 21:49:42,30
 
Hallo,

Dit is pas de voortgang van de scan, lees aub eerst de handleiding door.
Voer het daarna nogmaals uit.
 
abbs zei:
Hallo,

Dit is pas de voortgang van de scan, lees aub eerst de handleiding door.
Voer het daarna nogmaals uit.
Klik om te vergroten...
Ik dacht ook, dit is wel erg kort
Maar het log verdween toen hij aan de gang was, en m'n pc is ook erg traag
 
fokkemaat zei:
Ik dacht ook, dit is wel erg kort
Maar het log verdween toen hij aan de gang was, en m'n pc is ook erg traag
Klik om te vergroten...

(Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)
 
Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by Ernst Jan on di 30-09-2014 at 0:15:59,74.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ernst Jan\Desktop\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

30-9-2014 0:20:14 Zoek.exe System Restore Point Created Succesfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll


==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\BurnAware Free\NMSAccess32.exe
C:\Program Files (x86)\Online Games Manager\ogmservice.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Users\Ernst Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\PROGRA~2\MICROS~1\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Ernst Jan\Desktop\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\35125 deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector deleted
C:\Users\Ernst Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\Ernst Jan\AppData\LocalLow\boost_interprocess deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 1920 MB
CPU Info: AMD Athlon(tm) 7750 Dual-Core Processor
CPU Speed: 2760,9 MHz
Sound Card: Luidsprekers (High Definition A |
Digitale audio (S/PDIF) (High D |
Display Adapters: ATI Radeon X1200 Series (Microsoft Corporation - WDDM) | ATI Radeon X1200 Series (Microsoft Corporation - WDDM) | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; SyncMaster 2333SW,SyncMaster Magic CX2333SW(Analog) |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: TAP-Windows Adapter V9 | Realtek PCIe FE Family Controller
CD / DVD Drives: 2x (E: | F: | ) E: BENQ DVD DC DW1670 | F: LITE-ON COMBO SOHC-5232K
Ports: COM1 | COM2 LPT1
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 98,2GB | D: 50,8GB
Hard Disks - Free: C: 52,0GB | D: 5,2GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 02/19/09 | DELL - 20090219
Time Zone: West-Europa (standaardtijd)
Motherboard *: FOXCONN A6VMX
Country: Nederland
Language: NLD

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Firewall: avast! Antivirus disabled
Default Browser: Google Chrome 37.0.2062.124
Internet Explorer Version: 11.0.9600.17280
Google Chrome version: 37.0.2062.124
Adobe Reader version: 10.1.12.15
Sun Java version: 1.8.0_20 (32-bit)
Sun Java version: 1.8.0_20 (64-bit)
Flash Player version: 15.0.0.152

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\ERNSTJ~1\AppData\Local\Temp ====
2014-09-29 20:31:10 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt4eu1f.dll
2014-09-27 19:49:59 A210F1AC135E5331C314CE5F394FB5A5 413276 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
2014-09-27 15:20:48 2F780F1FB1E91C4BAF971BDA0B458930 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\0xnsrdfm.dll
2014-09-27 15:18:49 341FE8984FAF6D3EEF90C6C4026D332A 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\jb0mzkvh.dll
2014-09-27 15:16:50 823AD65C89A4C29E35A34ADD1A5C6A20 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\ljdr-hwi.dll
2014-09-27 15:15:15 50D8474144DFA43FEE9EE3DE26853EAA 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\wfzjimpo.dll
2014-09-27 15:11:52 49C55FC7761829CC1AC7A02A1579899E 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\lujbzqkn.dll
2014-09-27 15:09:37 9D89F11533EB5963C57940D077D2BA6E 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\ybx9bz-k.dll
2014-09-27 15:07:11 EB5610F4E1BE688E6CFD15C1466FAAE8 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\plqfqrbl.dll
2014-09-27 15:05:38 6434855549EEA785583912374C1F354D 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\pgfey_rq.dll
2014-09-27 15:04:21 90B84E71838AC70EB4BEAFA68E46245C 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\x7zc3qub.dll
2014-09-27 15:01:39 8A87738E39A4D4F570A298EFD135A332 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\x3h6sfcq.dll
2014-09-27 14:59:10 D8BE4E10173322936AC6AC074D88C83B 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\pxlflxy2.dll
2014-09-26 21:26:33 B21F4B2C775E71BD44B633B597B0C8AC 8704 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\9yvbfuxc.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-09-26 20:18:52 C263F3E7E0523556964D661BC7CB9565 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-09-26 20:18:52 A8A87343CAE432677D82C0BCC753D905 2048 ----a-w- C:\Windows\Sysnative\tzres.dll
====== C:\Windows\Sysnative\drivers =====
2014-09-27 18:59:51 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-09-27 18:46:25 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-09-27 18:46:25 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
====== C:\Windows\Tasks ======
2014-09-20 21:25:33 77DC54942A585FB6332C946A5F53D760 3376 ----a-w- C:\Windows\Sysnative\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2182617548-714545827-371299177-1000
2014-09-14 23:01:38 21ECB34A53150CAE7E8879D7DF3FAD79 3878 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater
2014-09-14 23:01:35 49F1286F2D1FB01857B33C989A8D1480 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 21:10:44 C579AE436E914153BE7CE725C6B5A3A1 3354 ----a-w- C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2182617548-714545827-371299177-1000
2014-09-01 22:43:15 F70631A68892818EB57B11C27574F1DA 3228 ----a-w- C:\Windows\Sysnative\Tasks\{DE07930A-0094-4A29-8DBA-6F8A1A7DDD9B}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-11 23:05:11 -------- d-----w- C:\Program Files\iPod
2014-09-11 23:05:07 -------- d-----w- C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2014-09-26 21:00:10 -------- d-----w- C:\PROGRA~2\BlueStacks
2014-09-11 23:05:07 -------- d-----w- C:\PROGRA~2\iTunes
======= C: =====
====== C:\Users\Ernst Jan\AppData\Roaming ======
2014-09-26 20:58:53 -------- d-----w- C:\Users\Ernst Jan\AppData\Local\Bluestacks
====== C:\Users\Ernst Jan ======
2014-09-26 21:00:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-09-26 21:00:10 -------- d-----w- C:\ProgramData\BlueStacks
2014-09-11 23:06:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-11 23:05:07 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-03 19:54:39 -------- d-----w- C:\ProgramData\BlueStacksSetup

====== C: exe-files ==
2014-09-27 18:52:58 9682BED04B8E60802E8AD5D876525B01 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2182617548-714545827-371299177-1000\$IQ47N5T.exe
2014-09-26 20:50:03 6CF617A12FB9B7169B6C69D328F63389 39975504 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\37.0.2062.124\37.0.2062.124_chrome_installer.exe
2014-09-26 20:41:02 7CA4092A339EA30DE8FF06D3FF79D6ED 749648 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.124\37.0.2062.124_37.0.2062.120_chrome_updater.exe
2014-09-26 20:18:52 916CEC665A9879DEB15BBDD943B7350B 49664 ----a-w- C:\Windows\servicing\GC64\tzupd.exe
=== C: other files ==
2014-09-27 18:59:51 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-27 18:46:25 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-27 18:46:25 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2182617548-714545827-371299177-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash"
"Xvid"="C:\Program Files (x86)\Xvid\CheckUpdate.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"GoogleChromeAutoLaunch_6424BC8420E0248C7FF6B2381E6F015B"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"CCleaner Monitoring"="C:\Program Files (x86)\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"TkBellExe"="C:\Program Files (x86)\real\realplayer\update\realsched.exe -osboot"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash"
"Xvid"="C:\Program Files (x86)\Xvid\CheckUpdate.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"GoogleChromeAutoLaunch_6424BC8420E0248C7FF6B2381E6F015B"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"CCleaner Monitoring"="C:\Program Files (x86)\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Users\\Ernst Jan\\AppData\\Local\\Smartbar\\Application\\Resources\\crdlil.dll"

==== Startup Folders ======================

2014-08-14 21:06:40 1056 ----a-w- C:\Users\Ernst Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2014-08-08 20:43:19 1248 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
2014-08-09 12:30:00 1106 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15-09-2014 01:01]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03-06-2010 17:27]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03-06-2010 17:27]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files (x86)\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{CFC470B1-6083-4603-9CDB-3F2ACB64D9E2}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{49EDC34C-49DB-4BC4-B25C-00E595AA8C47}" [C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE]
"C:\Windows\SysNative\tasks\{7352AACD-11B6-46FF-BF8A-64930AE5E2A5}" [C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE]
"C:\Windows\SysNative\tasks\{F92F7B5D-D544-474E-B01A-BCAF781E6C20}" [C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2014-04-26 20:29:28 -------- d-----w- C:\PROGRA~3\FarmFrenzy3_Madagascar
2014-08-08 20:48:49 -------- d-----w- C:\PROGRA~3\RealNetworks
2014-08-26 19:38:01 -------- d-----w- C:\PROGRA~3\Oracle
2014-09-03 19:54:39 -------- d-----w- C:\PROGRA~3\BlueStacksSetup
2014-09-11 23:05:07 -------- d-----w- C:\PROGRA~3\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-26 21:00:10 -------- d-----w- C:\PROGRA~3\BlueStacks

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{9D2AA73B-6049-4799-B8AC-925723370070}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [08-08-2014 22:48]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07-08-2014 01:15]

YouTube - Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
avast Online Security - Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=AV01"
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/?pc=AV01"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{FF6206A0-E6D2-4B99-A64F-8856FCEC4F99} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta="

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\866B89815FCCF9248AF689735E34D977 deleted successfully

==== HijackThis Entries ======================

O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_6424BC8420E0248C7FF6B2381E6F015B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
O4 - Startup: Dropbox.lnk = Ernst Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files (x86)\real\realplayer\RPDS\Bin64\rpsystray.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - AppInit_DLLs: C:\Users\Ernst Jan\AppData\Local\Smartbar\Application\Resources\crdlil.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\BurnAware Free\NMSAccess32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files (x86)\Online Games Manager\ogmservice.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ernst Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=225 folders=71 88544598 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Ernst Jan\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ERNSTJ~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on di 30-09-2014 at 0:52:44,68 ======================
 
Hallo,

Schakel uw antivirussoftware tijdelijk uit en start Zoek.exe
51a612a8b27e2-Zoek.png
nogmaals. (voor meer informatie kunt u deze handleiding raadplegen)

  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
    Code: 
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
C:\Users\Ernst Jan\AppData\Local\Smartbar;fs
{3049C3E9-B461-4BC5-8870-4C09146192CA};c
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Voeg nu het geopende logbestand in het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)



Download
51a5d49d0da93-icon_EAM.png
Emsisoft Anti-Malware naar het bureaublad.
  • Dubbelklik op "EmsisoftAntiMalwareSetup.exe" om Emsisoft Anti-Malware te installeren.
  • Kies in het volgende scherm de gewenste taal en klik op "OK"
  • Selecteer de optie "Ik accepteer de licentieovereenkomst" en klik op "Installeren"
  • Klik in het licentiescherm op de knop "Volgende" .
  • Vink in het volgende scherm de optie "Update extra talen uit" en klik op volgende.
  • Klik nu op de optie "Computer scannen" en kies de optie "Slim" en druk op de knop "scan"
  • Laat de gevonden items in quarantaine plaatsen en klik op "Rapport bekijken" plaats de inhoud hiervan in het volgende bericht.
  • klik op volgende nogmaals op volgende en daarna op voltooien.
 
Zoek.exe v5.0.0.0 Updated 30-09-2014
Tool run by Ernst Jan on do 02-10-2014 at 0:31:53,37.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ernst Jan\Desktop\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-09-29-225244.log 32694 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2182617548-714545827-371299177-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3049C3E9-B461-4BC5-8870-4C09146192CA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Users\Ernst Jan\AppData\Local\Smartbar not found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=225 folders=71 88544598 bytes)

==== EOF on do 02-10-2014 at 0:35:31,71 ======================
 
Hallo,

Nu het logje van Emsisoft Anti-Malware nog.
 
Emsisoft Anti-Malware - Versie 9.0
Laatste Update: 2-10-2014 23:53:41
Gebruikersaccount: ErnstJan-PC\Ernst Jan

Scaninstellingen:

Scanmodus: Slimme scan
Objecten: Rootkits, Geheugen, Sporen, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\

Detecteer PUPs: Uit
Scan archieven: Uit
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit

Scan gestart: 2-10-2014 23:56:36
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Ontdekt: Application.Win32.WebApp (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DRIVERSCANNER Ontdekt: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.BANDOBJECTATTRIBUTE Ontdekt: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.DOCKINGPANEL Ontdekt: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.IESMARTBARBANDOBJECT Ontdekt: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.SMARTBARDISPLAYSTATE Ontdekt: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.SMARTBARMENUFORM Ontdekt: Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-2182617548-714545827-371299177-1000\SOFTWARE\SYSTWEAK Ontdekt: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK Ontdekt: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASAPI32 Ontdekt: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASMANCS Ontdekt: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\TRYMEDIA SYSTEMS Ontdekt: Application.Win32.TryAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Ontdekt: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-2182617548-714545827-371299177-1000\SOFTWARE\YAHOOPARTNERTOOLBAR Ontdekt: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Ontdekt: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32 Ontdekt: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS Ontdekt: Application.Win32.InstallExt (A)

Gescand: 180496
Gevonden: 17

Scan geindigd: 3-10-2014 1:02:13
Scantijd: 1:05:37
 
Hallo,

Heb je Emsisoft het genen wat is gevonden ook in quarantaine laten plaatsen?

Download
536cf876403ee-AdwCleaner_Icon.png
AdwCleaner - Alternatieve downloadlink by Xplode naar het bureaublad.

AdwCleaner uitvoeren
  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik vervolgens op de knop Scannen.
  • Wanneer de scan gereed is Klikt u vervolgens op de knop Verwijderen.
  • Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  • Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  • Plaats dit logbestand in het volgende bericht.


Vertel hierna ook hoe het gaat?
 
Laatst bewerkt door een moderator:
dat ben ik idd vergeten te doen, moet hij opnieuw gepost worden
 
Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by Ernst Jan on di 30-09-2014 at 0:15:59,74.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ernst Jan\Desktop\Downloads\zoek.exe [Scan all users] [Script inserted]


==== System Restore Info ======================


30-9-2014 0:20:14 Zoek.exe System Restore Point Created Succesfully.


==== Torpig Check ======================


HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll




==== Deleting CLSID Registry Keys ======================




==== Deleting CLSID Registry Values ======================




==== Running Processes ======================


C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\BurnAware Free\NMSAccess32.exe
C:\Program Files (x86)\Online Games Manager\ogmservice.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Users\Ernst Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\PROGRA~2\MICROS~1\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Ernst Jan\Desktop\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe


==== Deleting Services ======================




==== Deleting Files \ Folders ======================


C:\PROGRA~3\35125 deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector deleted
C:\Users\Ernst Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\Ernst Jan\AppData\LocalLow\boost_interprocess deleted


==== System Specs ======================


Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 1920 MB
CPU Info: AMD Athlon(tm) 7750 Dual-Core Processor
CPU Speed: 2760,9 MHz
Sound Card: Luidsprekers (High Definition A |
Digitale audio (S/PDIF) (High D |
Display Adapters: ATI Radeon X1200 Series (Microsoft Corporation - WDDM) | ATI Radeon X1200 Series (Microsoft Corporation - WDDM) | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; SyncMaster 2333SW,SyncMaster Magic CX2333SW(Analog) |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: TAP-Windows Adapter V9 | Realtek PCIe FE Family Controller
CD / DVD Drives: 2x (E: | F: | ) E: BENQ DVD DC DW1670 | F: LITE-ON COMBO SOHC-5232K
Ports: COM1 | COM2 LPT1
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 98,2GB | D: 50,8GB
Hard Disks - Free: C: 52,0GB | D: 5,2GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 02/19/09 | DELL - 20090219
Time Zone: West-Europa (standaardtijd)
Motherboard *: FOXCONN A6VMX
Country: Nederland
Language: NLD


==== System Specs (Software) ======================


Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Firewall: avast! Antivirus disabled
Default Browser: Google Chrome 37.0.2062.124
Internet Explorer Version: 11.0.9600.17280
Google Chrome version: 37.0.2062.124
Adobe Reader version: 10.1.12.15
Sun Java version: 1.8.0_20 (32-bit)
Sun Java version: 1.8.0_20 (64-bit)
Flash Player version: 15.0.0.152


==== Files Recently Created / Modified ======================


====== C:\Windows ====
====== C:\Users\ERNSTJ~1\AppData\Local\Temp ====
2014-09-29 20:31:10 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt4eu1f.dll
2014-09-27 19:49:59 A210F1AC135E5331C314CE5F394FB5A5 413276 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
2014-09-27 15:20:48 2F780F1FB1E91C4BAF971BDA0B458930 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\0xnsrdfm.dll
2014-09-27 15:18:49 341FE8984FAF6D3EEF90C6C4026D332A 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\jb0mzkvh.dll
2014-09-27 15:16:50 823AD65C89A4C29E35A34ADD1A5C6A20 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\ljdr-hwi.dll
2014-09-27 15:15:15 50D8474144DFA43FEE9EE3DE26853EAA 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\wfzjimpo.dll
2014-09-27 15:11:52 49C55FC7761829CC1AC7A02A1579899E 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\lujbzqkn.dll
2014-09-27 15:09:37 9D89F11533EB5963C57940D077D2BA6E 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\ybx9bz-k.dll
2014-09-27 15:07:11 EB5610F4E1BE688E6CFD15C1466FAAE8 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\plqfqrbl.dll
2014-09-27 15:05:38 6434855549EEA785583912374C1F354D 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\pgfey_rq.dll
2014-09-27 15:04:21 90B84E71838AC70EB4BEAFA68E46245C 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\x7zc3qub.dll
2014-09-27 15:01:39 8A87738E39A4D4F570A298EFD135A332 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\x3h6sfcq.dll
2014-09-27 14:59:10 D8BE4E10173322936AC6AC074D88C83B 86016 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\pxlflxy2.dll
2014-09-26 21:26:33 B21F4B2C775E71BD44B633B597B0C8AC 8704 ----a-w- C:\Users\Ernst Jan\AppData\Local\Temp\9yvbfuxc.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-09-26 20:18:52 C263F3E7E0523556964D661BC7CB9565 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-09-26 20:18:52 A8A87343CAE432677D82C0BCC753D905 2048 ----a-w- C:\Windows\Sysnative\tzres.dll
====== C:\Windows\Sysnative\drivers =====
2014-09-27 18:59:51 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-09-27 18:46:25 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-09-27 18:46:25 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
====== C:\Windows\Tasks ======
2014-09-20 21:25:33 77DC54942A585FB6332C946A5F53D760 3376 ----a-w- C:\Windows\Sysnative\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2182617548-714545827-371299177-1000
2014-09-14 23:01:38 21ECB34A53150CAE7E8879D7DF3FAD79 3878 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater
2014-09-14 23:01:35 49F1286F2D1FB01857B33C989A8D1480 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 21:10:44 C579AE436E914153BE7CE725C6B5A3A1 3354 ----a-w- C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2182617548-714545827-371299177-1000
2014-09-01 22:43:15 F70631A68892818EB57B11C27574F1DA 3228 ----a-w- C:\Windows\Sysnative\Tasks\{DE07930A-0094-4A29-8DBA-6F8A1A7DDD9B}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-11 23:05:11 -------- d-----w- C:\Program Files\iPod
2014-09-11 23:05:07 -------- d-----w- C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2014-09-26 21:00:10 -------- d-----w- C:\PROGRA~2\BlueStacks
2014-09-11 23:05:07 -------- d-----w- C:\PROGRA~2\iTunes
======= C: =====
====== C:\Users\Ernst Jan\AppData\Roaming ======
2014-09-26 20:58:53 -------- d-----w- C:\Users\Ernst Jan\AppData\Local\Bluestacks
====== C:\Users\Ernst Jan ======
2014-09-26 21:00:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-09-26 21:00:10 -------- d-----w- C:\ProgramData\BlueStacks
2014-09-11 23:06:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-11 23:05:07 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-03 19:54:39 -------- d-----w- C:\ProgramData\BlueStacksSetup


====== C: exe-files ==
2014-09-27 18:52:58 9682BED04B8E60802E8AD5D876525B01 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2182617548-714545827-371299177-1000\$IQ47N5T.exe
2014-09-26 20:50:03 6CF617A12FB9B7169B6C69D328F63389 39975504 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\37.0.2062.124\37.0.2062.124_chrome_installer.exe
2014-09-26 20:41:02 7CA4092A339EA30DE8FF06D3FF79D6ED 749648 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.124\37.0.2062.124_37.0.2062.120_chrome_updater.exe
2014-09-26 20:18:52 916CEC665A9879DEB15BBDD943B7350B 49664 ----a-w- C:\Windows\servicing\GC64\tzupd.exe
=== C: other files ==
2014-09-27 18:59:51 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-27 18:46:25 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-27 18:46:25 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys


==== Startup Registry Enabled ======================


[HKEY_USERS\S-1-5-21-2182617548-714545827-371299177-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash"
"Xvid"="C:\Program Files (x86)\Xvid\CheckUpdate.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"GoogleChromeAutoLaunch_6424BC8420E0248C7FF6B2381E6F015B"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"CCleaner Monitoring"="C:\Program Files (x86)\CCleaner\CCleaner64.exe /MONITOR"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"TkBellExe"="C:\Program Files (x86)\real\realplayer\update\realsched.exe -osboot"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash"
"Xvid"="C:\Program Files (x86)\Xvid\CheckUpdate.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"GoogleChromeAutoLaunch_6424BC8420E0248C7FF6B2381E6F015B"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"CCleaner Monitoring"="C:\Program Files (x86)\CCleaner\CCleaner64.exe /MONITOR"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Users\\Ernst Jan\\AppData\\Local\\Smartbar\\Application\\Resources\\crdlil.dll"


==== Startup Folders ======================


2014-08-14 21:06:40 1056 ----a-w- C:\Users\Ernst Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2014-08-08 20:43:19 1248 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
2014-08-09 12:30:00 1106 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk


==== Task Scheduler Jobs ======================


C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15-09-2014 01:01]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03-06-2010 17:27]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03-06-2010 17:27]


==== Other Scheduled Tasks ======================


"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files (x86)\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-2182617548-714545827-371299177-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{CFC470B1-6083-4603-9CDB-3F2ACB64D9E2}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{49EDC34C-49DB-4BC4-B25C-00E595AA8C47}" [C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE]
"C:\Windows\SysNative\tasks\{7352AACD-11B6-46FF-BF8A-64930AE5E2A5}" [C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE]
"C:\Windows\SysNative\tasks\{F92F7B5D-D544-474E-B01A-BCAF781E6C20}" [C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]


==== Folders in C:\PROGRA~3 0-6 Months Old ======================


2014-04-26 20:29:28 -------- d-----w- C:\PROGRA~3\FarmFrenzy3_Madagascar
2014-08-08 20:48:49 -------- d-----w- C:\PROGRA~3\RealNetworks
2014-08-26 19:38:01 -------- d-----w- C:\PROGRA~3\Oracle
2014-09-03 19:54:39 -------- d-----w- C:\PROGRA~3\BlueStacksSetup
2014-09-11 23:05:07 -------- d-----w- C:\PROGRA~3\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-26 21:00:10 -------- d-----w- C:\PROGRA~3\BlueStacks


==== Firefox Extensions Registry ======================


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{9D2AA73B-6049-4799-B8AC-925723370070}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [08-08-2014 22:48]


==== Firefox Extensions ======================


==== Firefox Plugins ======================




==== Chromium Look ======================


HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07-08-2014 01:15]


YouTube - Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
avast Online Security - Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia


==== Set IE to Default ======================


Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=AV01"
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"


New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/?pc=AV01"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"


==== All HKCU SearchScopes ======================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{FF6206A0-E6D2-4B99-A64F-8856FCEC4F99} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta="


==== Deleting Registry Keys ======================


HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\866B89815FCCF9248AF689735E34D977 deleted successfully


==== HijackThis Entries ======================


O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_6424BC8420E0248C7FF6B2381E6F015B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
O4 - Startup: Dropbox.lnk = Ernst Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files (x86)\real\realplayer\RPDS\Bin64\rpsystray.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - AppInit_DLLs: C:\Users\Ernst Jan\AppData\Local\Smartbar\Application\Resources\crdlil.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\BurnAware Free\NMSAccess32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files (x86)\Online Games Manager\ogmservice.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


==== Empty IE Cache ======================


C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ernst Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully


==== Empty FireFox Cache ======================


No FireFox Cache found


==== Empty Chrome Cache ======================


C:\Users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully


==== Empty All Flash Cache ======================


Flash Cache Emptied Successfully


==== Empty All Java Cache ======================


Java Cache cleared successfully


==== C:\zoek_backup content ======================


C:\zoek_backup (files=225 folders=71 88544598 bytes)


==== Empty Temp Folders ======================


C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Ernst Jan\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot


==== After Reboot ======================


==== Empty Temp Folders ======================


C:\Windows\Temp successfully emptied
C:\Users\ERNSTJ~1\AppData\Local\Temp successfully emptied


==== Empty Recycle Bin ======================


C:\$RECYCLE.BIN successfully emptied


==== EOF on di 30-09-2014 at 0:52:44,68 ======================

---------- Bericht toegevoegd op 23:02 ---------- Vorige bericht was op 22:34 ----------

# AdwCleaner v3.311 - Rapport aangemaakt 04/10/2014 op 22:48:42
# Laatste Update 30/09/2014 door Xplode
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Gebruikersnaam : Ernst Jan - ERNSTJAN-PC
# Gestart vanuit : C:\Users\Ernst Jan\Desktop\Downloads\adwcleaner_3.311.exe
# Optie : Verwijderen

***** [ Services ] *****


***** [ Bestanden / Mappen ] *****


***** [ Taken ] *****

Taak Verwijderd : advanced-System Protector_startup
Taak Verwijderd : ASP

***** [ Snelkoppelingen ] *****


***** [ Register ] *****

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Sleutel Verwijderd : HKCU\Software\UpdateStar
Sleutel Verwijderd : HKLM\SOFTWARE\Uniblue
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v

[ Bestand : C:\Users\Ernst Jan\AppData\Roaming\Mozilla\Firefox\Profiles\2\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ Bestand : C:\Users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2811 octets] - [04/10/2014 22:39:56]
AdwCleaner[S0].txt - [2662 octets] - [04/10/2014 22:48:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2722 octets] ##########

---------- Bericht toegevoegd op 23:03 ---------- Vorige bericht was op 23:02 ----------

# AdwCleaner v3.311 - Rapport aangemaakt 04/10/2014 op 22:48:42
# Laatste Update 30/09/2014 door Xplode
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Gebruikersnaam : Ernst Jan - ERNSTJAN-PC
# Gestart vanuit : C:\Users\Ernst Jan\Desktop\Downloads\adwcleaner_3.311.exe
# Optie : Verwijderen

***** [ Services ] *****


***** [ Bestanden / Mappen ] *****


***** [ Taken ] *****

Taak Verwijderd : advanced-System Protector_startup
Taak Verwijderd : ASP

***** [ Snelkoppelingen ] *****


***** [ Register ] *****

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Sleutel Verwijderd : HKCU\Software\UpdateStar
Sleutel Verwijderd : HKLM\SOFTWARE\Uniblue
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v

[ Bestand : C:\Users\Ernst Jan\AppData\Roaming\Mozilla\Firefox\Profiles\2\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ Bestand : C:\Users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2811 octets] - [04/10/2014 22:39:56]
AdwCleaner[S0].txt - [2662 octets] - [04/10/2014 22:48:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2722 octets] ##########

---------- Bericht toegevoegd op 00:10 ---------- Vorige bericht was op 23:03 ----------

# AdwCleaner v3.311 - Rapport aangemaakt 04/10/2014 op 22:48:42
# Laatste Update 30/09/2014 door Xplode
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Gebruikersnaam : Ernst Jan - ERNSTJAN-PC
# Gestart vanuit : C:\Users\Ernst Jan\Desktop\Downloads\adwcleaner_3.311.exe
# Optie : Verwijderen

***** [ Services ] *****


***** [ Bestanden / Mappen ] *****


***** [ Taken ] *****

Taak Verwijderd : advanced-System Protector_startup
Taak Verwijderd : ASP

***** [ Snelkoppelingen ] *****


***** [ Register ] *****

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Sleutel Verwijderd : HKCU\Software\UpdateStar
Sleutel Verwijderd : HKLM\SOFTWARE\Uniblue
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v

[ Bestand : C:\Users\Ernst Jan\AppData\Roaming\Mozilla\Firefox\Profiles\2\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ Bestand : C:\Users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2811 octets] - [04/10/2014 22:39:56]
AdwCleaner[S0].txt - [2662 octets] - [04/10/2014 22:48:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2722 octets] ##########

---------- Bericht toegevoegd op 00:15 ---------- Vorige bericht was op 00:10 ----------

hij wil het blog van adwcleaner niet posten
 
Hallo,

Het logje staat er toch wel :wink:
Hoe draait de pc nu na deze schoonmaak beurt?
 
slecht
e-mail laad niet of zeer traag
pagina"s laden traag
anti virus wordt steeds uitgeschakeld zonder dat ik toestemming geef

maar ik weet niet of dit nog hier hoort
 
Hallo,

Dan gaan we wat dieper kijken:

Schakel uw antivirussoftware tijdelijk uit en download
51a5bf3d99e8a-ComboFixlogo16.png
ComboFix van n van de onderstaande locaties naar het bureaublad.

  1. Bleeping Computer
  2. Info Spyware

ComboFix uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
  • Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  • Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  • Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  • Klik in het info scherm op "Ja" als de Recovery Console met succes is genstalleerd.
  • Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  • Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  • Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  • Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  • Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Voeg dit logbestand in het volgende bericht toe.
    (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\ComboFix.txt.)

* Noot !!! Indien u n van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.
  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Illegal operation attempted on a registry key that has been marked for deletion.
 
ComboFix 14-10-04.01 - Ernst Jan 05-10-2014 22:11:26.12.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.1919.774 [GMT 2:00]
Gestart vanuit: c:\users\Ernst Jan\Desktop\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\ar\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\bg\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\ca\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\cs\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\da\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\de\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\el\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\en\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\es\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\fi\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\fr\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\he\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\hr\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\hu\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\id\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\it\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\ja\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\ko\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\nb\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\nl\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\pl\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\pt_BR\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\pt_PT\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\ro\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\ru\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\sk\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\sl\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\sr\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\sv\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\te\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\tr\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\uk\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\vi\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\zh_CN\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_locales\zh_TW\messages.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\_metadata\verified_contents.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\adblock_start_chrome.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\adblock_start_common.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\background.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\bandaids.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\button\popup.css
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\button\popup.html
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\button\popup.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\button\search\search.css
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\button\search\search.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\CHANGELOG.txt
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\checkupdates.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\filtering\domainset.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\filtering\filternormalizer.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\filtering\filteroptions.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\filtering\filterset.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\filtering\filtertypes.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\filtering\myfilters.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\functions.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\idlehandler.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\delete.gif
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\facebook-sprite.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\gifloader.gif
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\gplus-sprite.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon128.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon16.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon16_grayscale.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon16_grayscale@2x.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon19-grayscale.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon19-whitelisted.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon19.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon24.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon32.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon38-grayscale.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon38-whitelisted.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon38.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\icon48.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\logo.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\search\check.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\search\magnifying_glass.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\search\search-engine-card_no-shadow.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\search\search-engine-icons.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\search\search-omnibox-card_no-shadow.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\search\search_engine_select_arrow.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\img\twitter-sprite.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\css\images\ui-icons_056b93_256x240.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\css\jquery-ui.custom.css
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\css\override-page.css
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\jquery-ui.custom.min.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\jquery.cookie.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\jquery\jquery.min.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\LICENSE
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\manifest.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\options\customize.html
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\options\customize.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\options\filters.html
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\options\filters.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\options\general.html
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\options\general.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\options\index.html
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\options\index.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\options\options.css
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\options\support.html
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\options\support.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\pages\adreport.html
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\pages\adreport.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\pages\resourceblock.html
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\pages\resourceblock.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\pages\subscribe.html
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\pages\subscribe.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\port.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\README.markdown
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\search\focus.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\search\incognito.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\search\pitchpage.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\search\search-plus-one.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\search\secure_reminder.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\search\serp.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\stats.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\translators.json
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\uiscripts\blacklisting\blacklistui.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\uiscripts\blacklisting\clickwatcher.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\uiscripts\blacklisting\elementchain.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\uiscripts\blacklisting\overlay.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\uiscripts\blacklisting\rightclick_hook.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\uiscripts\load_jquery_ui.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\uiscripts\send_content_to_back.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\uiscripts\top_open_blacklist_ui.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\uiscripts\top_open_whitelist_ui.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\ytchannel.js
c:\users\Ernst Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-09-05 to 2014-10-05 ))))))))))))))))))))))))))))))
.
.
2014-09-27 18:59 . 2014-10-05 19:53 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-27 18:46 . 2014-09-27 18:46 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-27 18:46 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-27 18:46 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-26 21:00 . 2014-09-27 15:22 -------- d-----w- c:\program files (x86)\BlueStacks
2014-09-26 21:00 . 2014-09-26 21:00 -------- d-----w- c:\programdata\BlueStacks
2014-09-26 20:58 . 2014-09-26 20:58 -------- d-----w- c:\users\Ernst Jan\AppData\Local\Bluestacks
2014-09-26 20:18 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-26 20:18 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-15 00:05 . 2014-08-18 21:16 13588480 ----a-w- c:\windows\system32\ieframe.dll
2014-09-14 23:48 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-14 23:48 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-14 23:46 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-14 23:46 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-14 23:45 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-14 23:45 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-14 23:44 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-14 23:44 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-14 23:44 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-14 23:44 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-14 23:44 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-14 23:01 . 2014-09-14 23:01 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-14 23:01 . 2014-09-14 23:01 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-11 23:05 . 2014-09-11 23:05 -------- d-----w- c:\program files\iPod
2014-09-11 23:05 . 2014-09-11 23:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-11 23:05 . 2014-09-11 23:06 -------- d-----w- c:\program files\iTunes
2014-09-11 23:05 . 2014-09-11 23:06 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-15 07:06 . 2010-05-09 20:54 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-14 23:50 . 2010-05-09 20:56 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-31 19:29 . 2010-06-24 09:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-26 19:40 . 2014-09-01 22:36 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-23 02:07 . 2014-08-28 21:05 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 21:05 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 21:05 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-13 17:25 . 2014-08-13 17:25 341848 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2014-08-08 20:40 . 2014-03-12 17:26 505416 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-08-08 20:40 . 2014-03-12 17:26 353864 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-08-06 23:22 . 2013-11-10 14:42 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-06 23:16 . 2013-12-27 15:53 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-08-06 23:16 . 2014-04-25 12:23 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-06 23:16 . 2013-03-22 16:06 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-06 23:16 . 2013-03-22 16:06 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-06 23:16 . 2012-11-24 15:58 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-08-06 23:16 . 2012-11-24 15:58 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-06 23:16 . 2011-01-17 19:21 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-06 23:16 . 2012-11-24 15:58 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-06 23:16 . 2014-08-06 23:16 43152 ----a-w- c:\windows\avastSS.scr
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 02:02 . 2014-08-12 19:38 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-12 19:38 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-12 19:38 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-12 19:38 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-12 19:38 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-12 19:38 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-12 19:38 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-12 19:38 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-12 19:38 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GoogleChromeAutoLaunch_6424BC8420E0248C7FF6B2381E6F015B"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-09-23 852808]
"CCleaner Monitoring"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-08-19 448856]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-06 4085896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2014-08-08 296520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-08-13 835288]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2014-10-02 4867544]
.
c:\users\Ernst Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RealPlayer Cloud Service UI.lnk - c:\program files (x86)\real\realplayer\RPDS\Bin64\rpsystray.exe [2014-8-8 1022048]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
S3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MBAMSWISSARMY
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-26 20:50 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14 23:01]
.
2014-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 15:27]
.
2014-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 15:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-06 23:16 634872 -c--a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ernst Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2014-10-05 22:33:26
ComboFix-quarantined-files.txt 2014-10-05 20:33
ComboFix2.txt 2012-12-12 21:01
ComboFix3.txt 2012-09-27 20:42
ComboFix4.txt 2012-07-19 21:22
ComboFix5.txt 2012-12-14 15:43
.
Pre-Run: 53.591.482.368 bytes beschikbaar
Post-Run: 53.286.248.448 bytes beschikbaar
.
- - End Of File - - F2B49F7451E92CEBE77B56AD919BD5E5
A36C5E4F47E84449FF07ED3517B43A31
 
Hallo,

Emsisoft Anti-Malware mag je weer verwijderen:
Klik op Start > Configuratiescherm > Een programma verwijderen:
Emsisoft Anti-Malware


Vertel hoe het hierna gaat?
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan