Hoe YTDownloader verwijderen?

Hallo,

laptop toshiba satellite
MS Windows-Vista Home Basic 32-bitIntell CPU T2130@1.86GHz

Een vervelend progje binnen gehaald : YTdownloader..
Als ik hem wil deinstalleren krijg ik via avast melding dat hij iets onderschept heeft en word YT niet verwijderd.
wat nu? volgens mij zit er nog meer rommel op deze laptop :StormWatch



mbamlog:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27-10-2014
Scan Time: 22:03:51
Logfile: mbamlog 27 10 14.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.27.07
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: User 2

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334135
Time Elapsed: 31 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\StormWatch.exe, 1324, , [309139defd7fef478afff164fb0504fc]
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\StormWatchApp.exe, 1032, , [6a57e63189f3b482a3e64114728e26da]

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Snapdo.T, HKU\S-1-5-21-642785346-2969384324-3470712507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [4c75da3d82fa80b6bf588361689aed13],
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-642785346-2969384324-3470712507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, , [14adb7603c40e056af57cd552cd743bd],

Registry Values: 1
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [7f427e99f884eb4bc29aa2882ad918e8]

Registry Data: 5
PUP.Optional.HelperBar.A, HKU\S-1-5-21-642785346-2969384324-3470712507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOHNtCjEKa5Dd2hquBxqNno5kqGRoLrfjZMtxoH2T4bPM9jCC7P6N-An0sh8YyL8E43k1U7JTjol2GQFhOkFPAKLsTgt_59jLbew5LeRaFQxrFQeX1yW7b2VLCTJ0UWzA0SzpJLeylXnjw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOHNtCjEKa5Dd2hquBxqNno5kqGRoLrfjZMtxoH2T4bPM9jCC7P6N-An0sh8YyL8E43k1U7JTjol2GQFhOkFPAKLsTgt_59jLbew5LeRaFQxrFQeX1yW7b2VLCTJ0UWzA0SzpJLeylXnjw,,&q={searchTerms}),,[a918a6714b31b87e17c22500fa0b48b8]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-642785346-2969384324-3470712507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOHNtCjEKa5Dd2hquBxqNno5kqGRoLrfjZMtxoH2T4bPM9jCC7P6N-An0sh8YyL8E43k1U7JTjol2GQFhOkFPAKLsTgt_59jLbew5LeRaFQxrFQeX1yW7b2VLCTJ0UWzA0SzpJLeylXnjw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOHNtCjEKa5Dd2hquBxqNno5kqGRoLrfjZMtxoH2T4bPM9jCC7P6N-An0sh8YyL8E43k1U7JTjol2GQFhOkFPAKLsTgt_59jLbew5LeRaFQxrFQeX1yW7b2VLCTJ0UWzA0SzpJLeylXnjw,,&q={searchTerms}),,[843dbf580d6f7cba3b9d8b9a39cc9868]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-642785346-2969384324-3470712507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOHNtCjEKa5Dd2hquBxqNno5kqGRoLrfjZMtxoH2T4bPM9jCC7P6N-An0sh8YyL8E43k1U7JTjol2GQFhOkFPAKLsTgt_59jLbew5LeRaFQxrFQeX1yW7b2VLCTJ0UWzA0SzpJLeylXnjw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOHNtCjEKa5Dd2hquBxqNno5kqGRoLrfjZMtxoH2T4bPM9jCC7P6N-An0sh8YyL8E43k1U7JTjol2GQFhOkFPAKLsTgt_59jLbew5LeRaFQxrFQeX1yW7b2VLCTJ0UWzA0SzpJLeylXnjw,,&q={searchTerms}),,[f2cfea2d2854191d9b40f233df2607f9]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-642785346-2969384324-3470712507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOHNtCjEKa5Dd2hquBxqNno5kqGRoLrfjZMtxoH2T4bPM9jCC7P6N-An0sh8YyL8E43k1U7JTjol2GQFhOkFPAKLsTgt_59jLbew5LeRaFQxrFQeX1yW7b2VLCTJ0UWzA0SzpJLeylXnjw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOHNtCjEKa5Dd2hquBxqNno5kqGRoLrfjZMtxoH2T4bPM9jCC7P6N-An0sh8YyL8E43k1U7JTjol2GQFhOkFPAKLsTgt_59jLbew5LeRaFQxrFQeX1yW7b2VLCTJ0UWzA0SzpJLeylXnjw,,&q={searchTerms}),,[3e839a7dc5b789ad3e9e32f3c243966a]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-642785346-2969384324-3470712507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOHNtCjEKa5Dd2hquBxqNno5kqGRoLrfjZMtxoH2T4bPM9jCC7P6N-An0sh8YyL8E43k1U7JTjol2GQFhOkFPAKLsTgt_59jLbew5LeRaFQxrFQeX1yW7b2VLCTJ0UWzA0SzpJLeylXnjw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOHNtCjEKa5Dd2hquBxqNno5kqGRoLrfjZMtxoH2T4bPM9jCC7P6N-An0sh8YyL8E43k1U7JTjol2GQFhOkFPAKLsTgt_59jLbew5LeRaFQxrFQeX1yW7b2VLCTJ0UWzA0SzpJLeylXnjw,,&q={searchTerms}),,[15ac4fc8b6c66dc9ca0d75b007fe5ca4]

Folders: 6
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\locales, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\plugin, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\Weather_Protector_LLC, , [f9c8c354e09c37ff20ad64ba887bb947],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\Weather_Protector_LLC\StormWatch.exe_Url_xgn0xi4ckkgv2hxb3rvrzofw452iviyr, , [f9c8c354e09c37ff20ad64ba887bb947],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\Weather_Protector_LLC\StormWatch.exe_Url_xgn0xi4ckkgv2hxb3rvrzofw452iviyr\1.5.0.0, , [f9c8c354e09c37ff20ad64ba887bb947],

Files: 20
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\StormWatch.exe, , [309139defd7fef478afff164fb0504fc],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\StormWatchApp.exe, , [6a57e63189f3b482a3e64114728e26da],
PUP.Optional.DownloadAdmin, C:\Users\User 2\Downloads\installer_spyhunter_4_2_24_Dutch.exe, , [ba07dc3b5e1e89ad6a1915b55ba69070],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\cbsetup.tmp, , [922fff18037970c60386a3b2f30d54ac],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\StormUpdater.exe, , [447d997eabd12412a60619b7dd242ad6],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\StormWatchappuninstall.exe, , [bc05a0779ddf32041178c98c6c94916f],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\StormWatchBrowser.exe, , [be032ceb5d1f8ea84940a9acb64a28d8],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk, , [9b26b1663e3e989e64eea08332d158a8],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\StormWatch.exe.config, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\ffmpegsumo.dll, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\ICSharpCode.SharpZipLib.dll, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\icudt.dll, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\libcef.dll, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\StormUpdater.exe.config, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\StormWatchApp.dat, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\uninstall.exe, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\locales\en-US.pak, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\StormWatch\plugin\npswf32.dll, , [4f727b9cd6a651e5084bcf54a45f23dd],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk, , [b30edb3cf58723139d0ee2b47a8a42be],
PUP.Optional.StormWatch.A, C:\Users\User 2\AppData\Local\Weather_Protector_LLC\StormWatch.exe_Url_xgn0xi4ckkgv2hxb3rvrzofw452iviyr\1.5.0.0\user.config, , [f9c8c354e09c37ff20ad64ba887bb947],

Physical Sectors: 0
(No malicious items detected)


(end)
--------------------------------------------
hjtlog:[hjt]
ogfile of random's system information tool 1.10 (written by random/random)
Run by User 2 at 2014-10-27 22:00:12
Microsoft Windows Vista Home Basic Service Pack 2
System drive C: has 14 GB (25%) free of 57 GB
Total RAM: 2039 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:00:31, on 27-10-2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16584)
Boot mode: Normal

Running processes:
c:\windows\explorer.exe
c:\windows\system32\taskeng.exe
c:\program files\avast software\avast\avastui.exe
c:\users\user 2\appdata\local\stormwatch\stormwatch.exe
c:\users\user 2\appdata\local\stormwatch\stormwatchapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\dllhost.exe
c:\program files\ytdownloader\ytduninstall.exe
c:\program files\internet explorer\iexplore.exe
e:\frostwire 5\frostwire.exe
c:\program files\ccleaner\ccleaner.exe
e:\office\winword.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\searchfilterhost.exe
c:\users\user 2\downloads\rsit.exe
c:\program files\trend micro\user 2.exe

r1 - hkcu\software\microsoft\internet explorer\main,search bar = [noparse]http://feed.helperbar.com/?p=mko_awfzxipyrbpgr6jy1ks2e111homavhqaxqhslvfcqvikmwf5fohntcjeka5dd2hqubxqnno5kqgrolrfjzmtxoh2t4bpm9jcc7p6n-an0sh8yyl8e43k1u7jtjol2gqfhokfpaklstgt_59jlbew5lerafqxrfqex1yw7b2vlctj0uwza0szpjleylxnjw,,&q={searchterms}[/noparse]
r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://feed.helperbar.com/?p=mko_awfzxipyrbpgr6jy1ks2e111homavhqaxqhslvfcqvikmwf5fohntcjeka5dd2hqubxqnno5kqgrolrfjzmtxoh2t4bpm9jcc7p6n-an0sh8yyl8e43k1u7jtjol2gqfhokfpaklstgt_59jlbew5lerafqxrfqex1yw7b2vlctj0uwza0szpjleylxnjw,,&q={searchterms}[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]https://www.google.nl[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hkcu\software\microsoft\internet explorer\search,default_search_url = [noparse]http://feed.helperbar.com/?p=mko_awfzxipyrbpgr6jy1ks2e111homavhqaxqhslvfcqvikmwf5fohntcjeka5dd2hqubxqnno5kqgrolrfjzmtxoh2t4bpm9jcc7p6n-an0sh8yyl8e43k1u7jtjol2gqfhokfpaklstgt_59jlbew5lerafqxrfqex1yw7b2vlctj0uwza0szpjleylxnjw,,&q={searchterms}[/noparse]
r1 - hkcu\software\microsoft\internet explorer\search,searchassistant = [noparse]http://feed.helperbar.com/?p=mko_awfzxipyrbpgr6jy1ks2e111homavhqaxqhslvfcqvikmwf5fohntcjeka5dd2hqubxqnno5kqgrolrfjzmtxoh2t4bpm9jcc7p6n-an0sh8yyl8e43k1u7jtjol2gqfhokfpaklstgt_59jlbew5lerafqxrfqex1yw7b2vlctj0uwza0szpjleylxnjw,,&q={searchterms}[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,local page =
r0 - hklm\software\microsoft\internet explorer\main,local page =
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o2 - bho: adobe pdf reader help bij koppelingen - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: java(tm) plug-in ssv helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
o2 - bho: avast! online security - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
o2 - bho: windows live id sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: windows live messenger companion helper - {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
o4 - hklm\..\run: [avastui.exe] c:\program files\avast software\avast\avastui.exe /nogui
o4 - hklm\..\run: [ytdownloader] c:\program files\ytdownloader\ytdownloader.exe /boot
o4 - hkcu\..\run: [ccleaner] c:\program files\ccleaner\ccleaner.exe /auto
o4 - hkcu\..\run: [ccleaner monitoring] c:\program files\ccleaner\ccleaner.exe /monitor
o4 - hkcu\..\run: [ytdownloader] c:\program files\ytdownloader\ytdownloader.exe /boot
o4 - startup: stormwatch.lnk = c:\users\user 2\appdata\local\stormwatch\stormwatch.exe
o4 - startup: stormwatchapp.lnk = c:\users\user 2\appdata\local\stormwatch\stormwatchapp.exe
o6 - hklm\software\policies\microsoft\internet explorer\control panel present
o8 - extra context menu item: free youtube download - c:\users\user 2\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
o9 - extra button: @c:\program files\windows live\companion\companionlang.dll,-600 - {0000036b-c524-4050-81a0-243669a86b9f} - c:\program files\windows live\companion\companioncore.dll
o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - (no file)
o9 - extra 'tools' menuitem: sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - (no file)
o9 - extra button: @c:\program files\windows live\writer\windowslivewritershortcuts.dll,-1004 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: @c:\program files\windows live\writer\windowslivewritershortcuts.dll,-1003 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o16 - dpf: garmin communicator plug-in - [noparse]https://static.garmincdn.com/gcp/ie/4.1.0.0/garminaxcontrol_32.cab[/noparse]
o16 - dpf: {5d637fad-e202-48d1-8f18-5b9c459bd1e3} - [noparse]http://verkopen.marktplaats.nl/js/widgets/imageuploader/aurigma/5_7_24_0/imageuploader5.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o18 - protocol: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll
o22 - sharedtaskscheduler: component categories cache daemon - {8c7461ef-2b13-11d2-be35-3078302c2030} - c:\windows\system32\browseui.dll
o23 - service: adobe flash player update service (adobeflashplayerupdatesvc) - adobe systems incorporated - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
o23 - service: ares chatroom server (areschatserver) - adaptec, inc. - (no file)
o23 - service: asldr service (asldrservice) - unknown owner - c:\program files\atk hotkey\asldrsrv.exe
o23 - service: avast! antivirus - avast software - c:\program files\avast software\avast\avastsvc.exe
o23 - service: configfree service (cfsvcs) - toshiba corporation - c:\program files\toshiba\configfree\cfsvcs.exe
o23 - service: flexnet licensing service - flexera software, inc. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: google update-service (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
o23 - service: jumpstart wifi protected setup (jswpsapi) - atheros communications, inc. - c:\program files\netgear\wn111v2\jswpsapi.exe
o23 - service: pnkbstra - unknown owner - c:\windows\system32\pnkbstra.exe
o23 - service: solidworks licensing service - solidworks - c:\program files\common files\solidworks shared\service\solidworkslicensing.exe
o23 - service: toshiba navi support service (tnavisrv) - toshiba corporation - c:\program files\toshiba\toshiba dvd player\tnavisrv.exe
o23 - service: toshiba optical disc drive service (toddsrv) - toshiba corporation - c:\windows\system32\toddsrv.exe
o23 - service: ulead burning helper (uleadburninghelper) - ulead systems, inc. - c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe
--
end of file - 8489 bytes
======scheduled tasks folder======
c:\windows\tasks\adobe flash player updater.job - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
c:\windows\tasks\googleupdatetaskmachinecore.job - c:\program files\google\update\googleupdate.exe /c
c:\windows\tasks\googleupdatetaskmachineua.job - c:\program files\google\update\googleupdate.exe /ua /installsource scheduler
======registry dump======
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849e9f-c8d7-4d59-b87d-784b7d6be0b3}]
adobe pdf reader help bij koppelingen - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll [2011-08-30 61888]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}]
java(tm) plug-in ssv helper - c:\program files\java\jre7\bin\ssv.dll [2014-08-16 462760]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{8e5e2654-ad2d-48bf-ac2d-d17f00898d06}]
avast! online security - c:\program files\avast software\avast\aswwebrepie.dll [2014-07-24 457712]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030d464-4c02-4abf-8ecc-5164760863c6}]
windows live id sign-in helper - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll [2011-03-28 441216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9fdde16b-836f-4806-ab1f-1455cbeff289}]
windows live messenger companion helper - c:\program files\windows live\companion\companioncore.dll [2012-03-08 393600]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{aa58ed58-01dd-4d91-8333-cf10577473f7}]
google toolbar helper - c:\program files\google\google toolbar\googletoolbar_32.dll [2014-04-06 194504]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]
java(tm) plug-in 2 ssv helper - c:\program files\java\jre7\bin\jp2ssv.dll [2014-08-16 171944]
[hkey_local_machine\software\microsoft\internet explorer\toolbar]
{2318c2b1-4965-11d4-9b18-009027a5cd4f} - google toolbar - c:\program files\google\google toolbar\googletoolbar_32.dll [2014-04-06 194504]
{ae07101b-46d4-4a98-af68-0333ea26e113}
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"avastui.exe"=c:\program files\avast software\avast\avastui.exe [2014-08-16 4085896]
"ytdownloader"=c:\program files\ytdownloader\ytdownloader.exe [2014-08-25 1988968]
[hkey_current_user\software\microsoft\windows\currentversion\run]
"ccleaner"=c:\program files\ccleaner\ccleaner.exe [2014-10-23 4825880]
"ccleaner monitoring"=c:\program files\ccleaner\ccleaner.exe [2014-10-23 4825880]
"ytdownloader"=c:\program files\ytdownloader\ytdownloader.exe [2014-08-25 1988968]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe arm]
c:\program files\common files\adobe\arm\1.0\adobearm.exe [2011-03-29 937920]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]
c:\program files\adobe\reader 8.0\reader\reader_sl.exe [2011-08-31 40368]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\daemon tools lite]
e:\daemon tools lite\dtlite.exe [2011-11-10 3514176]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\hotkeyscmds]
c:\windows\system32\hkcmd.exe [2008-02-11 166424]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
c:\program files\windows live\messenger\msnmsgr.exe [2012-03-08 4280184]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\persistence]
c:\windows\system32\igfxpers.exe [2008-02-11 133656]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\sansadispatch]
c:\users\user [2014-01-18 959446]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\sidebar]
c:\program files\windows sidebar\sidebar.exe [2009-04-11 1233920]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched]
c:\program files\common files\java\java update\jusched.exe [2014-07-25 256896]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\syntpenh]
c:\program files\synaptics\syntp\syntpenh.exe [2007-04-13 861744]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\topi]
c:\program files\toshiba\toshiba online product information\topi.exe [2007-04-02 577536]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\toshiba registration]
c:\program files\toshiba\registration\toshibaregistration.exe [2007-05-04 571024]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\windowswelcomecenter]
oobefldr.dll,showwelcomecenter []
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\wmpnscfg]
c:\program files\windows media player\wmpnscfg.exe [2008-01-19 202240]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupfolder\c:^programdata^microsoft^windows^start menu^programs^startup^hp digital imaging monitor.lnk]
c:\progra~1\hp\digita~1\bin\hpqtra08.exe []
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupfolder\c:^programdata^microsoft^windows^start menu^programs^startup^lumix simple viewer.lnk]
[]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupfolder\c:^programdata^microsoft^windows^start menu^programs^startup^microsoft office.lnk]
e:\office\osa9.exe [1999-02-17 65588]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupfolder\c:^programdata^microsoft^windows^start menu^programs^startup^ziggo wireless utility.lnk]
c:\progra~1\netgear\wn111v2\wn111v2.exe [2009-11-17 1757184]
c:\users\user 2\appdata\roaming\microsoft\windows\start menu\programs\startup
stormwatch.lnk - c:\users\user 2\appdata\local\stormwatch\stormwatch.exe
stormwatchapp.lnk - c:\users\user 2\appdata\local\stormwatch\stormwatchapp.exe
[hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
c:\windows\system32\igfxdev.dll [2008-02-11 204800]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\msiserver]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wudfpf]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wudfrd]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wudfsvc]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\msiserver]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\wudfpf]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\wudfrd]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\wudfsvc]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\wudfusbcciddriver]
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"enablelua"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"enableuiadesktoptoggle"=0
[hkey_current_user\software\microsoft\windows\currentversion\policies\explorer]
"nodriveautorun"=0
"nodrives"=0
[hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer]
"binddirectlytopropertysetstorage"=0
"nodrives"=0
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=c:\windows\system32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.dvacm"=c:\progra~1\common~1\uleads~1\vio\dvacm.acm
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
"msacm.ac3acm"=ac3acm.acm
"vidc.divx"=divx.dll
"vidc.yv12"=yv12vfw.dll
"msacm.lameacm"=lameacm.acm
"vidc.ffds"=ff_vfw.dll
"vidc.vp60"=vp6vfw.dll
"vidc.vp61"=vp6vfw.dll
"vidc.vp62"=vp6vfw.dll
"msacm.siren"=sirenacm.dll
"msvideo8"=vfwwdm32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
======file associations======
.js - edit - c:\windows\system32\notepad.exe %1
.scr - open - c:\windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======list of files/folders created in the last 1 month======
2014-10-27 22:00:13 ----d---- c:\program files\trend micro
2014-10-27 22:00:12 ----d---- c:\rsit
2014-10-25 23:29:19 ----d---- c:\users\user 2\appdata\roaming\steelbytes
2014-10-25 23:25:55 ----d---- c:\program files\snipsmart
2014-10-25 23:25:26 ----d---- c:\program files\pc speed up
2014-10-25 22:54:16 ----d---- c:\program files\enigma software group
2014-10-25 22:53:41 ----d---- c:\windows\455f074c814e4520b69b5584bd90400c.tmp
2014-10-25 22:15:45 ----a---- c:\scan 25-10-14.txt
2014-10-18 22:54:55 ----d---- c:\program files\ytdownloader
2014-10-18 21:46:30 ----a---- c:\users\user 2\appdata\roaming\wininstallflashlog.ini
2014-10-18 21:45:06 ----d---- c:\users\user 2\appdata\roaming\eurekalog
2014-10-18 21:28:13 ----a---- c:\windows\system32\mscories.dll
2014-10-18 21:28:13 ----a---- c:\windows\system32\mscorier.dll
2014-10-18 21:28:12 ----a---- c:\windows\system32\dfshim.dll
2014-10-18 21:24:20 ----a---- c:\windows\system32\win32k.sys
2014-10-18 21:15:21 ----a---- c:\windows\system32\drivers\fastfat.sys
2014-10-18 21:12:19 ----a---- c:\windows\system32\packager.dll
2014-10-18 20:55:32 ----a---- c:\windows\system32\msfeedssync.exe
2014-10-18 20:55:31 ----a---- c:\windows\system32\vbscript.dll
2014-10-18 20:55:31 ----a---- c:\windows\system32\dxtmsft.dll
2014-10-18 20:55:30 ----a---- c:\windows\system32\msfeedsbs.dll
2014-10-18 20:55:30 ----a---- c:\windows\system32\jsproxy.dll
2014-10-18 20:55:28 ----a---- c:\windows\system32\mshta.exe
2014-10-18 20:55:27 ----a---- c:\windows\system32\urlmon.dll
2014-10-18 20:55:25 ----a---- c:\windows\system32\msfeeds.dll
2014-10-18 20:55:23 ----a---- c:\windows\system32\ieunatt.exe
2014-10-18 20:55:19 ----a---- c:\windows\system32\iertutil.dll
2014-10-18 20:55:18 ----a---- c:\windows\system32\url.dll
2014-10-18 20:55:17 ----a---- c:\windows\system32\wininet.dll
2014-10-18 20:55:17 ----a---- c:\windows\system32\ieframe.dll
2014-10-18 20:55:11 ----a---- c:\windows\system32\mshtmled.dll
2014-10-18 20:55:11 ----a---- c:\windows\system32\ieui.dll
2014-10-18 20:55:11 ----a---- c:\windows\system32\dxtrans.dll
2014-10-18 20:55:10 ----a---- c:\windows\system32\jscript.dll
2014-10-18 20:55:02 ----a---- c:\windows\system32\mshtml.dll
2014-10-18 20:54:56 ----a---- c:\windows\system32\jscript9.dll
2014-10-06 19:53:26 ----d---- c:\program files\common files\propellerhead software
2014-10-01 23:05:23 ----d---- c:\programdata\camel audio
2014-10-01 23:05:23 ----d---- c:\program files\vstplugins
2014-10-01 23:05:23 ----d---- c:\program files\common files\digidesign
2014-10-01 23:05:23 ----d---- c:\program files\camel audio
2014-09-29 20:49:43 ----d---- c:\program files\steinberg
2014-09-29 20:49:40 ----d---- c:\program files\tx16wx software sampler
2014-09-29 20:22:06 ----a---- c:\windows\system32\tzres.dll
======list of files/folders modified in the last 1 month======
2014-10-27 22:00:13 ----d---- c:\program files
2014-10-27 21:39:55 ----d---- c:\windows\temp
2014-10-27 21:01:06 ----d---- c:\windows\system32
2014-10-27 21:01:06 ----d---- c:\windows\inf
2014-10-27 21:01:06 ----a---- c:\windows\system32\perfstringbackup.ini
2014-10-27 20:59:17 ----d---- c:\program files\ccleaner
2014-10-27 20:46:46 ----d---- c:\windows\softwaredistribution
2014-10-27 20:45:15 ----d---- c:\windows
2014-10-25 23:51:18 ----shd---- c:\system volume information
2014-10-25 23:49:48 ----ad---- c:\programdata\temp
2014-10-25 23:45:11 ----shd---- c:\windows\installer
2014-10-25 23:44:53 ----rsd---- c:\windows\assembly
2014-10-25 23:25:29 ----d---- c:\windows\tasks
2014-10-25 23:05:18 ----d---- c:\windows\system32\drivers
2014-10-25 22:53:35 ----d---- c:\program files\common files\wise installation wizard
2014-10-25 22:49:22 ----d---- c:\program files\common files
2014-10-25 22:43:02 ----d---- c:\windows\microsoft.net
2014-10-25 22:18:41 ----d---- c:\windows\nap
2014-10-25 22:18:39 ----d---- c:\programdata
2014-10-25 22:15:01 ----d---- c:\windows\system32\tasks
2014-10-25 21:44:53 ----d---- c:\program files\malwarebytes anti-malware
2014-10-18 22:55:29 ----d---- c:\program files\common files\system
2014-10-18 21:42:51 ----d---- c:\windows\debug
2014-10-18 21:33:25 ----d---- c:\windows\system32\migration
2014-10-18 21:33:24 ----d---- c:\program files\internet explorer
2014-10-18 21:28:48 ----d---- c:\windows\winsxs
2014-10-18 21:28:43 ----d---- c:\windows\system32\catroot
2014-10-18 21:24:09 ----d---- c:\windows\system32\catroot2
2014-10-18 21:23:31 ----d---- c:\windows\system32\mrt
2014-10-18 21:15:48 ----a---- c:\windows\system32\mrt.exe
2014-10-18 21:10:12 ----d---- c:\windows\prefetch
2014-10-18 20:52:37 ----a---- c:\windows\system32\flashplayerapp.exe
2014-10-16 21:06:31 ----d---- c:\programdata\nch software
2014-10-16 21:06:30 ----d---- c:\program files\nch software
2014-10-16 21:05:57 ----d---- c:\users\user 2\appdata\roaming\nch software
2014-10-16 19:17:27 ----d---- c:\windows\minidump
2014-10-02 21:46:37 ----d---- c:\program files\common files\vst3
2014-10-02 14:53:02 ----n---- c:\windows\system32\mpsigstub.exe
2014-09-29 20:46:39 ----d---- c:\windows\rescache
2014-09-29 20:23:26 ----d---- c:\windows\system32\nl-nl
2014-09-29 19:46:12 ----a---- c:\windows\win.ini
2014-09-29 19:45:18 ----d---- c:\windows\system32\grouppolicy
======list of drivers (r=running, s=stopped, 0=boot, 1=system, 2=auto, 3=demand, 4=disabled)======
r0 aswrvrt;avast! revert; c:\windows\system32\drivers\aswrvrt.sys [2014-07-24 49944]
r0 aswvmm;avast! vm monitor; c:\windows\system32\drivers\aswvmm.sys [2014-07-24 192352]
r0 sptd;sptd; c:\windows\system32\drivers\sptd.sys [2011-12-07 428088]
r0 tos_sps32;toshiba tos_sps32 service; c:\windows\system32\drivers\tos_sps32.sys [2007-04-27 285184]
r1 aswrdr;aswrdr; c:\windows\system32\drivers\aswrdr.sys [2014-07-24 55112]
r1 aswsnx;aswsnx; c:\windows\system32\drivers\aswsnx.sys [2014-07-24 779536]
r1 aswsp;aswsp; c:\windows\system32\drivers\aswsp.sys [2014-07-24 414520]
r1 aswtdi;aswtdi; c:\windows\system32\drivers\aswtdi.sys [2014-07-24 57800]
r1 dtsoftbus01;daemon tools virtual bus driver; c:\windows\system32\drivers\dtsoftbus01.sys [2011-12-08 239168]
r1 jswpslwf;jumpstart wireless filter driver; c:\windows\system32\drivers\jswpslwf.sys [2008-10-01 20384]
r1 staropen;staropen; c:\windows\system32\drivers\staropen.sys [2006-07-24 5632]
r2 aswhwid;avast! hardwareid; c:\windows\system32\drivers\aswhwid.sys [2014-07-24 24184]
r2 aswmonflt;aswmonflt; c:\windows\system32\drivers\aswmonflt.sys [2014-07-24 67824]
r2 rmcast;rmcast (pgm)-protocolstuurprogramma; c:\windows\system32\drivers\rmcast.sys [2009-04-11 113664]
r2 sbmntr;sbmntr; \??\c:\progra~1\ytdown~1\sbmntr.sys [2014-08-25 50024]
r3 adihdaudaddservice;adi uaa function driver for high definition audio service; c:\windows\system32\drivers\adihdaud.sys [2007-04-09 324096]
r3 ageresoftmodem;toshiba v92 software modem; c:\windows\system32\drivers\agrsm.sys [2006-11-28 1161888]
r3 athr;atheros extensible wireless lan device driver; c:\windows\system32\drivers\athr.sys [2008-07-29 919552]
r3 gearaspiwdm;gear aspi filter driver; c:\windows\system32\drivers\gearaspiwdm.sys [2008-04-17 15464]
r3 igfx;igfx; c:\windows\system32\drivers\igdkmd32.sys [2008-02-11 2302976]
r3 mtsensor;atk0100 acpi utility; c:\windows\system32\drivers\atkacpi.sys [2006-12-14 7680]
r3 rtl8023xp;realtek 10/100 nic family ndis x86 driver; c:\windows\system32\drivers\rtnicxp.sys [2008-10-29 43520]
r3 stdriver;soundtap upper filter driver v6.08.01; c:\windows\system32\drivers\stdriverx86.sys [2014-09-21 44624]
r3 syntp;synaptics touchpad driver; c:\windows\system32\drivers\syntp.sys [2007-04-13 186680]
r3 tdcmdpst;toshiba writing engine filter driver; c:\windows\system32\drivers\tdcmdpst.sys [2006-10-18 16128]
r3 wudfpf;@%systemroot%\system32\drivers\wudfpf.sys,-1000; c:\windows\system32\drivers\wudfpf.sys [2012-07-26 66560]
s2 rimmptsk;rimmptsk; c:\windows\system32\drivers\rimmptsk.sys [2007-02-24 39936]
s2 rimsptsk;rimsptsk; c:\windows\system32\drivers\rimsptsk.sys [2007-01-23 42496]
s2 rismxdp;ricoh xd-picture card driver; c:\windows\system32\drivers\rixdptsk.sys [2007-03-21 37376]
s3 asvrn6i4;asvrn6i4; c:\windows\system32\drivers\asvrn6i4.sys []
s3 catchme;catchme; \??\c:\combofix\catchme.sys []
s3 cpuz132;cpuz132; \??\c:\users\user [2014-01-18 959446]
s3 dg_ssudbus;samsung mobile usb composite device driver (devguru ver.); c:\windows\system32\drivers\ssudbus.sys [2013-06-04 84248]
s3 dnimp50;dnimp50 ndis protocol driver; c:\windows\system32\drivers\dnimp50.sys [2006-11-16 21504]
s3 dnisp50;dnisp50 ndis protocol driver; c:\windows\system32\drivers\dnisp50.sys [2006-11-16 20480]
s3 drmkaud;microsoft kernel drm-audiodecoder; c:\windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
s3 fssfltr;fssfltr; c:\windows\system32\drivers\fssfltr.sys [2012-03-08 39272]
s3 hdaudaddservice;microsoft 1.1 uaa functiestuurprogramma voor high definition audio-service; c:\windows\system32\drivers\hdaudio.sys [2006-11-02 235520]
s3 ialm;ialm; c:\windows\system32\drivers\igdkmd32.sys [2008-02-11 2302976]
s3 mskssrv;microsoft streaming service-proxy; c:\windows\system32\drivers\mskssrv.sys [2008-01-19 8192]
s3 mspclock;microsoft streaming clock-proxy; c:\windows\system32\drivers\mspclock.sys [2008-01-19 5888]
s3 mspqm;microsoft streaming kwaliteitsbeheer proxy; c:\windows\system32\drivers\mspqm.sys [2008-01-19 5504]
s3 mstee;microsoft streaming tee/sink-to-sink-conversieprogramma; c:\windows\system32\drivers\mstee.sys [2008-01-19 6016]
s3 ovt530;av301p; c:\windows\system32\drivers\ov530vid.sys []
s3 pccsmcfd;pccs mode change filter driver; c:\windows\system32\drivers\pccsmcfd.sys [2008-08-26 18816]
s3 sdbus;sdbus; c:\windows\system32\drivers\sdbus.sys [2007-05-30 82432]
s3 ssudmdm;samsung mobile usb modem drivers (devguru ver.); c:\windows\system32\drivers\ssudmdm.sys [2013-06-04 181912]
s3 upperdev;upperdev; c:\windows\system32\drivers\usbser_lowerflt.sys []
s3 usbaapl;apple mobile usb driver; c:\windows\system32\drivers\usbaapl.sys []
s3 usbaudio;stuurprogramma voor usb-audio (wdm); c:\windows\system32\drivers\usbaudio.sys [2013-07-12 73344]
s3 wn111v2;netgear wn111v2 usb2.0 wireless card service; c:\windows\system32\drivers\wn111v2v.sys [2009-01-13 453120]
s3 wpdusb;wpdusb; c:\windows\system32\drivers\wpdusb.sys [2009-10-01 40448]
s3 wudfrd;wudfrd; c:\windows\system32\drivers\wudfrd.sys [2012-07-26 155136]
s4 kr10i;kr10i; c:\windows\system32\drivers\kr10i.sys [2007-01-18 219392]
s4 kr10n;kr10n; c:\windows\system32\drivers\kr10n.sys [2007-01-18 211072]
======list of services (r=running, s=stopped, 0=boot, 1=system, 2=auto, 3=demand, 4=disabled)======
r2 asldrservice;asldr service; c:\program files\atk hotkey\asldrsrv.exe [2007-02-05 94208]
r2 avast! antivirus;avast! antivirus; c:\program files\avast software\avast\avastsvc.exe [2014-07-24 50344]
r2 cfsvcs;configfree service; c:\program files\toshiba\configfree\cfsvcs.exe [2006-11-14 40960]
r2 fontcache;@%systemroot%\system32\fntcache.dll,-100; c:\windows\system32\svchost.exe [2008-01-19 21504]
r2 net driver hpz12;net driver hpz12; c:\windows\system32\svchost.exe [2008-01-19 21504]
r2 pml driver hpz12;pml driver hpz12; c:\windows\system32\svchost.exe [2008-01-19 21504]
r2 pnkbstra;pnkbstra; c:\windows\system32\pnkbstra.exe [2012-02-04 75136]
r2 tnavisrv;toshiba navi support service; c:\program files\toshiba\toshiba dvd player\tnavisrv.exe [2007-04-27 114688]
r2 toddsrv;toshiba optical disc drive service; c:\windows\system32\toddsrv.exe [2006-05-25 114688]
r2 uleadburninghelper;ulead burning helper; c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe [2006-08-23 49152]
r2 wlidsvc;windows live id sign-in assistant; c:\program files\common files\microsoft shared\windows live\wlidsvc.exe [2011-03-28 1713536]
s2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86; c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
s2 gupdate;google update-service (gupdate); c:\program files\google\update\googleupdate.exe [2014-10-25 107912]
s3 adobeflashplayerupdatesvc;adobe flash player update service; c:\windows\system32\macromed\flash\flashplayerupdateservice.exe [2014-10-18 267440]
s3 flexnet licensing service;flexnet licensing service; c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe [2013-11-03 1044816]
s3 fsssvc;windows live family safety service; c:\program files\windows live\family safety\fsssvc.exe [2012-03-08 1492840]
s3 gupdatem;google update-service (gupdatem); c:\program files\google\update\googleupdate.exe [2014-10-25 107912]
s3 gusvc;google software updater; c:\program files\google\common\google updater\googleupdaterservice.exe [2012-10-03 194032]
s3 idrivert;installdriver table manager; c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe [2005-04-04 69632]
s3 jswpsapi;jumpstart wifi protected setup; c:\program files\netgear\wn111v2\jswpsapi.exe [2008-02-29 942080]
s3 solidworks licensing service;solidworks licensing service; c:\program files\common files\solidworks shared\service\solidworkslicensing.exe [2011-03-26 79360]
s3 wpffontcache_v0400;@c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe,-100; c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe [2013-09-11 770168]
s4 ageremodemaudio;agere modem call progress audio; c:\windows\system32\agrsmsvc.exe [2006-10-05 9216]
s4 aspnet_state;asp.net-statusservice; c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
s4 netmsmqactivator;@c:\windows\microsoft.net\framework\v4.0.30319\\servicemodelinstallrc.dll,-8195; c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe [2013-09-11 139856]
s4 netpipeactivator;@c:\windows\microsoft.net\framework\v4.0.30319\\servicemodelinstallrc.dll,-8197; c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe [2013-09-11 139856]
s4 nettcpactivator;@c:\windows\microsoft.net\framework\v4.0.30319\\servicemodelinstallrc.dll,-8199; c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe [2013-09-11 139856]
s4 wlcrasvc;windows live mesh remote connections service; c:\program files\windows live\mesh\wlcrasvc.exe [2010-09-22 51040]
-----------------eof-----------------

[/hjt]

Graag de twee logs in n keer posten - gebruik de tools in de volgorde zoals aangegeven.

Stap 1
Download Junkware Removal Tool by Thisisu.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Opmerkingen:

• Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
• Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.:
• Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
• Dat tijdens de scan van JRT.exe tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.

Junkware Removal Tool by Thisisu opstarten:

• Windows 2000 en Windows XP: dubbelklik op JRT.exe.
• Windows Vista, Windows 7 en Windows 8: via rechtsklik op JRT.exe en kies voor "Als Administrator uitvoeren".
• JRT.exe zal daarna Windows gaan scannen.
• Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig.
• Indien de scan voltooid is, zal een logje (JRT.txt) op het bureaublad opgeslagen worden en automatisch openen.
• Post de inhoud van dit log in je volgende bericht.

Stap 2
Download AdwCleaner by Xplode.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Opmerkingen:

• Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

AdwCleaner opstarten:

• Windows 2000 en Windows XP: dubbelklik op adwcleaner.exe.
• Windows Vista, Windows 7 en Windows 8: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".

AdwCleaner is opgestart:

• Klik op de knop Scan
• Is de scan gereed, klik dan op de knop Verwijderen
• Klik bij AdwCleaner Afsluiting van de programma's op OK
• Klik bij AdwCleaner Herstarten noodzakelijk op OK

AdwCleaner logbestand:

• Nadat de PC opnieuw is opgestart, opent een logfile.
• Ingeval het log niet opent, is dit alsnog terug te vinden in C:\AdwCleaner\AdwCleaner[R0, of 1, of 2].txt
• Post vervolgens de inhoud van dit log in je volgende bericht.

Hoi Abraham
Hier de logjes:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows Vista (TM) Home Basic x86
Ran by User 2 on di 28-10-2014 at 19:25:56,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update clearthink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util clearthink



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\User 2\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Program Files\pc speed up"
Successfully deleted: [Folder] "C:\Users\User 2\documents\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{37AD073F-B9CF-4073-8C5F-A25153A6DE65}
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{3D0392F3-B3F7-4924-884C-D21E2DDCF994}
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{768C7F66-F20F-47E7-9489-F106CBF34164}
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{81F72EA3-F2BB-46DC-807A-D9F9C6A1733B}
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{85428737-0F26-4F7B-9AE7-4401070BC797}
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{917AAB48-996B-4039-9A0A-2EBC6B7D48CF}
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{A3016E71-785A-4F39-9759-4F2767E8B1BB}
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{B7A4EC11-17C8-455E-8C06-92D555483D27}
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{BD44283B-8DA2-4638-89DC-B6A7A7F4B094}
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{D2C07419-1E53-46CD-A714-2EE12B24EE40}
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{E2093287-BA84-4A1C-9A07-74D594684093}
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{F1E38C15-BF32-4667-8EA6-F32D2D317268}
Successfully deleted: [Empty Folder] C:\Users\User 2\appdata\local\{F9CB0BDD-D4FE-4526-A527-95C859FC199E}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on di 28-10-2014 at 19:29:52,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v4.002 - Rapport aangemaakt 28/10/2014 op 19:38:23
# DB v2014-10-26.6
# Laatste Update 27/10/2014 door Xplode
# Besturingssysteem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Gebruikersnaam : User 2 - LAPTOP1
# Gestart vanuit : C:\Users\User 2\Desktop\adwcleaner_4.002.exe
# Optie : Verwijderen

***** [ Services ] *****

Service Verwijderd : sbmntr

***** [ Bestanden / Mappen ] *****

Map Verwijderd : C:\ProgramData\NCH Software
Map Verwijderd : C:\Program Files\NCH Software
Map Verwijderd : C:\Users\User 2\AppData\Roaming\NCH Software
Map Verwijderd : C:\Program Files\Common Files\Plasmoo
Map Verwijderd : C:\Users\Public\Documents\ShopperPro
Map Verwijderd : C:\Program Files\YTDownloader
Map Verwijderd : C:\Program Files\snipsmart
Map Verwijderd : C:\Users\User 2\AppData\Local\CrashRpt
Map Verwijderd : C:\Users\User 2\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Bestand Verwijderd : C:\Users\User 2\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js

***** [ Taken ] *****

Taak Verwijderd : SMupdate1

***** [ Snelkoppelingen ] *****


***** [ Register ] *****

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Sleutel Verwijderd : HKCU\Software\ClickConnect
Sleutel Verwijderd : HKCU\Software\Optimizer Pro
Sleutel Verwijderd : HKCU\Software\ShopperPro
Sleutel Verwijderd : HKCU\Software\SmartBar
Sleutel Verwijderd : HKCU\Software\StormWatch
Sleutel Verwijderd : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Sleutel Verwijderd : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Sleutel Verwijderd : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Sleutel Verwijderd : HKLM\SOFTWARE\ShopperPro
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperPro
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClearThink
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584


-\\ Mozilla Firefox v


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [4955 octets] - [28/10/2014 19:35:01]
AdwCleaner[S0].txt - [4776 octets] - [28/10/2014 19:38:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4836 octets] ##########

Download ComboFix via n van deze locaties:

• Bleepingcomputer
• ForoSpyware
• Geekstogo

Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:

• Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

ComboFix opstarten:

• Windows Vista, Windows 7 en Windows 8: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".

ComboFix is opgestart:

• Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
• Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
• Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
• Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
• Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
• Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt

Belangrijke opmerking:

• Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
• Start dan de computer opnieuw op.

hierbij het logje:

[hjt]
combofix 14-10-27.01 - user 2 28-10-2014 22:23:13.1.2 - x86
running from: c:\users\user 2\desktop\combofix.exe
.
.
((((((((((((((((((((((((((((((((((((((( other deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user 2\appdata\local\installer\installshopperpro_16724
c:\users\user 2\appdata\local\installer\installytd_13967
c:\windows\system32\drivers\etc\hosts.ics
e:\uninstall.exe
e:\winrar.exe
.
.
((((((((((((((((((((((((( files created from 2014-09-28 to 2014-10-28 )))))))))))))))))))))))))))))))
.
.
2014-10-28 19:15 . 2014-10-28 19:25 -------- d-----w- c:\programdata\boostsoftware
2014-10-28 18:34 . 2014-10-28 18:38 -------- d-----w- c:\adwcleaner
2014-10-28 17:39 . 2014-10-20 01:37 8901368 ------w- c:\programdata\microsoft\windows defender\definition updates\{6ea18988-8883-41f7-8c8b-2dc5f4f1b2d9}\mpengine.dll
2014-10-27 21:00 . 2014-10-27 21:00 -------- d-----w- c:\program files\trend micro
2014-10-27 21:00 . 2014-10-27 21:40 -------- d-----w- c:\rsit
2014-10-25 22:29 . 2014-10-25 22:29 -------- d-----w- c:\users\user 2\appdata\roaming\steelbytes
2014-10-25 21:54 . 2014-10-25 21:54 -------- d-----w- c:\program files\enigma software group
2014-10-25 21:53 . 2014-10-25 22:05 -------- d-----w- c:\windows\455f074c814e4520b69b5584bd90400c.tmp
2014-10-18 20:51 . 2014-10-28 21:33 -------- d-----w- c:\users\user 2\appdata\local\installer
2014-10-18 20:45 . 2014-10-18 20:45 -------- d-----w- c:\users\user 2\appdata\roaming\eurekalog
2014-10-18 20:28 . 2014-06-13 18:22 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-18 20:28 . 2014-06-13 18:22 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-18 20:28 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-18 20:24 . 2014-09-27 23:29 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-10-18 20:15 . 2014-09-04 23:27 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-18 20:12 . 2014-09-16 16:56 66560 ----a-w- c:\windows\system32\packager.dll
2014-10-18 19:54 . 2014-09-19 22:44 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-10-06 18:53 . 2014-10-06 18:53 -------- d-----w- c:\program files\common files\propellerhead software
2014-10-01 22:05 . 2014-10-01 22:05 -------- d-----w- c:\programdata\camel audio
2014-10-01 22:05 . 2014-10-01 22:05 -------- d-----w- c:\program files\vstplugins
2014-10-01 22:05 . 2014-10-01 22:05 -------- d-----w- c:\program files\common files\digidesign
2014-10-01 22:05 . 2014-10-01 22:05 -------- d-----w- c:\program files\camel audio
2014-10-01 20:47 . 2014-10-01 20:47 -------- d-----w- c:\users\user 2\appdata\local\tx16wx
2014-09-29 19:49 . 2014-09-29 19:49 -------- d-----w- c:\program files\steinberg
2014-09-29 19:49 . 2014-10-06 18:53 -------- d-----w- c:\program files\tx16wx software sampler
2014-09-29 19:22 . 2014-09-09 06:24 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-27 21:03 . 2014-06-13 07:43 114904 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-10-18 19:52 . 2012-04-18 17:16 701104 ----a-w- c:\windows\system32\flashplayerapp.exe
2014-10-18 19:52 . 2011-08-25 14:25 71344 ----a-w- c:\windows\system32\flashplayercplapp.cpl
2014-10-02 14:53 . 2010-12-27 21:13 231568 ------w- c:\windows\system32\mpsigstub.exe
2014-10-01 09:11 . 2014-06-13 07:42 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 09:11 . 2014-06-13 07:42 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 09:11 . 2014-06-13 07:42 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-21 18:11 . 2014-09-21 18:11 44624 ----a-w- c:\windows\system32\drivers\stdriverx86.sys
2014-09-21 17:12 . 2011-09-14 17:53 23256 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2014-08-23 01:03 . 2014-09-21 20:51 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-16 18:35 . 2014-08-16 18:36 96680 ----a-w- c:\windows\system32\windowsaccessbridge.dll
.
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083b0-c522-11cf-8763-00608cc02f24}"
[hkey_classes_root\clsid\{472083b0-c522-11cf-8763-00608cc02f24}]
2014-07-24 20:24 578240 ----a-w- c:\program files\avast software\avast\ashshell.dll
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"ccleaner"=c:\program files\ccleaner\ccleaner.exe [2014-10-23 4825880]
"ccleaner monitoring"=c:\program files\ccleaner\ccleaner.exe [2014-10-23 4825880]
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"avastui.exe"=c:\program files\avast software\avast\avastui.exe [2014-08-16 4085896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"enablelua"= 0 (0x0)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\msiserver]
@="service"
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wudfpf]
@="driver"
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wudfrd]
@="driver"
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wudfsvc]
@="service"
.
[hklm\~\startupfolder\c:^programdata^microsoft^windows^start menu^programs^startup^hp digital imaging monitor.lnk]
path=c:\programdata\microsoft\windows\start menu\programs\startup\hp digital imaging monitor.lnk
backup=c:\windows\pss\hp digital imaging monitor.lnk.commonstartup
backupextension=.commonstartup
.
[hklm\~\startupfolder\c:^programdata^microsoft^windows^start menu^programs^startup^lumix simple viewer.lnk]
backup=c:\windows\pss\lumix simple viewer.lnk.commonstartup
backupextension=.commonstartup
.
[hklm\~\startupfolder\c:^programdata^microsoft^windows^start menu^programs^startup^microsoft office.lnk]
backup=c:\windows\pss\microsoft office.lnk.commonstartup
backupextension=.commonstartup
.
[hklm\~\startupfolder\c:^programdata^microsoft^windows^start menu^programs^startup^ziggo wireless utility.lnk]
backup=c:\windows\pss\ziggo wireless utility.lnk.commonstartup
backupextension=.commonstartup
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe arm]
2011-03-29 19:59 937920 ----a-r- c:\program files\common files\adobe\arm\1.0\adobearm.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\adobe\reader 8.0\reader\reader_sl.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\daemon tools lite]
2011-11-10 09:17 3514176 ----a-w- e:\daemon tools lite\dtlite.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\hotkeyscmds]
2008-02-11 18:13 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50 4280184 ----a-w- c:\program files\windows live\messenger\msnmsgr.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\persistence]
2008-02-11 18:13 133656 ----a-w- c:\windows\system32\igfxpers.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\sansadispatch]
2011-07-14 20:19 79872 ----a-w- c:\users\user 2\appdata\roaming\sandisk\sansa updater\sansadispatch.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\windows sidebar\sidebar.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched]
2014-07-25 10:29 256896 ----a-w- c:\program files\common files\java\java update\jusched.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\syntpenh]
2007-04-13 14:19 861744 ----a-w- c:\program files\synaptics\syntp\syntpenh.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-04-02 10:48 577536 ----a-w- c:\program files\toshiba\toshiba online product information\topi.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\toshiba registration]
2007-05-04 11:05 571024 ----a-w- c:\program files\toshiba\registration\toshibaregistration.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\windowswelcomecenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\system32\oobefldr.dll
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\wmpnscfg]
2008-01-19 07:33 202240 ----a-w- c:\program files\windows media player\wmpnscfg.exe
.
[hkey_local_machine\software\microsoft\security center\monitoring]
"disablemonitoring"=dword:00000001
.
[hkey_local_machine\software\microsoft\security center\monitoring\symantecantivirus]
"disablemonitoring"=dword:00000001
.
[hkey_local_machine\software\microsoft\security center\monitoring\symantecfirewall]
"disablemonitoring"=dword:00000001
.
[hkey_local_machine\software\microsoft\security center\svc\s-1-5-21-642785346-2969384324-3470712507-1002]
"enablenotificationsref"=dword:00000001
.
[hkey_local_machine\software\microsoft\windows nt\currentversion\svchost]
localservicenonetwork reg_multi_sz pla dps bfe mpssvc
localserviceandnoimpersonation reg_multi_sz fontcache
hpz12 reg_multi_sz pml driver hpz12 net driver hpz12
.
[hkey_local_machine\software\microsoft\active setup\installed components\{8a69d345-d564-463c-aff1-a69d9e530f96}]
2014-10-27 20:33 1089352 ----a-w- c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe
.
contents of the 'scheduled tasks' folder
.
2014-10-28 c:\windows\tasks\adobe flash player updater.job
- c:\windows\system32\macromed\flash\flashplayerupdateservice.exe [2012-04-18 19:52]
.
2014-10-28 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files\google\update\googleupdate.exe [2011-08-11 20:25]
.
2014-10-28 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files\google\update\googleupdate.exe [2011-08-11 20:25]
.
.
------- supplementary scan -------
.
ustart page = [noparse]https://www.google.nl[/noparse]
udefault_search_url = hxxp://www.google.com
mstart page = hxxp://www.google.com
msearch bar = hxxp://www.google.com
uinternet settings,proxyoverride = <local>
usearchassistant = www.google.com
ie: free youtube download - c:\users\user 2\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
tcp: dhcpnameserver = 192.168.0.1
dpf: garmin communicator plug-in - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/garminaxcontrol_32.cab
.
.
------- file associations -------
.
.scr=autocadscriptfile
.
- - - - orphans removed - - - -
.
addremove-winrar archiver - e:\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2014-10-28 22:35
windows 6.0.6002 service pack 2 ntfs
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\user2~1\appdata\local\temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- locked registry keys ---------------------
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.htm\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.html\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.shtml\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.xht\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.xhtml\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
"mscurrentcountry"=dword:000000b5
.
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
.
completion time: 2014-10-28 22:39:05
combofix-quarantined-files.txt 2014-10-28 21:39
.
pre-run: 15.446.888.448 bytes beschikbaar
post-run: 15.277.277.184 bytes beschikbaar
.
- - end of file - - 3e3a6caa3f45d839f8413c0099a495c3
5c616939100b85e558da92b899a0fc36

[/hjt]

Download Security Check
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
SecurityCheck.exe opstarten:

• Windows 2000 en Windows XP: dubbelklik op SecurityCheck.exe.
• Windows Vista, Windows 7 en Windows 8 rechtsklik op SecurityCheck.exe en kies "Als Administrator uitvoeren".
• Let op de instrukties in het zwarte venster.
• Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
• Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.

Post de inhoud van checkup.txt in jouw volgende post

Alternatieve downloadlink: http://www.bleepingcomputer.com/download/securitycheck/

Hallo Abraham,
Hier het volgende logje. zie je nog rommel?
Tussen 2 () De YTdownloader is verdwenen.



Results of screen317's Security Check version 0.99.89
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Aha, je hebt in Vista Gebruikersaccountbeheer uitgeschakeld.
Daardoor is Vista nauwelijks veiliger dan het antieke Windows XP!

Een tool dat het gebruik van Gebruikersaccount in Vista makkelijker maakt, vindt jij hier: http://www.nationaalcomputerforum.nl/showthread.php?t=66108


De Google updater is slordig geweest
Download OldChromeRemover

OldChromeRemover-0.5.exe opstarten:

• Windows 2000 en Windows XP: dubbelklik op OldChromeRemover-0.5.exe.
• Windows Vista, Windows 7 en Windows 8: via rechtsklik op OldChromeRemover-0.5.exe en kies voor "Als Administrator uitvoeren".

OldChromeRemover is een simpel opdrachtpromptprogramma ("zwart scherm"), dat onderzoekt of er nog achtergebleven versies van Google Chrome aanwezig zijn,
welke dus niet zijn opgeruimd door de Google update.
Dit "Consoleprogramma" zal snel alles verwijderen, behalve de nieuwste versie van Chrome, waardoor er weer ruimte wordt vrijgegeven op de harddisk.

Ook controleert het tool op aanwezige "Canary builds" van Chrome en verwijdert deze ook.

Hallo Abraham

ik was me niet bewust dat ik iets uitgeschakeld had.. maar via jouw tooltje moet het nu goed zitten , dunkt me.
ook oude googlechrome laten verwijderen.Ik gebruik chrome eigenlijk bijna nooit. als ik jouw voettext lees , maar beter ook ....zal ik hem beter helemaal verwijderen?
welke browser beveel jij aan als beste?
Zie je verder nog ongeregeldheden?
Ik heb ook even een nieuwe securetycheck laten doen Zie hieronder


Results of screen317's Security Check version 0.99.89
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

---------- Bericht toegevoegd op 22:34 ---------- Vorige bericht was op 22:00 ----------

ik krijg nog steeds UAC is disabled maar heb toch het gele balletje aangefinkt.... kan hoe dat?

Ik ben zelf al jaren gebruiker van Mozilla Firefox, ook mede vanwege de fijne add-ons en de tweakmogelijkheden.
Daardoor is mijn Firefox bijna net zo snel als Google Chroom.
Bovendien kan je in Firefox bladwijzers beter beheren.

Hoi Abraham
Ook overgestapt naar firefox. bedankt voor de tip
heb nu ook UAC weer ingeschakeld via gebruikersacounts.Verder lijkt de laptop weer schoon en start ook lekker snel op.
Als je geen verdere suggesties voor schoonmaak heb wil ik dit als afgesloten beschouwen.

Ik waardeer je hulp zeer. Hoe speel je het klaar om nu al op 70.358 berichten te zitten 2007 tot nu = 858.02439024390243902439024390244 berichten per maand.http://www.nationaalcomputerforum.nl/images/smilies/bigsmile.gif

Hoi, dat ik zoveel berichten heb zit 'm in dit forumdeel HijackThis.
Soms ben je snel klaar met iemand, soms om verschillende redenen worden het echter veel berichten in een topic.

UAC is nu ingeschakeld en de PCWelt tooltje gebruik jij nu ook?


We gaan opruimen - gebruik onderstaande tools in de opgegeven volgorde.

Stap 1
Download Delfix by Xplode naar het bureaublad.



Delfix by Xplode opstarten:

• Windows 2000 en Windows XP: dubbelklik op delfix.exe.
• Windows Vista, Windows 7 en Windows 8 rechtsklik op delfix.exe en kies "Als Administrator uitvoeren".

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
• Purge System Restore
• Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer het tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.
Verwijder dit tool, nadat het klaar is naar de prullenbak en ga dan verder met stap 2.

Stap 2
Download TFC/TheFileCleaner
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!

TFC opstarten:

• Windows 2000 en Windows XP: dubbelklik op TFC.exe.
• Windows Vista, Windows 7 en Windows 8 rechtsklik op TFC.exe en kies "Als Administrator uitvoeren".

• Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
• Vervolgens klik je op de knop Start om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht tot TFC klaar is.
• Indien TFC gereed is, dan kan de melding komen, dat de computer opnieuw opgestart wordt.
• Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
• Noot: TFC vertoont geen log!
• Je mag TFC blijvend gebruiken

Tevens heb ik nog enkele tips om jouw Windows nog veiliger te maken:

Download Enhanced Mitigation Experience Toolkit 4.1 Update 1

Instaleer EMET4.1 en na de installatie vind je EMET4 in Start/Alle programma's/Enhanced Mitigation Experience Toolkit - ook in de systray zie je nu het EMET-symbool.
Open de map en start het tool en stel de instelling op "Maximum security settings".



Omschrijving:
Microsoft heeft een nieuwe versie van de gratis beveiligingstool EMET gelanceerd die Windows-gebruikers nog beter tegen aanvallen beschermt. EMET staat voor Enhanced Mitigation Experience Toolkit en zorgt ervoor dat verschillende technieken waarmee beveiligingslekken worden misbruikt niet meer werken. Windows beschikt zelf over verschillende verdedigingsmaatregelen.

Het gaat dan om technieken zoals Dynamic Data Execution Prevention (DEP) en Address Space Layout Randomization (ASLR). Veel programma's van derden maken hier geen gebruik van, waardoor het eenvoudiger wordt voor een aanvaller om een kwetsbaarheid te misbruiken.

Daarnaast voegt EMET ook verschillende nieuwe beveiligingsmaatregelen toe die nog niet standaard in Windows actief zijn. Hierdoor zouden computers tegen zero-day-aanvallen beschermd zijn en tegen exploits die misbruik maken van lekken waarvoor de gebruiker een beschikbare update niet heeft genstalleerd.

Meer info: Microsoft wapent Windows tegen hackers met EMET 4


Nota bene
Het Enhanced Mitigation Experience Toolkit 5.0 is inmiddels uit.
Download: EMET 5.0

Deze versie is sterk verbeterd t.ov. de versie 4.1; echter kan het gebeuren dat Internet Explorer (ook versie 11) niet meer kan opstarten, omdat EMET dit verbiedt.
In dat geval 5.0 verwijderen en de vorige versie gebruiken tot er een update voor 5.0 uitkomt.



Veiliger internetten
HitmanPro Alert

Dit tool bewaakt tijdens het surfen de webbrowser tegen het installeren van malware en beschermt tegen cross-sitescripting.
In Windows worden jouw persoonlijke bestanden aktief bewaakt o.a. tegen encryptie door CryptoLocker.

Meer informatie vind je hier: http://www.surfright.nl/nl/alert
Onderaan deze pagina vind jij de downloadknop.

Hoi Abraham
UAC is nu ingeschakeld en de PCWelt tooltje gebruik jij nu ook?
Nee want pc welt-tooltje werkt niet .Ik had oranje knopje geactiveerd maar bleef:
Results of screen317's Security Check version 0.99.89
Windows Vista Service Pack 2 x86 (UAC is disabled!)

Delfix gedraaid / TFC gedraaid/
EMET4.1 of EMET5 wil niet genstalleerd worden. Ik krijg foutmelding :


Bekijk bijlage foutmelding.doc

HitmanPro Alert gedownload en genstalleerd.

moet er nog iets gepost worden?

HitmanPro Alert gedownload en genstalleerd.

UAC=Gebruikersaccount via Configuratiescherm>Gebruikersaccounts.

Had je EMET met of zonder adminitratorrechten genstalleerd?

"UAC=Gebruikersaccount via Configuratiescherm>Gebruikersaccounts." Klopt , had ik zo gedaan.

Normaal kan je bij installatie kiezen :als administrator uitvoeren, bij deze niet.
dus ik denk van niet. Hij installeert maar aan't eind komt de foutmelding en sluit hij zelf de installatie af.

Wat gebeurt er dan indien je EMET 5.0 installeert?

exact zelfde reactie

Doe het volgende:

System File Checker
Ga naar Start en typ in de zoekregel cmd - bovenaan in het startmenu zie je nu de betreffende snelkoppeling.
Klik deze snelkoppeling met rechts aan en kies voor Als administrator uitvoeren.

In het zwarte venster typ je nu sfc /scannow gevolgd door indrukken van de Entertoets.
Denk wel aan de spatie na 'sfc'.
In het zwarte venster zie je vervolgens de voortgang van de scan.
SFC (SystemFileChecker) houdt in dat systeembestanden gecontroleerd worden op juist funktioneren, zo nodig volgt reparatie.
Let goed op de laatste meldingen in het venster: indien aangegeven wordt, dat herstel afhankelijk is van opnieuw opstarten, doe dit dan.

Is de scan klaar en hoeft er niet gerebooted te worden, typ je Exit gevolgd door indrukken van de Entertoets.
Laat wel weten wat de melding in het zwarte venster na de scan was.

Hallo Abraham,

scan gedaan zie bijlage
Bekijk bijlage cbs log4 11 14.doc
Ik kan de log niet openen :toegang geweigerd