Krijg steeds pop-ups: "voor deze inhoud heeft u Media Player 12.2 update nodig" op mijn scherm.

[ADE]

Beste mensen,

Sinds kort heb ik problemen met mijn p.c. Deze loopt erg traag en dat komt, naar mijn idee, doordat een 'worm' of 'virus' op mijn pc is geplaatst.

Ik krijg bijvoorbeeld steeds de tekst: voor deze inhoud heeft u Media Player 12.2 update nodig op mijn scherm. Maar ook popups van unibet enz.

Wat is hiervan het probleem en hoe los ik het op.

Alvast bedankt.

Groet

ADE

 

[Abraham54]

Hallo ADE,

hartelijk welkom op dit geweldige forum.

Graag de drie logs in n keer posten - gebruik de tools in de volgorde zoals aangegeven.

Stap 1
Download

MalwareBytes Anti-Malware.

• Windows 2000 en Windows XP: dubbelklik op mbam-setup-2.0.exe.
• Windows Vista, Windows 7 en Windows 8: via rechtsklik op mbam-setup-2.0.exe en kies voor "Als Administrator uitvoeren".
• Eventueel zijn verdere aanwijzingen over de volledige installatieprocedure na te te lezen op de volgende link - Malwarebytes Anti-Malware installeren.

• Klik in het menu van Malwarebytes ANTI-MALWARE op nstellingen" en daar op "Detectie en Bescherming" en zet vervolgens een vinkje bij "Scan naar rootkits".

• Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
• Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
• De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.
• Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
  • Klik vervolgens op de knop Acties toepassen, bij de melding dat uw computer opnieuw opgestart moet worden klikt u op Nee.
  • Klik vervolgens op de knop Bekijk gedetailleerd logboek en klik op de knop exporteer en kies de optie tekstbestand (*.txt).
  • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog en klik vervolgens op de knop Opslaan.
  • Dit bestand zal standaard op uw bureaublad worden opgeslagen.

MBAM-Log posten:

• Kopieer nu de inhoud van het zojuist opgeslagen log en plak dit in uw nieuwe antwoord erbij.

Stap 2
Download

Junkware Removal Tool by Thisisu.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Opmerkingen:

• Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
• Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.:
• Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
• Dat tijdens de scan van JRT.exe tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.

Junkware Removal Tool by Thisisu opstarten:

• Windows 2000 en Windows XP: dubbelklik op JRT.exe.
• Windows Vista, Windows 7 en Windows 8: via rechtsklik op JRT.exe en kies voor "Als Administrator uitvoeren".
• JRT.exe zal daarna Windows gaan scannen.
• Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig.
• Indien de scan voltooid is, zal een logje (JRT.txt) op het bureaublad opgeslagen worden en automatisch openen.
• Post de inhoud van dit log in je volgende bericht.

Stap 3
Download

AdwCleaner by Xplode.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Opmerkingen:

• Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

AdwCleaner opstarten:

• Windows 2000 en Windows XP: dubbelklik op adwcleaner.exe.
• Windows Vista, Windows 7 en Windows 8: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".

AdwCleaner is opgestart:

• Klik op de knop Scan
• Is de scan gereed, klik dan op de knop Verwijderen
• Klik bij AdwCleaner Afsluiting van de programma's op OK
• Klik bij AdwCleaner Herstarten noodzakelijk op OK

AdwCleaner logbestand:

• Nadat de PC opnieuw is opgestart, opent een logfile.
• Ingeval het log niet opent, is dit alsnog terug te vinden in C:\AdwCleaner\AdwCleaner[R0, of 1, of 2].txt
• Post vervolgens de inhoud van dit log in je volgende bericht.

 

[ADE]

Hallo Abraham54

Bedankt voor je snelle reactie.

Heb vanmiddag de tijd en mogelijkheden gehad om je advies op te volgen.

Hierbij doe ik je de drie logs die je hebt aanbevolen.

Malwarebytes.log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4-6-2014
Scan Time: 14:39:43
Logfile: 14.06.04 mwb.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.04.05
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Loek

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304686
Time Elapsed: 27 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [159d3d362259cd6983aa2d6aa1611ae6],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.PirritSuggestor.A, C:\Users\Loek\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\suggestor@suggestor.pirrit.com.xpi, , [139fa7cc99e2c76fc30e574d9b67a55b],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [733f185bf4874de9c176a70861a1ea16],
PUP.Optional.Conduit.A, C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?ctid=CT2269050&SearchSource=48",), ,[bcf6fc77bebd2b0b5a4f6b2b39cb47b9]

Physical Sectors: 0
(No malicious items detected)


(end)

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Loek on wo 04-06-2014 at 15:30:16,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3135776167-1637036997-4277777758-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_comicrack_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_comicrack_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_voor_google-chrome_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_voor_google-chrome_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_voor_utorrent (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_voor_utorrent (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_voor_utorrent_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_voor_utorrent_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_comicrack_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_comicrack_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_voor_google-chrome_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_voor_google-chrome_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_voor_utorrent (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_voor_utorrent (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_voor_utorrent_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_voor_utorrent_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2452A003-B835-4514-932C-723E57B58C66}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6070ECE-8DF8-F393-4EE6-5D3995690F29}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A6070ECE-8DF8-F393-4EE6-5D3995690F29}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7AFAF63-DED5-4D3B-97E7-F30EB5C0AAC7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D7AFAF63-DED5-4D3B-97E7-F30EB5C0AAC7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\starapp"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Loek\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Loek\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\Loek\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on wo 04-06-2014 at 15:37:18,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.211 - Rapport aangemaakt 04/06/2014 op 15:44:05
# Laatste Update 26/05/2014 door Xplode
# Besturingssysteem : Windows 7 Professional Service Pack 1 (64 bits)
# Gebruikersnaam : Loek - LOEK-PC
# Gestart vanuit : C:\Users\Loek\Downloads\adwcleaner_3.211.exe
# Optie : Verwijderen

***** [ Services ] *****

[#] Service Verwijderd : PirritUpdater

***** [ Bestanden / Mappen ] *****

Map Verwijderd : C:\ProgramData\QuickSet
Map Verwijderd : C:\Program Files (x86)\BrowseToSave
Map Verwijderd : C:\Program Files (x86)\Pirrit
Map Verwijderd : C:\Users\Loek\AppData\Local\Pirrit Suggestor
Map Verwijderd : C:\Users\Loek\AppData\Local\WinRST
Map Verwijderd : C:\Users\Loek\AppData\Roaming\Pirrit
Map Verwijderd : C:\Users\Loek\AppData\Roaming\SendSpace
Bestand Verwijderd : C:\Users\Loek\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\suggestor@suggestor.pirrit.com.xpi
Bestand Verwijderd : C:\Windows\System32\roboot64.exe
Bestand Verwijderd : C:\Users\Loek\AppData\Local\Temp\Uninstall.exe
Bestand Verwijderd : C:\Users\Loek\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\eseeky-search.xml
Bestand Verwijderd : C:\Windows\System32\Tasks\Express FilesUpdate
Bestand Verwijderd : C:\Windows\System32\Tasks\GoforFilesUpdate

***** [ Snelkoppelingen ] *****


***** [ Register ] *****

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\955ded0e56fe413
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_e14dcdfa
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{60CA203B-1D0E-3362-D42C-3FCC116641A0}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C6380896-5D4F-2E8E-286F-FA7C0F116BDD}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{EFA27057-ACCA-FA08-E657-8BFFD5D5504A}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60CA203B-1D0E-3362-D42C-3FCC116641A0}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6380896-5D4F-2E8E-286F-FA7C0F116BDD}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFA27057-ACCA-FA08-E657-8BFFD5D5504A}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60CA203B-1D0E-3362-D42C-3FCC116641A0}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6380896-5D4F-2E8E-286F-FA7C0F116BDD}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EFA27057-ACCA-FA08-E657-8BFFD5D5504A}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{60CA203B-1D0E-3362-D42C-3FCC116641A0}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C6380896-5D4F-2E8E-286F-FA7C0F116BDD}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EFA27057-ACCA-FA08-E657-8BFFD5D5504A}
Sleutel Verwijderd : HKCU\Software\GoforFiles
Sleutel Verwijderd : HKCU\Software\RegisteredApplicationsEx
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software
Sleutel Verwijderd : HKLM\Software\GoforFiles
Sleutel Verwijderd : HKLM\Software\Pirrit
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Pirrit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v

-\\ Google Chrome v35.0.1916.114

[ Bestand : C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Verwijderd [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3176921&CUI=UN10380719111610859&UM=2
Verwijderd [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=BC0900219B0B205F&affID=121564&tsp=4983
Verwijderd [Search Provider] : hxxp://www.hetpon.nl/zoeken/9?searchquery={searchTerms}&x=0&y=0
Verwijderd [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&Suggest=&stype=Homepage&useHistory=0&SelfSearch=1&SearchType=SearchWeb&SearchSource=48&ctid=CT2269050&octid=CT2269050
Verwijderd [Homepage] : hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=48

*************************

AdwCleaner[R0].txt - [4762 octets] - [04/06/2014 15:42:49]
AdwCleaner[S0].txt - [5249 octets] - [04/06/2014 15:44:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5309 octets] ##########


Ik hoop dat je hiermee verder kunt.

Met vriendelijke groet

ADE

 

[Abraham54]

Je hebt deze rotzooi te danken aan het feit dat je nogal vaak iets via softonic download.
Softonic gebruikt wrappers.
Krijg je bij een download de melding dat de software gedownload en genstalleerd wordt, dan meteen afbreken en die download naar de prullenbak wegdoen en deze legen.
Want ook de softonic downloaders blijven aktief en kunnen zelfs voor fouten in Windows zorgen!


Download ZHPDiag naar het bureaublad.

Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPDiag.

• Antivirus software uitschakelen
• Antispy & malware software uitschakelen

ZHPDiag installeren

• Dubbelklik op zhpdiag.exe om de installatie te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
• Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.

ZHPDiag uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

• Dubbelklik op de snelkoppeling met de naam ZHPDiag
• Het startvenster verschijnt, klik nu op "Configureren".
• Als de taal niet als Nederlands is ingesteld klik rechts onderaan op het
  
  icoontje "Slectionner une langue" en kies "Nerlandais".
• Klik daarna links onderaan op het
  
  icoontje "Diagnosemogelijkheden".
• Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.
• 

ZHPDiag.txt logbestand plaatsen

• Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op het bureaublad.
• Post vervolgens de inhoud van dit log in je volgende bericht.

 

[ADE]

Hallo Abraham54

Hierbij mijn volgende logbestand. Nu zhpdiag

~ Verslag van ZHPDiag v2014.6.4.83 - Nicolas Coolman (4-6-2014)
~ Gelanceerd door Loek (5-6-2014 0:29:39)
~ Het adres van de website : http://nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : Bijgewerkte versie.
~ Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Activate by user


---\\ Internet-browsers
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Windows productinformatie
~ Langage: Nerlandais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Software om het systeem te beveiligen
Malwarebytes Anti-Malware versie 2.0.2.1012
Microsoft Security Client v4.5.0216.0
Windows Defender W7 (Deactivate)

---\\ Systeem optimalisatie software

---\\ Delen van software PeerToPeer

---\\ Software die extra aandacht behoeft
Adobe Flash Player 13 ActiveX
Adobe Reader XI
Java 7 Update 55

---\\ Informatie over het systeem
~ Processor: Intel64 Family 6 Model 23 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (61% free)
System Restore: Activ (Enable)
System drive C: has 113 GB (24%) free of 466 GB

---\\ Verbinding met het systeem-modus
~ Computer Name: LOEK-PC
~ User Name: Loek
~ All Users Names: Loek, HomeGroupUser$, Gast, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\Loek\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Loek\AppData\Roaming\
~ %Desktop% : C:\Users\Loek\Desktop\
~ %Favorites% : C:\Users\Loek\Favorites\
~ %LocalAppData% : C:\Users\Loek\AppData\Local\
~ %StartMenu% : C:\Users\Loek\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 113 Go of 466 Go)
D: Hard drive, Flash drive, Thumb drive (Free 204 Go of 466 Go)
E: Hard drive, Flash drive, Thumb drive (Free 92 Go of 1397 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Hard drive, Flash drive, Thumb drive (Free 121 Go of 1863 Go)
T: Floppy drive, Flash card reader, USB Key (Not Inserted)
Z: CD-ROM drive (Not Inserted)



---\\ Staat van het Windows Beveiligingscentrum
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.6-3-2014 - 7:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.4-3-2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.21-11-2010 - 4:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-9-2013 - 2:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21-11-2010 - 4:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21-11-2010 - 4:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21-11-2010 - 4:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21-11-2010 - 4:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21-11-2010 - 4:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21-11-2010 - 4:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21-11-2010 - 4:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.21-11-2010 - 4:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/8036
~ Mes musiques (My Musics) : 1/36
~ Mes Videos (My Videos) : 2/248
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 1/17023
~ Mon Bureau (My Desktop) : 1/23
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 22s



---\\ Gestarte processen
[MD5.648584CDD57A2392993EC4155D1C09E2] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552] [PID.2608]
[MD5.C5B5552E5C1A0079C1F7313E7CC7707E] - (.Google - Google Calendar Sync.) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [542264] [PID.2636]
[MD5.CCCDC7B64CFF96C977B0FADC24434628] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Loek\AppData\Roaming\Dropbox\bin\Dropbox.exe [33322312] [PID.2644]
[MD5.0CB7D6F50979400AC40AAE0CF6931F30] - (.Verbatim - GREEN BUTTON.) -- C:\Program Files (x86)\Verbatim\GREEN BUTTON\GREEN BUTTON.exe [483600] [PID.2688]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2936]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2944]
[MD5.E6DEED311D830678E1A0B4889F3C2F0E] - (.UASSOFT.COM - DRIVER AUTORUN.) -- C:\Program Files (x86)\Keyboard Driver\StartAutorun.exe [212992] [PID.2952]
[MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2960]
[MD5.CDE07257FC2802001D930ADD1F25127C] - (.UASSOFT.COM - USB Keyboard And PS/2 Keyboard Driver.) -- C:\Program Files (x86)\Keyboard Driver\KMConfig.exe [397312] [PID.2072]
[MD5.59B7D79AF2159D1C784054D8C0D99EA0] - (.UASSOFT.COM - Keyboard And Mouse Processing.) -- C:\Program Files (x86)\Keyboard Driver\KMProcess.exe [339456] [PID.2100]
[MD5.38C2CE1D38BF3FB52EB61B0864539032] - (...) -- C:\Users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\9099629bdf59c79.exe [288768] [PID.3096]
[MD5.5883D86F8C22B1E5F78627E4AF19B234] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.1460]
[MD5.64A5D30EF57D4214DC9B27798DE2B19E] - (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.exe [13018808] [PID.1632]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.5080]
[MD5.09DCCADFD2EE9A303AE95E44AFC1870F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8023040] [PID.1528]
[MD5.320B1FF1AD395699F81A112AAFDD4620] - (...) -- C:\Users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\4c3b406c51f6d85.exe [93696] [PID.1508]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1532]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1552]
[MD5.C845BAD94BB9AB52806E1402FC04AD89] - (.UASSOFT.COM - Keyboard And Mouse Communication Service.) -- C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe [1821184] [PID.1940]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.1208]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.conduit.com
G2 - GCE: Preference [User Data\Default] [ahdamgeajnilelndecnolnjhjhkbihoj] Taoïstische Paradijs v.1.0.0.28 (Activ)
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Winkel v.0.2 (Activ)
G2 - GCE: Preference [User Data\Default] [bjcgpdkighmjfjlplcighhgamlhkimce] YOUZEEK Free Music v.2.0.3 (Activ)
G2 - GCE: Preference [User Data\Default] [cpnmgihbpgolnjcciglbhklaabhkogin] Max Capacity Training v.1 (Activ)
G2 - GCE: Preference [User Data\Default] [cpompjlmddcnpijabjfcgnpmoibdffoc] GAIN Fitness v.1.0.0 (Activ)
G2 - GCE: Preference [User Data\Default] [ecmphppfkcfflgglcokcbdkofpfegoel] NYTimes v.1.2.4 (Activ)
G2 - GCE: Preference [User Data\Default] [faecdhgibfjjelmkbgbekhnohnlbgcga] WorkoutLabs – Printable Workout Builder v.1.2 (Activ)
G2 - GCE: Preference [User Data\Default] [fjliknjliaohjgjajlgolhijphojjdkc] Wunderlist - To-do and Task list v.2.3.8.5 (Activ)
G2 - GCE: Preference [User Data\Default] [ikknnkomiokeodcdkknnhgjmncfiefmn] Notifier for Twitter v.4.2.16, (Activ)
G2 - GCE: Preference [User Data\Default] [jehemifhdilebjjpibeianiedocpgocn] Lose It! v.3.5.0.3 (Activ)
G2 - GCE: Preference [User Data\Default] [mjcnijlhddpbdemagnpefmlkjdagkogk] Pocket v.0.701 (Activ)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activ)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activ)
G2 - GCE: Preference [User Data\Default] [pckogiikkcdjefncaekfjbdkmlfniagf] Cognifit Hersenfitness v.0.0.0.3 (Activ)

---\\ Google Chrome extensie map
~ Google Lines Browser: 35 Legitimates Filtered in 00mn 18s



---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\Loek\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js (.not file.)
~ Firefox Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, start, zoeken, URLSearchHook, Phishing (R0, R1, R3, R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
~ IE Browser: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net =>PUP.AkamaiHD
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:34078 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts-bestand omleiding (O1)
O1 - Hosts: 216.239.32.20 google.com
O1 - Hosts: 216.239.32.20 google.com www.google.ad
O1 - Hosts: 216.239.32.20 google.com www.google.ae
O1 - Hosts: 216.239.32.20 google.com www.google.com.af
O1 - Hosts: 216.239.32.20 google.com www.google.com.ag
O1 - Hosts: 216.239.32.20 google.com www.google.com.ai
O1 - Hosts: 216.239.32.20 google.com www.google.al
O1 - Hosts: 216.239.32.20 google.com www.google.am
O1 - Hosts: 216.239.32.20 google.com www.google.co.ao
O1 - Hosts: 216.239.32.20 google.com www.google.com.ar
O1 - Hosts: 216.239.32.20 google.com www.google.as
O1 - Hosts: 216.239.32.20 google.com www.google.at
O1 - Hosts: 216.239.32.20 google.com www.google.com.au
O1 - Hosts: 216.239.32.20 google.com www.google.az
O1 - Hosts: 216.239.32.20 google.com www.google.ba
O1 - Hosts: 216.239.32.20 google.com www.google.com.bd
O1 - Hosts: 216.239.32.20 google.com www.google.be
O1 - Hosts: 216.239.32.20 google.com www.google.bf
O1 - Hosts: 216.239.32.20 google.com www.google.bg
O1 - Hosts: 216.239.32.20 google.com www.google.com.bh
O1 - Hosts: 216.239.32.20 google.com www.google.bi
O1 - Hosts: 216.239.32.20 google.com www.google.bj
O1 - Hosts: 216.239.32.20 google.com www.google.com.bn
O1 - Hosts: 216.239.32.20 google.com www.google.com.bo
O1 - Hosts: 216.239.32.20 google.com www.google.com.br
O1 - Hosts: 216.239.32.20 google.com www.google.bs
O1 - Hosts: 216.239.32.20 google.com www.google.bt
O1 - Hosts: 216.239.32.20 google.com www.google.co.bw
O1 - Hosts: 216.239.32.20 google.com www.google.by
O1 - Hosts: 216.239.32.20 google.com www.google.com.bz
O1 - Hosts: 216.239.32.20 google.com www.google.ca
O1 - Hosts: 216.239.32.20 google.com www.google.cd
O1 - Hosts: 216.239.32.20 google.com www.google.cf
O1 - Hosts: 216.239.32.20 google.com www.google.cg
O1 - Hosts: 216.239.32.20 google.com www.google.ch
O1 - Hosts: 216.239.32.20 google.com www.google.ci
O1 - Hosts: 216.239.32.20 google.com www.google.co.ck
O1 - Hosts: 216.239.32.20 google.com www.google.cl
O1 - Hosts: 216.239.32.20 google.com www.google.cm
O1 - Hosts: 216.239.32.20 google.com www.google.cn
O1 - Hosts: 216.239.32.20 google.com www.google.com.co
O1 - Hosts: 216.239.32.20 google.com www.google.co.cr
O1 - Hosts: 216.239.32.20 google.com www.google.com.cu
O1 - Hosts: 216.239.32.20 google.com www.google.cv
O1 - Hosts: 216.239.32.20 google.com www.google.com.cy
O1 - Hosts: 216.239.32.20 google.com www.google.cz
O1 - Hosts: 216.239.32.20 google.com www.google.de
O1 - Hosts: 216.239.32.20 google.com www.google.dj
O1 - Hosts: 216.239.32.20 google.com www.google.dk
O1 - Hosts: 216.239.32.20 google.com www.google.dm
O1 - Hosts: 216.239.32.20 google.com www.google.com.do
O1 - Hosts: 216.239.32.20 google.com www.google.dz
O1 - Hosts: 216.239.32.20 google.com www.google.com.ec
O1 - Hosts: 216.239.32.20 google.com www.google.ee
O1 - Hosts: 216.239.32.20 google.com www.google.com.eg
O1 - Hosts: 216.239.32.20 google.com www.google.es
O1 - Hosts: 216.239.32.20 google.com www.google.com.et
O1 - Hosts: 216.239.32.20 google.com www.google.fi
O1 - Hosts: 216.239.32.20 google.com www.google.com.fj
O1 - Hosts: 216.239.32.20 google.com www.google.fm
O1 - Hosts: 216.239.32.20 google.com www.google.fr
O1 - Hosts: 216.239.32.20 google.com www.google.ga
O1 - Hosts: 216.239.32.20 google.com www.google.ge
O1 - Hosts: 216.239.32.20 google.com www.google.gg
O1 - Hosts: 216.239.32.20 google.com www.google.com.gh
O1 - Hosts: 216.239.32.20 google.com www.google.com.gi
O1 - Hosts: 216.239.32.20 google.com www.google.gl
O1 - Hosts: 216.239.32.20 google.com www.google.gm
O1 - Hosts: 216.239.32.20 google.com www.google.gp
O1 - Hosts: 216.239.32.20 google.com www.google.gr
O1 - Hosts: 216.239.32.20 google.com www.google.com.gt
O1 - Hosts: 216.239.32.20 google.com www.google.gy
O1 - Hosts: 216.239.32.20 google.com www.google.com.hk
O1 - Hosts: 216.239.32.20 google.com www.google.hn
O1 - Hosts: 216.239.32.20 google.com www.google.hr
O1 - Hosts: 216.239.32.20 google.com www.google.ht
O1 - Hosts: 216.239.32.20 google.com www.google.hu
O1 - Hosts: 216.239.32.20 google.com www.google.co.id
O1 - Hosts: 216.239.32.20 google.com www.google.ie
O1 - Hosts: 216.239.32.20 google.com www.google.co.il
O1 - Hosts: 216.239.32.20 google.com www.google.im
O1 - Hosts: 216.239.32.20 google.com www.google.co.in
O1 - Hosts: 216.239.32.20 google.com www.google.iq
O1 - Hosts: 216.239.32.20 google.com www.google.is
O1 - Hosts: 216.239.32.20 google.com www.google.it
O1 - Hosts: 216.239.32.20 google.com www.google.je
O1 - Hosts: 216.239.32.20 google.com www.google.com.jm
O1 - Hosts: 216.239.32.20 google.com www.google.jo
O1 - Hosts: 216.239.32.20 google.com www.google.co.jp
O1 - Hosts: 216.239.32.20 google.com www.google.co.ke
O1 - Hosts: 216.239.32.20 google.com www.google.com.kh
O1 - Hosts: 216.239.32.20 google.com www.google.ki
O1 - Hosts: 216.239.32.20 google.com www.google.kg
O1 - Hosts: 216.239.32.20 google.com www.google.co.kr
O1 - Hosts: 216.239.32.20 google.com www.google.com.kw
O1 - Hosts: 216.239.32.20 google.com www.google.kz
O1 - Hosts: 216.239.32.20 google.com www.google.la
O1 - Hosts: 216.239.32.20 google.com www.google.com.lb
O1 - Hosts: 216.239.32.20 google.com www.google.li
[...]
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 214



---\\ Andere Verwijzigingen gebruikers (O4)
O4 - GS\QuickLaunch [Loek]: Torrent.lnk . (.BitTorrent Inc. - Torrent.) -- C:\Users\Loek\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Loek]: Torrent.lnk . (.BitTorrent Inc. - Torrent.) -- C:\Users\Loek\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 03s



---\\ Toepassingen gestart door register &amp; bestand (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [VDownloader] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [KMCONFIG] . (.UASSOFT.COM - DRIVER AUTORUN.) -- C:\Program Files (x86)\Keyboard Driver\StartAutorun.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3135776167-1637036997-4277777758-1001\..\Run: [HP Officejet Pro 8600 (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-3135776167-1637036997-4277777758-1001\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
~ Application: Scanned in 00mn 00s



---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{5074960B-33B7-4FCC-B242-0B8A6F664C0D}: DhcpNameServer = 212.54.40.25 212.54.44.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{5074960B-33B7-4FCC-B242-0B8A6F664C0D}: DhcpNameServer = 212.54.40.25 212.54.44.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{5074960B-33B7-4FCC-B242-0B8A6F664C0D}: DhcpNameServer = 212.54.40.25 212.54.44.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.44.54
~ Domain: Scanned in 00mn 00s



---\\ Aanvullend Protocol (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML-viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: 4c3b406c51f6d85.exe (4c3b406c51f6d85.exe) . (...) - C:\Users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\4c3b406c51f6d85.exe
O23 - Service: 7fadad202d3a0aa.exe (7fadad202d3a0aa.exe) . (...) - C:\Users\Loek\AppData\Local\cafd8dc2b5c80136a974cb21d2e478f4\7fadad202d3a0aa.exe (.not file.)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) . (.UASSOFT.COM - Keyboard And Mouse Communication Service.) - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe
~ Services: 8 Legitimates Filtered in 00mn 04s



---\\ Taken die zijn gepland in de automatische modus (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1048]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1052]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 04s



---\\ Genstalleerde software (O42)
O42 - Logiciel: Aangifte inkomstenbelasting 2013 - (.Belastingdienst.) [HKLM][64Bits] -- Aangifte inkomstenbelasting 2013
O42 - Logiciel: Aangifte inkomstenbelasting voor ondernemers 2012 - (.Belastingdienst.) [HKLM][64Bits] -- Aangifte inkomstenbelasting voor ondernemers 2012
O42 - Logiciel: ConverterLite 1.6.4.0 - (.ConverterLite.) [HKLM][64Bits] -- ConverterLite
O42 - Logiciel: SoundWire Server version 1.7.3 - (.GeorgieLabs.) [HKLM][64Bits] -- {E15658BC-7742-4397-999F-98B1BD11B784}_is1
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ConverterLite]
[HKCU\Software\Sibental]
[HKCU\Software\Zugara Investment]
[HKLM\Software\RST]
[HKLM\Software\SI-App]
[HKLM\Software\WinUpd]
[HKLM\Software\Wow6432Node\RST]
[HKLM\Software\Wow6432Node\SI-App]
[HKLM\Software\Wow6432Node\Solutions]
[HKLM\Software\Wow6432Node\WinUpd]
~ Key Software: 212 Legitimates Filtered in 00mn 00s



---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 30-3-2014 - 14:47:39 - [] ----D C:\Program Files (x86)\Belastingdienst
O43 - CFD: 25-9-2013 - 23:43:40 - [] ----D C:\Program Files (x86)\ConverterLite
O43 - CFD: 11-6-2013 - 23:24:42 - [] ----D C:\Program Files (x86)\SoundWire Server
O43 - CFD: 17-12-2013 - 15:05:07 - [0] ----D C:\Program Files (x86)\ssurf aund keep =>Adware.SurfAndKeep
O43 - CFD: 17-12-2013 - 15:05:08 - [] ----D C:\ProgramData\2107a8e43f5f3a8a
O43 - CFD: 10-12-2013 - 16:26:12 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 4-6-2014 - 14:23:37 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 30-3-2014 - 14:49:05 - [] ----D C:\Users\Loek\AppData\Roaming\Belastingdienst
O43 - CFD: 21-5-2014 - 8:59:36 - [] ----D C:\Users\Loek\AppData\Roaming\ConverterLite
O43 - CFD: 27-3-2014 - 2:04:24 - [] ----D C:\Users\Loek\AppData\Roaming\ProductData
O43 - CFD: 2-6-2014 - 18:41:21 - [] ----D C:\Users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50
O43 - CFD: 2-6-2014 - 18:41:19 - [] ----D C:\Users\Loek\AppData\Local\cafd8dc2b5c80136a974cb21d2e478f4
~ Program Folder: 166 Legitimates Filtered in 00mn 00s



---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.338DF523C00EF2B307551E9D58935D5C] - 4-6-2014 - 14:16:34 ---A- . (...) -- C:\14.06.04 mwb.txt [1615]
~ Files: 13 Legitimates Filtered in 00mn 21s



---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45)
O45 - LFCP:[MD5.95C258CE64D5AB1EABC43FEB4AD7397A] - 2-6-2014 - 22:08:20 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-BBB69AED.pf =>P2P.Torrent
~ Prefetcher: 1 Legitimates Filtered in 00mn 00s



---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel PoliciesExplorer (CKVI) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:29-4-2009 - 16:28:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - KMWDFilter Driver from UASSOFT.COM.) -- C:\Windows\System32\Drivers\KMWDFILTER.sys [30208]
O58 - SDL:14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:5-2-2013 - 9:54:40 ---A- . (...) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys [37344]
~ Drivers: 54 Legitimates Filtered in 00mn 03s



---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 3-6-2014 - 0:32:18 ---A- . (...) -- C:\Users\Loek\Downloads\ClickHeretoDownloadSetup-8BEhc2CI.exe [222992]
O61 - LFC: 3-6-2014 - 0:32:18 ---A- . (...) -- C:\Users\Loek\Downloads\uplayermediaplayer-setup.exe [623696]
O61 - LFC: 4-6-2014 - 0:31:26 ---A- . (...) -- C:\Users\Loek\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin [308]
O61 - LFC: 4-6-2014 - 0:32:17 ---A- . (...) -- C:\Users\Loek\Desktop\mbam-setup-2.0.0.1000.exe [1624]
O61 - LFC: 4-6-2014 - 0:32:18 ---A- . (...) -- C:\Users\Loek\Downloads\adwcleaner_3.211 (1).exe [1327971]
O61 - LFC: 4-6-2014 - 0:32:18 ---A- . (...) -- C:\Users\Loek\Downloads\adwcleaner_3.211.exe [1327971]
~ 21192 Fichiers temporaires (Temporary files)
~ 28 Fichiers cookies (Cookies files)
~ Files: 56 Legitimates Filtered in 00mn 58s



---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Overzicht met LEGACY services (LALS) (O64)
O64 - Services: CurCS - 27-5-2014 - C:\Users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\RegFltrX64.sys (RegFltrX64) .(...) - LEGACY_REGFLTRX64
~ Legacy: 67 Legitimates Filtered in 00mn 00s



---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0B4DE62F-7721-4353-B247-F1484B424F48} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {A8105727-97B2-4B68-8BA5-57150A17B1B3} - (eseeky) - http://eseeky.com =>Hijacker.Eseeky
~ Keys: Scanned in 00mn 00s



---\\ Geeft een opsomming van bestanden Crack &amp; Keygen (KKF) (O82)
D:\500GB schijf\PRECRAcked-WinRAR.3.71\WinRAR.exe =>.Crack,Keygen
~ Files: Scanned in 01mn 09s



---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.1D96FC25E55D10DBE4EC78379E48E8D4] [SPRF][4-6-2014] (...) -- C:\Users\Loek\Desktop\mbam-setup-2.0.0.1000.exe [1624]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lijst van uitzonderingen in de firewall (FirewallRules) (O87)
O87 - FAEL: "{CD4BFB4A-957E-47D2-8089-0792EE2E31AE}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - Torrent.) -- C:\Users\Loek\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{5DD2CC9C-C39A-4A3B-9B76-252B85EE3A59}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - Torrent.) -- C:\Users\Loek\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_4_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_4_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-10D4_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-10D4_RASMANCS =>Adware.Yontoo
~ BTK: 214 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{303DFB37-BE4B-1EB7-B16D-39924A43E7D7}] (YoutubeAdblocker) =>PUP.Multiplug
~ BCK: 4272 Legitimates Filtered in 00mn 06s



---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Auto 10-7-1658 0 | (7fadad202d3a0aa.exe) . (...) - C:\Users\Loek\AppData\Local\cafd8dc2b5c80136a974cb21d2e478f4\7fadad202d3a0aa.exe
SS - | Demand 14-5-2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 5-11-2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 5-11-2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 21-3-2014 2153792 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 10-7-1658 0 | (rpcapd) . (...) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Demand 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 27-5-2014 93696 | (4c3b406c51f6d85.exe) . (...) - C:\Users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\4c3b406c51f6d85.exe
SR - | Auto 21-12-2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18-8-2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 12-2-2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30-8-2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 21-2-2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 31-8-2009 1821184 | (KMWDSERVICE) . (.UASSOFT.COM.) - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe
SR - | Auto 11-3-2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 10-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Run by Loek at 5-6-2014 0:33:46
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by Loek at 5-6-2014 0:33:48
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Extra scan (O88)
Database Version : 13026 - (4-6-2014)
Cls trouves (Keys found) : 0
Valeurs trouves (Values found) : 2
Dossiers trouvs (Folders found) : 2
Fichiers trouvs (Files found) : 5

C:\Program Files (x86)\ssurf aund keep =>Adware.SurfAndKeep^
C:\ProgramData\InstallMate =>PUP.Tarma^
[HKCR\CLSID\{303DFB37-BE4B-1EB7-B16D-39924A43E7D7}] (YoutubeAdblocker) =>PUP.Multiplug^
C:\Users\Loek\AppData\Local\Temp\uninst1.exe =>PUP.Babylon
C:\Users\Loek\AppData\Local\Temp\tbexpr.dll =>Toolbar.Conduit
~ Additionnel Scan: 467595 Items scanned in 00mn 51s



---\\ Additional information about modules
~ http://nicolascoolman.fr/g0-page-de-demarrage-google-chrome/ =>.Page de dmarrage Google Chrome (G0)
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Extensions (G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Samenvatting van detecties gevonden op uw werkstation
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
http://nicolascoolman.fr/adware-surfandkeep =>Adware.SurfAndKeep
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/33452999-hijacker-eseeky =>Hijacker.Eseeky
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
~ MSI: 8 link(s) detected in 00mn 00s



~ 735 Legitimates filtered by white list
End of the scan (604 lines in 05mn 01s)(1)



Met vriendelijke groet

ADE

 

[Abraham54]

Doe alles conform de stappen volgorde:

Stap 1
Dubbelklik nu de snelkoppeling: ZHPFix Afbeelding

en ga akkoord met de Windows melding.
Druk op de knop "Import"

Kopieer nu volledig de hieronder staande vet-blauw gekleurde tekst en plak deze in het scriptveld van ZHPFix:

[color=#0000FF]
Script ZHPFix
shortcutfix
emptytemp
emptyflash
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net =>PUP.AkamaiHD
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:34078 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
O43 - CFD: 17-12-2013 - 15:05:07 - [0] ----D C:\Program Files (x86)\ssurf aund keep =>Adware.SurfAndKeep
O43 - CFD: 10-12-2013 - 16:26:12 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O61 - LFC: 3-6-2014 - 0:32:18 ---A- . (...) -- C:\Users\Loek\Downloads\ClickHeretoDownloadSetup-8BEhc2CI.exe [222992]
O61 - LFC: 3-6-2014 - 0:32:18 ---A- . (...) -- C:\Users\Loek\Downloads\uplayermediaplayer-setup.exe [623696]
O64 - Services: CurCS - 27-5-2014 - C:\Users\Loek\AppData\Local\1481b74dbf0e060931408a 85e0db9d50\RegFltrX64.sys (RegFltrX64) .(...) - LEGACY_REGFLTRX64
O69 - SBI: SearchScopes [HKCU] {A8105727-97B2-4B68-8BA5-57150A17B1B3} - (eseeky) - http://eseeky.com =>Hijacker.Eseeky
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Smartb arExeInstaller_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Smartb arExeInstaller_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorre nt_RASAPI32 =>P2P.Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorre nt_RASMANCS =>P2P.Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseCo nvert_1_4_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseCo nvert_1_4_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo Setup-S-10D4_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo Setup-S-10D4_RASMANCS =>Adware.Yontoo
[HKCR\CLSID\{303DFB37-BE4B-1EB7-B16D-39924A43E7D7}] (YoutubeAdblocker) =>PUP.Multiplug
SS - | Auto 21-3-2014 2153792 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\ProgramData\InstallMate =>PUP.Tarma^
[HKCR\CLSID\{303DFB37-BE4B-1EB7-B16D-39924A43E7D7}] (YoutubeAdblocker) =>PUP.Multiplug^
C:\Users\Loek\AppData\Local\Temp\uninst1.exe =>PUP.Babylon
C:\Users\Loek\AppData\Local\Temp\tbexpr.dll =>Toolbar.Conduit[/COLOR]

Druk daarna onderaan in het venster op de knop "Go".
De fix zal beginnen - wanneer deze klaar is, opent er een log.

Post aansluitend in je volgende bericht de inhoud van ZPHFix[..].txt.


Stap 2
We dienen Google Chrome volledig te resetten.
Klik op de streepjes en kies dan voor Bladwijzers.
1. Selecteer Bladwijzerbeheer.
2. Klik op het menu Organiseren.
3. Selecteer Bladwijzers exporteren.
Chrome exporteert uw bladwijzers als HTML-bestand.

Daarna log jij via Chrome in op de Google Sync.
1. Klik nu in het opgestarte kleine venster op Geavanceerde synchronisatie-instellingen.
2. Ze de instelling nu op Kies wat je wilt synchroniseren.
Vink daarna alle instellingen uit en klok op OK

Na bovenstaande gedaan te hebben, des installeer je Google Chrome volledig en wanneer je de vraag krijgt over jouw persoonlijke data, ook die volledig verwijderen.
Na het verwijderen start jij jouw PC opnieuw op en met IE of Firefox installeer je Google Chrome opnieuw: http://www.google.nl/intl/nl/chrome/browser/


Stap 3
Hostfile vernieuwen.
In Windows 2000/Windows XP: open een nieuw kladblok document.
In Windows Vista/Windows 7/Windows 8: open een nieuw kladblokdocument middels rechtsklik en kiezen voor "Als administrator uitvoeren.

Klik in de menubalk op "Bestand" en kies dan voor "Openen"
Verander rechtsonder in het document de instelling naar "Alle bestanden".

Navigeer dan vervolgens naar C:\Windows\System32\drivers\etc

Voorbeeld:

Klik nu op hosts.
De inhoud van hosts zal nu in het document getoond worden.

Druk de toetscombinatie CTRL+A in en daarna de Delete-toets - nu is het hostbestand leeg.


Kopieer nu onderstaande, vetblauw aangeven tekst en plak die in het lege hostbestand.
Daarna via Bestand voor Opslaan kiezen.

[B][SIZE=4][COLOR="#0000FF"]# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost[/COLOR][/SIZE][/B]

Na deze aktie bevat Windows weer het origele MS-hostbestand.

N.B.: het kan gebeuren dat bij opslaan van het nieuwe hosts-bestand een foutmelding komt.
Dat betekent dat de gebruikte antivirus de host-file beschermd - dan dus eerst de antivirus deaktiveren.

Alternatief kan je bovenstaande ook uitvoeren in Veilige modus.
Hoe daar te komen zie je hier: http://users.telenet.be/marcvn/spyware/veilige-modus.html

 

[ADE]

Beste Abraham54

Tot nu toe alles kunnen volbrengen met uitzondering van het 'saven' hostfile vernieuwen. Mijn scherm geeft steeds aan: U hebt niet de juiste machtiging om bestanden op de ze locatie op te slaan. Neemt contact op met de beheerder om de juiste machtiging te krijgen.

Naar mijn idee heb ik wel de juiste machtiging, maar ik kom er gewoon niet door.


Hierbij verder de volgende log ZPHFix[..].txt.

Met vriendelijke groet
ADE

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Loek at 5-6-2014 9:58:51
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Prullenbak geleegd (00mn 20s)
Reparatie van browser snelkoppelingen

========== Staat diensten ==========
REGFLTRX64 Volgorde:

========== Registersleutels ==========
VERWIJDERD: SearchScopes :{A8105727-97B2-4B68-8BA5-57150A17B1B3}
VERWIJDERD:* HKCR\CLSID\{303DFB37-BE4B-1EB7-B16D-39924A43E7D7}
VERWIJDERD: Service: LiveUpdateSvc

========== Elementen van de registergegevens ==========
VERWIJDERD: R1 Search Page =
VERWIJDERD: R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable
VERWIJDERD: R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy
VERWIJDERD: R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1
VERWIJDERD: R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1

========== Mappen ==========
Verwijderen tijdelijke Windows (4)
Verwijderd Flash Cookies (0)
VERWIJDERD: C:\Program Files (x86)\ssurf aund keep
VERWIJDERD: C:\ProgramData\InstallMate

========== Bestanden ==========
Verwijderen tijdelijke Windows (55) (22.592.040 octets)
Verwijderd Flash Cookies (0) (0 octets)
VERWIJDERD: c:\users\loek\downloads\clickheretodownloadsetup-8behc2ci.exe
VERWIJDERD: c:\users\loek\downloads\uplayermediaplayer-setup.exe
VERWIJDERD: c:\program files (x86)\iobit\liveupdate\liveupdate.exe


========== Samenvatting ==========
3 : Registersleutels
5 : Elementen van de registergegevens
4 : Mappen
5 : Bestanden
1 : Staat diensten


End of clean in 00mn 23s

========== Pad naar bestand verslag ==========
C:\Users\Loek\AppData\Roaming\ZHP\ZHPFix[R1].txt - 5-6-2014 9:59:12 [1811]

 

[Abraham54]

Heb je kladblok soms zonder adminrechten opgestart?

 

[ADE]

Beste Abraham54

Het schaamrood staat me op de wangen... Het is dus nu gelukt.

Ik heb de procedure t/m saven hotfile + toezending ZHPfix aan jou nu klaar. Komen er nog meer procedures?

Met groet,

ADE

 

[Abraham54]

Ja, we gaan nog verder kijken.

Download

ComboFix via n van deze locaties:

• Bleepingcomputer
• ForoSpyware
• Geekstogo

Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:

• Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

ComboFix opstarten:

• Windows Vista, Windows 7 en Windows 8: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".

ComboFix is opgestart:

• Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
• Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
• Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
• Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
• Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
• Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt

Belangrijke opmerking:

• Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
• Start dan de computer opnieuw op.

 

[ADE]

Beste Abraham54

Hierbij het volgende logbestand (ComboFix)

Met vriendelijke groet,

ADE


ComboFix 14-06-04.01 - Loek 07-06-2014 7:52.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4094.2697 [GMT 2:00]
Gestart vanuit: c:\users\Loek\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\programdata\Booking.ico
c:\programdata\MercadoLivre.ico
c:\users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50
c:\users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\4c3b406c51f6d85.exe
c:\users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\9099629bdf59c79.exe
c:\users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\libgcc_s_dw2-1.dll
c:\users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\libstdc++-6.dll
c:\users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\libwinpthread-1.dll
c:\users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\mingwm10.dll
c:\users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\QtCore4.dll
c:\users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\QtNetwork4.dll
c:\users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\RegFltrX64.sys
c:\users\Loek\AppData\Local\1481b74dbf0e060931408a85e0db9d50\RegFltrX86.sys
c:\users\Loek\AppData\Local\assembly\tmp
c:\users\Loek\AppData\Local\cafd8dc2b5c80136a974cb21d2e478f4
c:\users\Loek\AppData\Local\cafd8dc2b5c80136a974cb21d2e478f4\ac1035dd3e9141f.exe
c:\users\Loek\AppData\Local\cafd8dc2b5c80136a974cb21d2e478f4\libgcc_s_dw2-1.dll
c:\users\Loek\AppData\Local\cafd8dc2b5c80136a974cb21d2e478f4\libstdc++-6.dll
c:\users\Loek\AppData\Local\cafd8dc2b5c80136a974cb21d2e478f4\libwinpthread-1.dll
c:\users\Loek\AppData\Local\cafd8dc2b5c80136a974cb21d2e478f4\QtCore4.dll
c:\users\Loek\AppData\Local\cafd8dc2b5c80136a974cb21d2e478f4\QtNetwork4.dll
c:\users\Loek\AppData\Local\Temp\_MEI24642\_ctypes.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\_elementtree.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\_hashlib.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\_multiprocessing.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\_socket.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\_ssl.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\pyexpat.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\pysqlite2._sqlite.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\python27.dll
c:\users\Loek\AppData\Local\Temp\_MEI24642\pythoncom27.dll
c:\users\Loek\AppData\Local\Temp\_MEI24642\PyWinTypes27.dll
c:\users\Loek\AppData\Local\Temp\_MEI24642\select.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\unicodedata.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32api.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32com.shell.shell.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32crypt.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32event.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32file.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32gui.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32inet.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32pdh.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32pipe.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32process.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32profile.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32security.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\win32ts.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\windows._lib_cacheinvalidation.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\wx._animate.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\wx._controls_.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\wx._core_.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\wx._gdi_.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\wx._html2.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\wx._misc_.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\wx._windows_.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\wx._wizard.pyd
c:\users\Loek\AppData\Local\Temp\_MEI24642\wxbase294u_net_vc90.dll
c:\users\Loek\AppData\Local\Temp\_MEI24642\wxbase294u_vc90.dll
c:\users\Loek\AppData\Local\Temp\_MEI24642\wxmsw294u_adv_vc90.dll
c:\users\Loek\AppData\Local\Temp\_MEI24642\wxmsw294u_core_vc90.dll
c:\users\Loek\AppData\Local\Temp\_MEI24642\wxmsw294u_html_vc90.dll
c:\users\Loek\AppData\Local\Temp\_MEI24642\wxmsw294u_webview_vc90.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_audiodg.exe pid: 4300 2C: c:\windows\System32\nl-NL\audiodg.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_googledrivesync.exe pid: 1008 58: c:\program files (x86)\Google\Drive\googledrivesync.exe
-------\Service_googledrivesync.exe pid: 1008 5C: c:\program files (x86)\Google\Drive\googledrivesync.exe
-------\Service_googledrivesync.exe pid: 1008 C0: c:\program files (x86)\Google\Drive\googledrivesync.exe
-------\Service_googledrivesync.exe pid: 2464 58: c:\program files (x86)\Google\Drive\googledrivesync.exe
-------\Service_Handle v3.42
-------\Service_MsMpEng.exe pid: 816 370: c:\program files\Microsoft Security Client\NisSrv.exe
-------\Service_MsMpEng.exe pid: 816 38C: c:\program files\Microsoft Security Client\MpCmdRun.exe
-------\Service_npf
-------\Service_Sysinternals - www.sysinternals.com
-------\Service_WUDFHost.exe pid: 3084 3C: c:\windows\System32\nl-NL\WUDFHost.exe.mui
-------\Legacy_RegFltrX64
-------\Legacy_RegFltrX64
-------\Service_4c3b406c51f6d85.exe
-------\Service_RegFltrX64
-------\Service_4c3b406c51f6d85.exe
-------\Service_7fadad202d3a0aa.exe
-------\Service_RegFltrX64
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-05-07 to 2014-06-07 ))))))))))))))))))))))))))))))
.
.
2014-06-07 02:27 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0E09FE3-9498-4863-B9FE-14E9B9708761}\mpengine.dll
2014-06-06 12:34 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-06 02:33 . 2014-05-02 01:31 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF5003E7-3B7B-48BF-BCC4-AF2754B04F72}\gapaengine.dll
2014-06-05 08:28 . 2014-06-05 08:28 -------- d-sh--w- c:\users\Loek\AppData\Local\EmieUserList
2014-06-05 08:28 . 2014-06-05 08:28 -------- d-sh--w- c:\users\Loek\AppData\Local\EmieSiteList
2014-06-05 05:56 . 2014-06-05 05:56 -------- d-----w- c:\programdata\Trymedia
2014-06-04 22:33 . 2014-06-04 22:33 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2014-06-04 22:27 . 2014-06-05 07:59 -------- d-----w- c:\users\Loek\AppData\Roaming\ZHP
2014-06-04 22:27 . 2014-06-05 07:48 -------- d-----w- c:\program files (x86)\ZHPDiag
2014-06-04 13:43 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-06-04 13:42 . 2014-06-04 13:47 -------- d-----w- C:\AdwCleaner
2014-06-04 13:30 . 2014-06-04 13:30 -------- d-----w- c:\windows\ERUNT
2014-06-04 12:30 . 2014-06-07 05:46 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-04 12:29 . 2014-06-04 12:34 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-04 12:29 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-04 12:29 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-04 12:29 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-18 22:13 . 2014-05-18 22:13 -------- d-----w- C:\MUZIEK 2013
2014-05-15 01:32 . 2014-05-28 04:56 -------- d-----w- c:\users\Loek\AppData\Roaming\DropboxMaster
2014-05-15 01:06 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 01:06 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 01:06 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 01:06 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 20:05 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 20:05 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-14 20:05 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 01:02 . 2012-10-23 20:42 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 12:25 . 2012-10-24 19:31 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 12:25 . 2012-10-24 19:31 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 01:31 . 2012-11-28 08:21 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-14 18:13 . 2014-04-18 16:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-11 07:52 . 2012-08-30 20:03 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2010-01-26 09:11 . 2013-09-22 15:58 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Loek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Loek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Loek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-04-25 22415552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"KMCONFIG"="c:\program files (x86)\Keyboard Driver\StartAutorun.exe" [2008-05-30 212992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Loek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Loek\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
Inktwaarschuwingen controleren - HP Officejet Pro 8600 (netwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN375DWH5K05KC;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
Verbatim GREEN BUTTON.lnk - c:\program files (x86)\Verbatim\GREEN BUTTON\GREEN BUTTON.exe /a [2013-7-23 483600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Keyboard Driver\KMWDSrv.exe;c:\program files (x86)\Keyboard Driver\KMWDSrv.exe [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-05 08:29 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 12:25]
.
2014-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 22:35]
.
2014-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 22:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-03-21 11:47 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Loek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Loek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Loek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Loek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"VDownloader"="c:\program files\VDownloader\VDownloader.exe" [2013-09-19 880640]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
uInternet Settings,ProxyServer = http=127.0.0.1:24990
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.40.25 212.54.44.54
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{303DFB37-BE4B-1EB7-B16D-39924A43E7D7} - (no file)
AddRemove-{01D7D26C-E9E3-514D-1CA8-DE0281F66344} - c:\progra~3\INSTAL~1\{A58FF~1\Setup.exe
AddRemove-{08AC7BFE-1B25-CA68-B2B5-64D06CB523A8} - c:\progra~3\INSTAL~1\{DAE1E~1\Setup.exe
AddRemove-{0FBD0110-3DC5-7F86-0092-D19FCC0197E8} - c:\progra~3\INSTAL~1\{2CAE8~1\Setup.exe
AddRemove-{12441EF2-26B4-3754-77BA-17084EE8A35C} - c:\progra~3\INSTAL~1\{D0D10~1\Setup.exe
AddRemove-{1437F59D-F7AE-7915-3AEF-EFB2CFCCB177} - c:\progra~3\INSTAL~1\{5FF33~1\Setup.exe
AddRemove-{14EBAC95-D215-918F-CBD2-BF8D62EEC053} - c:\progra~3\INSTAL~1\{F239D~1\Setup.exe
AddRemove-{154F1310-79AF-9C11-00DF-5B78B66FE961} - c:\progra~3\INSTAL~1\{2BEE1~1\Setup.exe
AddRemove-{175863B0-247B-38C8-5A7E-E893AA7DA878} - c:\progra~3\INSTAL~1\{52F07~1\Setup.exe
AddRemove-{1E6476C0-6069-8162-ADCE-7F6684FC86CA} - c:\progra~3\INSTAL~1\{88EBD~1\Setup.exe
AddRemove-{20DBE8C9-ACDC-02FF-1B74-D6411708A6C5} - c:\progra~3\INSTAL~1\{EBC5F~1\Setup.exe
AddRemove-{2362FC47-435A-907F-67F1-90592957D047} - c:\progra~3\INSTAL~1\{A5A27~1\Setup.exe
AddRemove-{243454BE-5FCA-C95D-3686-A4378BE1ABF9} - c:\progra~3\INSTAL~1\{D2D72~1\Setup.exe
AddRemove-{24388317-A472-61C8-57C6-CF45749E9D55} - c:\progra~3\INSTAL~1\{FF475~1\Setup.exe
AddRemove-{28B8B8C0-752F-D54D-4FDF-ABCD9CDFE25D} - c:\progra~3\INSTAL~1\{D79DF~1\Setup.exe
AddRemove-{29CF0A8F-1D63-BA3C-7154-25D26276F91E} - c:\progra~3\INSTAL~1\{5188C~1\Setup.exe
AddRemove-{2A02DD51-A6B2-ADDF-9006-3F69B9A83D4A} - c:\progra~3\INSTAL~1\{D111F~1\Setup.exe
AddRemove-{2C7DCC75-1635-1426-C8D8-BE57CBA8526C} - c:\progra~3\INSTAL~1\{3B4C5~1\Setup.exe
AddRemove-{3020BEDD-F99D-75CA-4387-5C5F33422123} - c:\progra~3\INSTAL~1\{67348~1\Setup.exe
AddRemove-{32256E99-2735-7AF7-7639-44D6197EB46F} - c:\progra~3\INSTAL~1\{9BBC0~1\Setup.exe
AddRemove-{329DB57D-D10D-F76C-162F-140FF8984D8D} - c:\progra~3\INSTAL~1\{D1C6B~1\Setup.exe
AddRemove-{3334FD0D-B805-0B30-F5DF-E1A89E67FC56} - c:\progra~3\INSTAL~1\{47657~1\Setup.exe
AddRemove-{3421D5EF-3198-C105-CDF1-93A89975E73D} - c:\progra~3\INSTAL~1\{CF4AE~1\Setup.exe
AddRemove-{34EBBD13-E0F0-75A8-6EC9-260AA48B542C} - c:\progra~3\INSTAL~1\{A46CE~1\Setup.exe
AddRemove-{36099693-E598-2631-C190-F5A43E3981C4} - c:\progra~3\INSTAL~1\{37012~1\Setup.exe
AddRemove-{361F124D-1F86-4BA8-1D4B-EC30EF1F0471} - c:\progra~3\INSTAL~1\{77C84~1\Setup.exe
AddRemove-{3926C0B5-2F06-D439-7887-F2BD1CDAC14B} - c:\progra~3\INSTAL~1\{F64D6~1\Setup.exe
AddRemove-{39C8415F-6B8E-EAA5-274D-E43617A828CE} - c:\progra~3\INSTAL~1\{C34DB~1\Setup.exe
AddRemove-{3D070371-3613-47F2-747E-BFA9AC71A9A5} - c:\progra~3\INSTAL~1\{71B3D~1\Setup.exe
AddRemove-{3D0EBE90-703F-2FF7-5B21-65B8FD989E43} - c:\progra~3\INSTAL~1\{177BF~1\Setup.exe
AddRemove-{3E29FFAC-C964-D098-C37B-ECC736634533} - c:\progra~3\INSTAL~1\{B9C6C~1\Setup.exe
AddRemove-{3FE3A974-3510-543E-4D55-930D5B972543} - c:\progra~3\INSTAL~1\{E49DA~1\Setup.exe
AddRemove-{435C9FAE-CA07-F4C7-E935-D42FCAC328FB} - c:\progra~3\INSTAL~1\{E05DB~1\Setup.exe
AddRemove-{477194B5-3AB7-FEA8-DF00-7C11CA8E2CED} - c:\progra~3\INSTAL~1\{315D3~1\Setup.exe
AddRemove-{481D34F1-DF83-0197-4B20-C313F97EBD53} - c:\progra~3\INSTAL~1\{28D21~1\Setup.exe
AddRemove-{48C7FF3B-7968-AAFE-AC5D-A8DF41F7E6C4} - c:\progra~3\INSTAL~1\{05F24~1\Setup.exe
AddRemove-{49D37D3A-5766-4949-1A24-67C93A8F7318} - c:\progra~3\INSTAL~1\{E6823~1\Setup.exe
AddRemove-{49DEF103-85C7-AD09-A45A-C50FA279141A} - c:\progra~3\INSTAL~1\{B83BA~1\Setup.exe
AddRemove-{49E3879A-D983-1BC0-0642-4EE1E0FF9DA2} - c:\progra~3\INSTAL~1\{53126~1\Setup.exe
AddRemove-{4AFCAE69-5B92-C043-007A-7FEFBEA4A1FF} - c:\progra~3\INSTAL~1\{AC9E5~1\Setup.exe
AddRemove-{4E6A2C01-3C2F-0A14-0AD8-6A801511D742} - c:\progra~3\INSTAL~1\{C04A2~1\Setup.exe
AddRemove-{561711D7-E429-085D-5D5E-82D7370A13A7} - c:\progra~3\INSTAL~1\{118B8~1\Setup.exe
AddRemove-{68DA31FA-D7B3-4500-8BEF-4F2B003C40E8} - c:\progra~3\INSTAL~1\{FB4A8~1\Setup.exe
AddRemove-{6B5896F2-1BB5-C405-008A-5BBA0756953C} - c:\progra~3\INSTAL~1\{5C183~1\Setup.exe
AddRemove-{70B1A6A8-9EEF-E7D9-A09A-3E62A0139290} - c:\progra~3\INSTAL~1\{CC96D~1\Setup.exe
AddRemove-{71D6E03C-BFAD-1623-B5BF-157804E3EE67} - c:\progra~3\INSTAL~1\{5AE83~1\Setup.exe
AddRemove-{7900CBB5-E011-5113-E4AC-3425F11AB876} - c:\progra~3\INSTAL~1\{663A2~1\Setup.exe
AddRemove-{7A0D7FEE-40D6-D3E6-95A9-607F6AEEC857} - c:\progra~3\INSTAL~1\{0303B~1\Setup.exe
AddRemove-{7B12C950-C6E0-DC37-03B8-02320C3BDE3A} - c:\progra~3\INSTAL~1\{EEC7B~1\Setup.exe
AddRemove-{809C2BE7-F930-AC73-06BE-666610C44C02} - c:\progra~3\INSTAL~1\{D598B~1\Setup.exe
AddRemove-{84CA5842-E388-DDC2-383B-A4719ADEA7AC} - c:\progra~3\INSTAL~1\{5DA2F~1\Setup.exe
AddRemove-{86788528-376D-0C55-B878-0E2722E97014} - c:\progra~3\INSTAL~1\{001B9~1\Setup.exe
AddRemove-{8837DE9F-8924-ADDD-CAB4-75A82184EF26} - c:\progra~3\INSTAL~1\{E99B2~1\Setup.exe
AddRemove-{88F0E359-E3F1-A3C9-9F00-E40F4464A87C} - c:\progra~3\INSTAL~1\{EDEEC~1\Setup.exe
AddRemove-{8B80009C-BB89-EA5B-B05E-F078CF8F3157} - c:\progra~3\INSTAL~1\{47798~1\Setup.exe
AddRemove-{8C5FBA3A-1002-9203-9965-BE65A0C55238} - c:\progra~3\INSTAL~1\{86F97~1\Setup.exe
AddRemove-{921D3C01-2E10-54A7-6F6A-491C9EF59940} - c:\progra~3\INSTAL~1\{13E5C~1\Setup.exe
AddRemove-{95CBE4D5-7E7D-E893-088A-23CE0B915A5D} - c:\progra~3\INSTAL~1\{E485B~1\Setup.exe
AddRemove-{9A3F1D05-B1F0-4D7C-E49C-FE9006B1C640} - c:\progra~3\INSTAL~1\{FBF8F~1\Setup.exe
AddRemove-{9F4A46DE-B63A-AE17-7ECA-6DE9A79725BC} - c:\progra~3\INSTAL~1\{B14E3~1\Setup.exe
AddRemove-{A6C8B03E-6F60-CD16-10FC-54B53AAAFF80} - c:\progra~3\INSTAL~1\{E05E9~1\Setup.exe
AddRemove-{ACDD312E-7168-9D54-8C98-BB0BD7EF2204} - c:\progra~3\INSTAL~1\{57A62~1\Setup.exe
AddRemove-{B00D4DE7-C49F-EE7A-FC3B-5C17B63AEBA9} - c:\progra~3\INSTAL~1\{78E26~1\Setup.exe
AddRemove-{B0AFB435-EF56-44FE-2E28-A1967CEE92E0} - c:\progra~3\INSTAL~1\{14462~1\Setup.exe
AddRemove-{B27DFE22-1357-2B11-6D20-BCAC903C3CF2} - c:\progra~3\INSTAL~1\{450A7~1\Setup.exe
AddRemove-{B2A520A0-8B3F-58F5-61BE-BD21E63350B0} - c:\progra~3\INSTAL~1\{DCDED~1\Setup.exe
AddRemove-{BB170EE1-3BFE-EAD1-9D24-D7BD90B52E16} - c:\progra~3\INSTAL~1\{AC2F6~1\Setup.exe
AddRemove-{BC5CF239-C1ED-1EF2-A7D9-A71293E485C3} - c:\progra~3\INSTAL~1\{BECE3~1\Setup.exe
AddRemove-{BECE488D-BDE3-237A-C35E-13712806B771} - c:\progra~3\INSTAL~1\{70566~1\Setup.exe
AddRemove-{BFA0423C-C5C0-5CF3-F351-827E75ADD372} - c:\progra~3\INSTAL~1\{FC8F7~1\Setup.exe
AddRemove-{C247BC09-EC39-8D71-5232-58CEA3D75DA1} - c:\progra~3\INSTAL~1\{4819A~1\Setup.exe
AddRemove-{C3A1C1B1-14FF-1A98-F512-D27EE056D0D6} - c:\progra~3\INSTAL~1\{A82A0~1\Setup.exe
AddRemove-{C55F2B86-4461-0791-0FEE-418734D24F7F} - c:\progra~3\INSTAL~1\{E9AF7~1\Setup.exe
AddRemove-{CB3C226A-F376-2CB5-6113-CBCD3E992BA4} - c:\progra~3\INSTAL~1\{1950F~1\Setup.exe
AddRemove-{D37CF852-CE75-6143-A937-1D742D6AD4A6} - c:\progra~3\INSTAL~1\{198DD~1\Setup.exe
AddRemove-{DBEF6AE3-313A-B66B-B0A6-90F2DF52DC68} - c:\progra~3\INSTAL~1\{76F7B~1\Setup.exe
AddRemove-{E07D7866-29E7-9C82-E6D4-3E31D5D0F9A3} - c:\progra~3\INSTAL~1\{B0B23~1\Setup.exe
AddRemove-{E16D8D69-D3E1-8A7D-49BB-C5E22BE3DE5B} - c:\progra~3\INSTAL~1\{BF7CB~1\Setup.exe
AddRemove-{E28D0E48-E99D-1845-5FD4-CFCC0B8A4E0E} - c:\progra~3\INSTAL~1\{6FDA5~1\Setup.exe
AddRemove-{E3D39CD6-007D-DCA3-7DD4-B550E3109B89} - c:\progra~3\INSTAL~1\{0C7C1~1\Setup.exe
AddRemove-{E8B445AC-F674-491F-D08E-D2CD454F0FC2} - c:\progra~3\INSTAL~1\{53AB8~1\Setup.exe
AddRemove-{E974A9BF-2B4B-FB39-764F-8C47404B050C} - c:\progra~3\INSTAL~1\{F13AE~1\Setup.exe
AddRemove-{ECBA8F8F-EA5D-AAB8-FA6E-BCE76879D825} - c:\progra~3\INSTAL~1\{30CD0~1\Setup.exe
AddRemove-{ED1825F8-B3FD-B57F-6FE8-A085AC5B3B6D} - c:\progra~3\INSTAL~1\{32D6D~1\Setup.exe
AddRemove-{F0506371-3860-5E4E-6667-60E72CC1EE6D} - c:\progra~3\INSTAL~1\{19DD9~1\Setup.exe
AddRemove-{F9291661-BE0D-24A6-1430-D401BF4C4D67} - c:\progra~3\INSTAL~1\{1CA27~1\Setup.exe
AddRemove-{F96817CE-ED55-2E42-A9A0-5F2FBA9F384A} - c:\progra~3\INSTAL~1\{2061D~1\Setup.exe
AddRemove-{F99598B0-5ADB-3CBA-63F1-D22F6DDCA0E3} - c:\progra~3\INSTAL~1\{FA95D~1\Setup.exe
AddRemove-{FA851CBA-8E33-AE21-D327-5D1406AECC83} - c:\progra~3\INSTAL~1\{56E4F~1\Setup.exe
AddRemove-{FD0F8123-9035-44B0-B331-2596979E74ED}_is1 - i:\downloads ready\Collectorz.com Book Collector Pro v9.2.4-TE\Crack\unins000.exe
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
.
.
"ImagePath"="system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\audiodg.exe pid: 4300 2C: C:]
--
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\googledrivesync.exe pid: 1008 58: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\googledrivesync.exe pid: 1008 5C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\googledrivesync.exe pid: 1008 C0: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\googledrivesync.exe pid: 2464 58: C:]
--
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsMpEng.exe pid: 816 370: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsMpEng.exe pid: 816 38C: C:]
--
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe pid: 3084 3C: C:]
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3135776167-1637036997-4277777758-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*3*^c]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3135776167-1637036997-4277777758-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*3*^c\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Voltooingstijd: 2014-06-07 08:20:43 - machine werd herstart
ComboFix-quarantined-files.txt 2014-06-07 06:20
.
Pre-Run: 120.841.572.352 bytes beschikbaar
Post-Run: 121.802.338.304 bytes beschikbaar
.
- - End Of File - - DF970983EE2A7A6B552EA40CB31621FD
A36C5E4F47E84449FF07ED3517B43A31

 

[Abraham54]

Download

Farbar Recovery Scan Tool 32 of 64 bit van n van de onderstaande links
Farbar Recovery Scan Tool 32 bit (x86)
Farbar Recovery Scan Tool 64 bit (x64)
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Opmerkingen:

• Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

FRST opstarten:

• Windows 2000 en Windows XP: dubbelklik op FRST.exe.
• Windows Vista, Windows 7 en Windows 8: via rechtsklik op FRST.exe of FRST64.exe en kies voor "Als Administrator uitvoeren".

FRST is opgestart:

• Wanneer het programma is geopend klik dan op de knop Yes bij de disclaimer.
• Druk vervolgens op de Scan knop.
• Aansluitend zal een logbestand (FRST.txt) aangemaakt worden en op het bureaublad opgeslagen worden.
• Post de inhoud van FRST.txt in je volgende bericht

.

 

[ADE]

Beste Abraham54

Hierbij het logbestand FRST.txt

Met groet,

ADE

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Loek (administrator) on LOEK-PC on 07-06-2014 17:44:10
Running from C:\Users\Loek\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(UASSOFT.COM) C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader.exe [880640 2013-09-19] (Vitzo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KMCONFIG] => C:\Program Files (x86)\Keyboard Driver\StartAutorun.exe KMConfig.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-3135776167-1637036997-4277777758-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3135776167-1637036997-4277777758-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Loek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Loek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Loek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Officejet Pro 8600 (netwerk).lnk
ShortcutTarget: Inktwaarschuwingen controleren - HP Officejet Pro 8600 (netwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Loek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk
ShortcutTarget: Verbatim GREEN BUTTON.lnk -> C:\Program Files (x86)\Verbatim\GREEN BUTTON\GREEN BUTTON.exe (Verbatim)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:24990
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: No Name - {303DFB37-BE4B-1EB7-B16D-39924A43E7D7} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.44.54

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=48
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Taoïstische Paradijs) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdamgeajnilelndecnolnjhjhkbihoj [2014-02-22]
CHR Extension: (Google Documenten) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-19]
CHR Extension: (Google Drive) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-19]
CHR Extension: (YOUZEEK Free Music) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce [2014-02-23]
CHR Extension: (YouTube) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-19]
CHR Extension: (Twitter for Chrome) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdoinklelehcpndgmcddkkdhibpoglnk [2014-02-22]
CHR Extension: (Google Zoeken) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-19]
CHR Extension: (Max Capacity Training) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnmgihbpgolnjcciglbhklaabhkogin [2014-02-23]
CHR Extension: (GAIN Fitness) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpompjlmddcnpijabjfcgnpmoibdffoc [2014-02-23]
CHR Extension: (High Contrast) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2014-02-23]
CHR Extension: (NYTimes) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2014-04-18]
CHR Extension: (Google Agenda) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-02-22]
CHR Extension: (WorkoutLabs – Printable Workout Builder) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\faecdhgibfjjelmkbgbekhnohnlbgcga [2014-02-22]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-02-22]
CHR Extension: (Classic) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2014-02-23]
CHR Extension: (Google Play Music) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-02-23]
CHR Extension: (Notifier for Twitter) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn [2014-02-23]
CHR Extension: (Lose It!) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehemifhdilebjjpibeianiedocpgocn [2014-04-18]
CHR Extension: (Evernote Web) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-02-23]
CHR Extension: (Until AM for Chrome) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl [2014-02-23]
CHR Extension: (Pocket) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-02-23]
CHR Extension: (Mahjong Solitaire) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2014-04-18]
CHR Extension: (Google Wallet) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-22]
CHR Extension: (Cognifit Hersenfitness) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckogiikkcdjefncaekfjbdkmlfniagf [2014-02-23]
CHR Extension: (Gmail) - C:\Users\Loek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-19]
CHR HKCU\...\Chrome\Extension: [ajabgmkadchiibcnkdghiihchmlfjnmc] - C:\Users\Loek\AppData\Local\CRE\ajabgmkadchiibcnkdghiihchmlfjnmc.crx [2014-02-19]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Loek\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-11-13]
CHR HKCU\...\Chrome\Extension: [meinjhkhgaalhfbinmclpmjikccbplkf] - C:\Users\Loek\AppData\Local\CRE\meinjhkhgaalhfbinmclpmjikccbplkf.crx [2013-11-13]
CHR HKLM-x32\...\Chrome\Extension: [ajabgmkadchiibcnkdghiihchmlfjnmc] - C:\Users\Loek\AppData\Local\CRE\ajabgmkadchiibcnkdghiihchmlfjnmc.crx [2013-11-13]
CHR HKLM-x32\...\Chrome\Extension: [meinjhkhgaalhfbinmclpmjikccbplkf] - C:\Users\Loek\AppData\Local\CRE\meinjhkhgaalhfbinmclpmjikccbplkf.crx [2013-11-13]

==================== Services (Whitelisted) =================

R2 KMWDSERVICE; C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe [1821184 2009-08-31] (UASSOFT.COM)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-07 17:44 - 2014-06-07 17:44 - 00012218 _____ () C:\Users\Loek\Desktop\FRST.txt
2014-06-07 17:44 - 2014-06-07 17:44 - 00000000 ____D () C:\FRST
2014-06-07 17:43 - 2014-06-07 17:43 - 02072576 _____ (Farbar) C:\Users\Loek\Desktop\FRST64.exe
2014-06-07 08:36 - 2014-06-07 09:40 - 194973675 _____ () C:\Users\Loek\Downloads\Disc 1.rar
2014-06-07 08:35 - 2014-06-07 10:56 - 432331361 _____ () C:\Users\Loek\Downloads\925DJCollector6_ISRA.rar
2014-06-07 08:31 - 2014-06-07 10:01 - 326090502 _____ () C:\Users\Loek\Downloads\Leon Ndugu (1980).rar
2014-06-07 08:26 - 2014-06-07 08:26 - 00035413 _____ () C:\Users\Loek\Desktop\14.06.07 ComboFix.txt
2014-06-07 08:21 - 2014-06-07 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-07 08:21 - 2014-06-07 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-07 08:21 - 2014-06-07 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-07 08:20 - 2014-06-07 08:20 - 00035413 _____ () C:\ComboFix.txt
2014-06-07 07:50 - 2014-06-07 08:21 - 00000000 ____D () C:\Qoobox
2014-06-07 07:50 - 2014-06-07 08:21 - 00000000 ____D () C:\ComboFix
2014-06-07 07:50 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-07 07:50 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-07 07:50 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-07 07:50 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-07 07:50 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-07 07:50 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-07 07:50 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-07 07:50 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-07 07:49 - 2014-06-07 08:17 - 00000000 ____D () C:\Windows\erdnt
2014-06-07 07:47 - 2014-06-07 07:47 - 05205146 ____R (Swearware) C:\Users\Loek\Desktop\ComboFix.exe
2014-06-07 02:17 - 2014-06-07 04:21 - 448580692 _____ () C:\Users\Loek\Downloads\924DJCollector5_ISRA.rar
2014-06-07 01:46 - 2014-06-07 01:46 - 00021342 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.alive.1970.eac.flac.torrent
2014-06-07 01:46 - 2014-06-07 01:46 - 00019731 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.visions.1971.eac.flac.torrent
2014-06-07 01:46 - 2014-06-07 01:46 - 00017112 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.the.latin.bit.1962.eac.flac.torrent
2014-06-07 01:46 - 2014-06-07 01:46 - 00016608 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.idle.moments.1963.eac.flac.torrent
2014-06-07 01:46 - 2014-06-07 01:46 - 00014161 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.first.session.2001.eac.flac.torrent
2014-06-07 01:46 - 2014-06-07 01:46 - 00014139 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.green.street.1961.eac.flac.torrent
2014-06-07 01:45 - 2014-06-07 01:45 - 00018700 _____ () C:\Users\Loek\Downloads\[kickass.to]va.zen.and.relaxation.music.torrent
2014-06-07 01:44 - 2014-06-07 01:44 - 00009666 _____ () C:\Users\Loek\Downloads\[kickass.to]anthony.b.seven.seals.cd.flac.1999.yard.torrent
2014-06-07 01:44 - 2014-06-07 01:44 - 00008456 _____ () C:\Users\Loek\Downloads\[kickass.to]td.rankin.sugar.daddy.cd.flac.2013.yard.torrent
2014-06-07 01:44 - 2014-06-07 01:44 - 00007443 _____ () C:\Users\Loek\Downloads\[kickass.to]mikey.dread.african.anthem.revisited.cd.flac.1991.yard.torrent
2014-06-07 01:43 - 2014-06-07 01:43 - 00043431 _____ () C:\Users\Loek\Downloads\[kickass.to]duane.allman.an.anthology.1972.torrent
2014-06-07 01:43 - 2014-06-07 01:43 - 00006874 _____ () C:\Users\Loek\Downloads\[kickass.to]va.yabby.you.and.the.prophets.deeper.roots.part.2.cd.flac.2014.yard.torrent
2014-06-07 01:42 - 2014-06-07 01:42 - 00018521 _____ () C:\Users\Loek\Downloads\[kickass.to]enigma.2013.classic.album.selection.5.cd.box.320.vodka.torrent
2014-06-07 01:39 - 2014-06-07 01:39 - 00011983 _____ () C:\Users\Loek\Downloads\[kickass.to]charles.eddie.duophonic.cd.torrent
2014-06-07 01:36 - 2014-06-07 01:37 - 110484860 _____ () C:\Users\Loek\Downloads\60X9zPvZOgpEPXQaK9F87i-v-56QH6OnmXKth7Dfjac.rar
2014-06-07 01:35 - 2014-06-07 01:35 - 170596021 _____ () C:\Users\Loek\Downloads\54OLIgVt7ECaLo4ZeMs-oTaCSLKDgCcUh5MuGG3iGwo.rar
2014-06-07 01:28 - 2014-06-07 03:48 - 427950240 _____ () C:\Users\Loek\Downloads\932DJCollector7_ISRA.rar
2014-06-07 01:26 - 2014-06-07 02:11 - 161931142 _____ () C:\Users\Loek\Downloads\Lights32.rar
2014-06-07 01:24 - 2014-06-07 03:56 - 464051374 _____ () C:\Users\Loek\Downloads\936DJCollector9_ISRA.rar
2014-06-06 09:17 - 2014-06-06 09:17 - 00000000 ____D () C:\Users\Loek\Documents\AAAA - Burgerkracht
2014-06-06 08:52 - 2014-06-06 08:52 - 00017065 _____ () C:\Users\Loek\Downloads\[kickass.to]arthur.prysock.4.albums.from.vinyls.torrent
2014-06-06 08:51 - 2014-06-06 08:52 - 00020222 _____ () C:\Users\Loek\Downloads\[kickass.to]dr.octagon.dr.octagonecologyst.1996.v0.torrent
2014-06-06 08:46 - 2014-06-06 09:39 - 189173870 _____ () C:\Users\Loek\Downloads\Arthur Prysock (1977).rar
2014-06-06 08:44 - 2014-06-06 10:25 - 186026957 _____ () C:\Users\Loek\Downloads\APrys@ck(968)FL.rar
2014-06-06 06:52 - 2014-06-06 08:10 - 280694645 _____ () C:\Users\Loek\Downloads\Arthur Prysock (1995).rar
2014-06-06 06:49 - 2014-06-06 07:27 - 118114894 _____ () C:\Users\Loek\Downloads\3575VAAA.14.rar
2014-06-06 06:45 - 2014-06-06 06:45 - 00342256 _____ (BrilliantInstaller) C:\Users\Loek\Downloads\dwmp.rar.exe
2014-06-06 06:43 - 2014-06-06 09:38 - 531939817 _____ () C:\Users\Loek\Downloads\rmmos.rar
2014-06-06 00:43 - 2014-06-06 00:44 - 83518007 _____ () C:\Users\Loek\Downloads\D.O.7. Shirati Jazz - Rose Atieno.rar
2014-06-06 00:42 - 2014-06-06 00:43 - 88188782 _____ () C:\Users\Loek\Downloads\fP9jPI5F54llZYDXjfY-HwGwENhfwwrtlf3-gp4pT1I.rar
2014-06-06 00:41 - 2014-06-06 01:29 - 170551888 _____ () C:\Users\Loek\Downloads\Peabo Bryson (2006).rar
2014-06-06 00:39 - 2014-06-06 00:39 - 00014191 _____ () C:\Users\Loek\Downloads\[kickass.to]soul.ecstasy.vol.1.just.a.kiss.away.torrent
2014-06-06 00:39 - 2014-06-06 00:39 - 00013863 _____ () C:\Users\Loek\Downloads\[kickass.to]soul.ecstasy.vol.2.good.things.don.t.last.forever.torrent
2014-06-06 00:35 - 2014-06-06 00:35 - 00028053 _____ () C:\Users\Loek\Downloads\[kickass.to]willie.nelson.to.all.the.girls.2013.eac.flac.torrent
2014-06-06 00:35 - 2014-06-06 00:35 - 00022184 _____ () C:\Users\Loek\Downloads\[kickass.to]the.band.collection.1968.77.7cd.japanese.shm.box.2013.mp3.320kbps.beolab1700.torrent
2014-06-06 00:32 - 2014-06-06 00:32 - 00020158 _____ () C:\Users\Loek\Downloads\[kickass.to]american.top.40.1987.may.30th.torrent
2014-06-06 00:32 - 2014-06-06 00:32 - 00014031 _____ () C:\Users\Loek\Downloads\[kickass.to]jaco.pastorius.big.band.twins.i.1982.eac.flac.torrent
2014-06-06 00:29 - 2014-06-06 00:29 - 00026433 _____ () C:\Users\Loek\Downloads\[kickass.to]kelly.price.discography.1998.2011.mp3.320.torrent
2014-06-06 00:29 - 2014-06-06 00:29 - 00020175 _____ () C:\Users\Loek\Downloads\[kickass.to]american.top.40.1979.june.2nd.torrent
2014-06-06 00:28 - 2014-06-06 00:28 - 00012727 _____ () C:\Users\Loek\Downloads\[kickass.to]barrington.levy.original.ragga.muffin.2002.jahlifelabel.torrent
2014-06-06 00:26 - 2014-06-06 00:26 - 00053541 _____ () C:\Users\Loek\Downloads\[kickass.to]island.reggae.torrent
2014-06-06 00:26 - 2014-06-06 00:26 - 00013763 _____ () C:\Users\Loek\Downloads\[kickass.to]joan.osborne.love.and.hate.2014.torrent
2014-06-06 00:25 - 2014-06-06 00:25 - 00021252 _____ () C:\Users\Loek\Downloads\[kickass.to]extended.80.s.torrent
2014-06-06 00:24 - 2014-06-06 00:24 - 00030121 _____ () C:\Users\Loek\Downloads\[kickass.to]ned.doheny.separate.oceans.2014.torrent
2014-06-06 00:24 - 2014-06-06 00:24 - 00013293 _____ () C:\Users\Loek\Downloads\[kickass.to]pete.seeger.and.brother.kirk.visit.sesame.street.torrent
2014-06-06 00:23 - 2014-06-06 00:23 - 00015477 _____ () C:\Users\Loek\Downloads\[kickass.to]soul.ecstasy.vol.4.after.a.night.like.this.torrent
2014-06-06 00:23 - 2014-06-06 00:23 - 00013476 _____ () C:\Users\Loek\Downloads\[kickass.to]soul.ecstasy.vol.5.the.show.ain.t.over.torrent
2014-06-06 00:22 - 2014-06-06 00:22 - 00020932 _____ () C:\Users\Loek\Downloads\[kickass.to]creedence.clearwater.revival.greatest.hits.2014.flac.torrent
2014-06-06 00:22 - 2014-06-06 00:22 - 00017711 _____ () C:\Users\Loek\Downloads\[kickass.to]t.connection.t.connection.album.1979.mp3.192.kbps.uj.rip.torrent
2014-06-06 00:21 - 2014-06-06 00:21 - 00016108 _____ () C:\Users\Loek\Downloads\[kickass.to]va.miles.davis.tribute.to.a.genius.2014.320.jamal.the.moroccan.torrent
2014-06-06 00:20 - 2014-06-06 00:20 - 00018743 _____ () C:\Users\Loek\Downloads\[kickass.to]meshell.ndegeocello.comet.come.to.me.2014.mp3.320.torrent
2014-06-06 00:20 - 2014-06-06 00:20 - 00012928 _____ () C:\Users\Loek\Downloads\[kickass.to]jaco.pastorius.big.band.twins.ii.1982.2013.remaster.mp3.320.1337x.kawli.torrent
2014-06-06 00:19 - 2014-06-06 00:19 - 00028157 _____ () C:\Users\Loek\Downloads\[kickass.to]kelly.price.sing.pray.love.vol.1.sing.album.axiytuns.torrent
2014-06-06 00:18 - 2014-06-06 00:18 - 00021647 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.ballads.1962.eac.flac.torrent
2014-06-06 00:18 - 2014-06-06 00:18 - 00020124 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.grant.s.first.stand.1961.eac.ape.torrent
2014-06-06 00:18 - 2014-06-06 00:18 - 00011675 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.am.i.blue.1963.eac.flac.torrent
2014-06-06 00:18 - 2014-06-06 00:18 - 00011675 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.am.i.blue.1963.eac.flac (1).torrent
2014-06-06 00:17 - 2014-06-06 00:17 - 00086348 _____ () C:\Users\Loek\Downloads\[kickass.to]donna.summer.anthology.1993.torrent
2014-06-06 00:17 - 2014-06-06 00:17 - 00030213 _____ () C:\Users\Loek\Downloads\[kickass.to]the.three.degrees.torrent
2014-06-06 00:09 - 2014-06-06 02:41 - 467113284 _____ () C:\Users\Loek\Downloads\920DJCollector2_ISRA.rar
2014-06-06 00:08 - 2014-06-06 02:35 - 449397699 _____ () C:\Users\Loek\Downloads\921DJCollector3_ISRA.rar
2014-06-05 23:00 - 2014-06-05 23:00 - 00001304 _____ () C:\Users\Loek\Desktop\Notepad.lnk
2014-06-05 10:29 - 2014-06-05 10:29 - 00002279 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-05 10:28 - 2014-06-05 10:28 - 00000000 __SHD () C:\Users\Loek\AppData\Local\EmieUserList
2014-06-05 10:28 - 2014-06-05 10:28 - 00000000 __SHD () C:\Users\Loek\AppData\Local\EmieSiteList
2014-06-05 10:01 - 2014-06-05 10:02 - 00000000 ____D () C:\Users\Loek\Documents\CHROME Bladwijzers
2014-06-05 09:59 - 2014-06-05 09:59 - 00001887 _____ () C:\Users\Loek\Desktop\ZHPFixReport.txt
2014-06-05 09:47 - 2014-06-05 09:47 - 00003128 _____ () C:\Windows\System32\Tasks\{6E7432BC-3BDA-4BD0-8F98-8CB99237A060}
2014-06-05 09:43 - 2014-06-05 09:44 - 06823503 _____ (Nicolas Coolman ) C:\Users\Loek\Downloads\ZHPDiag2 (2).exe
2014-06-05 07:56 - 2014-06-05 07:56 - 00000000 ____D () C:\ProgramData\Trymedia
2014-06-05 00:42 - 2014-06-05 00:42 - 00037599 _____ () C:\Users\Loek\Desktop\14.06.05 ZHPDiag.txt
2014-06-05 00:34 - 2014-06-05 00:34 - 00037599 _____ () C:\Users\Loek\Desktop\ZHPDiag.txt
2014-06-05 00:33 - 2014-06-05 00:33 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-06-05 00:27 - 2014-06-05 09:59 - 00000000 ____D () C:\Users\Loek\AppData\Roaming\ZHP
2014-06-05 00:27 - 2014-06-05 09:48 - 00001991 _____ () C:\Users\Loek\Desktop\ZHPFix.lnk
2014-06-05 00:27 - 2014-06-05 09:48 - 00001864 _____ () C:\Users\Loek\Desktop\ZHPDiag.lnk
2014-06-05 00:27 - 2014-06-05 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-06-05 00:27 - 2014-06-05 09:48 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-06-05 00:26 - 2014-06-05 00:26 - 06823503 _____ (Nicolas Coolman ) C:\Users\Loek\Downloads\ZHPDiag2 (1).exe
2014-06-05 00:19 - 2014-06-05 00:19 - 06823503 _____ (Nicolas Coolman ) C:\Users\Loek\Downloads\ZHPDiag2.exe
2014-06-04 15:48 - 2014-06-04 15:48 - 00005393 _____ () C:\Users\Loek\Desktop\14.06.04 AdwCleaner[S0].txt
2014-06-04 15:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-04 15:42 - 2014-06-04 15:47 - 00000000 ____D () C:\AdwCleaner
2014-06-04 15:41 - 2014-06-04 15:41 - 01327971 _____ () C:\Users\Loek\Downloads\adwcleaner_3.211 (1).exe
2014-06-04 15:40 - 2014-06-04 15:40 - 01327971 _____ () C:\Users\Loek\Downloads\adwcleaner_3.211.exe
2014-06-04 15:30 - 2014-06-04 15:30 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 15:28 - 2014-06-04 15:28 - 01016261 _____ (Thisisu) C:\Users\Loek\Downloads\JRT.exe
2014-06-04 15:16 - 2014-06-04 15:16 - 00001615 _____ () C:\14.06.04 mwb.txt
2014-06-04 15:16 - 2014-06-04 15:16 - 00000525 _____ () C:\Users\Loek\Desktop\14.06.04 mwb.lnk
2014-06-04 14:30 - 2014-06-07 08:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 14:30 - 2014-06-04 14:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 14:30 - 2014-06-04 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 14:29 - 2014-06-04 14:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 14:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 14:29 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-04 14:29 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-04 14:25 - 2014-06-04 15:26 - 00001624 _____ () C:\Users\Loek\Desktop\mbam-setup-2.0.0.1000.exe
2014-06-03 09:26 - 2014-06-03 09:50 - 146208687 _____ () C:\Users\Loek\Downloads\VA - Studio One Showcase Volume 1.rar
2014-06-03 09:26 - 2014-06-03 09:48 - 125099571 _____ () C:\Users\Loek\Downloads\VA - Solid Gold, Coxsone Style.rar
2014-06-03 09:26 - 2014-06-03 09:47 - 113944483 _____ () C:\Users\Loek\Downloads\VA - Rare Reggae Grooves From Studio One.rar
2014-06-03 09:25 - 2014-06-03 09:50 - 164861925 _____ () C:\Users\Loek\Downloads\Cult Cargo - Salsa Boricua De Chicago (2011).rar
2014-06-03 09:25 - 2014-06-03 09:46 - 107605908 _____ () C:\Users\Loek\Downloads\Soul Defenders at Studio One.rar
2014-06-03 09:25 - 2014-06-03 09:43 - 90327698 _____ () C:\Users\Loek\Downloads\Brenda & The Tabulations - Dry Your Eyes (1967 Reissue 1997).rar
2014-06-03 09:25 - 2014-06-03 09:42 - 83185072 _____ () C:\Users\Loek\Downloads\Ultimate Northern Soul - 22 Classic & Rare Floorshakers!.rar
2014-06-03 09:07 - 2014-06-03 09:53 - 142459354 _____ () C:\Users\Loek\Downloads\dmlol.rar
2014-06-03 06:43 - 2014-06-03 10:37 - 425730163 _____ () C:\Users\Loek\Downloads\Hank_Ballard-Midnighters-NothingButGood.israbox.part2.rar
2014-06-02 23:09 - 2014-06-02 23:09 - 00022102 _____ () C:\Users\Loek\Downloads\[kickass.to]isaac.hayes.millie.jackson.royal.rappin.s.1979.eac.flac.torrent
2014-06-02 23:09 - 2014-06-02 23:09 - 00016619 _____ () C:\Users\Loek\Downloads\[kickass.to]isaac.hayes.isaac.hayes.at.wattstax.2003.eac.flac.torrent
2014-06-02 23:09 - 2014-06-02 23:09 - 00012859 _____ () C:\Users\Loek\Downloads\[kickass.to]isaac.hayes.greatest.hit.singles.1982.eac.flac.torrent
2014-06-02 23:08 - 2014-06-02 23:08 - 00021898 _____ () C:\Users\Loek\Downloads\[kickass.to]isaac.hayes.ultimate.isaac.hayes.can.you.dig.it.cd1.2005.eac.flac.torrent
2014-06-02 23:08 - 2014-06-02 23:08 - 00020503 _____ () C:\Users\Loek\Downloads\[kickass.to]isaac.hayes.ultimate.isaac.hayes.can.you.dig.it.cd2.2005.eac.flac.torrent
2014-06-01 10:25 - 2014-06-01 10:25 - 00042725 _____ () C:\Users\Loek\Downloads\[kickass.to]the.chemical.brothers.complete.studio.discography.1995.2011.torrent
2014-06-01 10:09 - 2014-06-01 10:18 - 00000000 ____D () C:\Users\Loek\Documents\Music Knowlegde
2014-05-31 23:39 - 2014-05-31 23:39 - 00021219 _____ () C:\Users\Loek\Downloads\[kickass.to]milton.nascimento.torrent
2014-05-30 00:04 - 2014-05-30 00:04 - 00019717 _____ () C:\Users\Loek\Downloads\[kickass.to]jerry.reed.the.essential.jerry.reed.torrent
2014-05-23 01:03 - 2014-05-23 01:03 - 00014976 _____ () C:\Users\Loek\Downloads\[kickass.to]queen.bey.arthur.blythe.live.1997.vol.2.jazzmp3.320h33tschon55.torrent
2014-05-21 09:49 - 2014-05-21 10:28 - 00000000 ____D () C:\Users\Loek\Documents\AAAAA Subsidiemogelijkheden
2014-05-19 00:13 - 2014-05-19 00:13 - 00000000 ____D () C:\MUZIEK 2013
2014-05-15 03:32 - 2014-05-28 06:56 - 00000000 ____D () C:\Users\Loek\AppData\Roaming\DropboxMaster
2014-05-15 03:06 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:06 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:06 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:06 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:06 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:06 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 22:05 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 22:05 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 22:05 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 22:05 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 22:04 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 22:04 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 22:04 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 22:04 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 22:04 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 22:04 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 22:04 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 22:04 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 22:04 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 22:04 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 22:04 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 22:04 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 22:04 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 22:04 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 22:04 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 22:04 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 22:04 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 22:04 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 22:04 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 22:04 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 22:04 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 22:04 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 22:04 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 22:04 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 22:04 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 22:04 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 22:04 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 22:04 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 22:04 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 22:04 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 22:04 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 22:04 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 22:04 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 22:04 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 22:04 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 22:04 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 22:04 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 22:04 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 22:04 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 22:04 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 22:04 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

==================== One Month Modified Files and Folders =======

2014-06-07 17:44 - 2014-06-07 17:44 - 00012218 _____ () C:\Users\Loek\Desktop\FRST.txt
2014-06-07 17:44 - 2014-06-07 17:44 - 00000000 ____D () C:\FRST
2014-06-07 17:44 - 2012-10-23 22:00 - 00000000 ____D () C:\Users\Loek\AppData\Local\Temp
2014-06-07 17:43 - 2014-06-07 17:43 - 02072576 _____ (Farbar) C:\Users\Loek\Desktop\FRST64.exe
2014-06-07 17:39 - 2012-11-06 00:35 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-07 17:32 - 2012-10-24 21:31 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-07 17:32 - 2012-10-23 21:56 - 01956594 _____ () C:\Windows\WindowsUpdate.log
2014-06-07 10:56 - 2014-06-07 08:35 - 432331361 _____ () C:\Users\Loek\Downloads\925DJCollector6_ISRA.rar
2014-06-07 10:01 - 2014-06-07 08:31 - 326090502 _____ () C:\Users\Loek\Downloads\Leon Ndugu (1980).rar
2014-06-07 09:40 - 2014-06-07 08:36 - 194973675 _____ () C:\Users\Loek\Downloads\Disc 1.rar
2014-06-07 08:28 - 2014-06-04 14:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 08:26 - 2014-06-07 08:26 - 00035413 _____ () C:\Users\Loek\Desktop\14.06.07 ComboFix.txt
2014-06-07 08:21 - 2014-06-07 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-07 08:21 - 2014-06-07 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-07 08:21 - 2014-06-07 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-07 08:21 - 2014-06-07 07:50 - 00000000 ____D () C:\Qoobox
2014-06-07 08:21 - 2014-06-07 07:50 - 00000000 ____D () C:\ComboFix
2014-06-07 08:21 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-07 08:20 - 2014-06-07 08:20 - 00035413 _____ () C:\ComboFix.txt
2014-06-07 08:17 - 2014-06-07 07:49 - 00000000 ____D () C:\Windows\erdnt
2014-06-07 08:17 - 2009-07-14 06:45 - 00035504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 08:17 - 2009-07-14 06:45 - 00035504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-07 08:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-07 08:09 - 2012-11-06 00:35 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-07 08:09 - 2010-11-21 05:47 - 00264382 _____ () C:\Windows\PFRO.log
2014-06-07 08:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 08:09 - 2009-07-14 06:51 - 00086683 _____ () C:\Windows\setupact.log
2014-06-07 08:08 - 2009-07-14 04:34 - 71041024 _____ () C:\Windows\system32\config\software.bak
2014-06-07 08:08 - 2009-07-14 04:34 - 14942208 _____ () C:\Windows\system32\config\system.bak
2014-06-07 08:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-06-07 08:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-06-07 08:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-06-07 07:47 - 2014-06-07 07:47 - 05205146 ____R (Swearware) C:\Users\Loek\Desktop\ComboFix.exe
2014-06-07 07:43 - 2012-11-17 13:17 - 00000000 ____D () C:\Users\Loek\AppData\Roaming\uTorrent
2014-06-07 04:21 - 2014-06-07 02:17 - 448580692 _____ () C:\Users\Loek\Downloads\924DJCollector5_ISRA.rar
2014-06-07 03:56 - 2014-06-07 01:24 - 464051374 _____ () C:\Users\Loek\Downloads\936DJCollector9_ISRA.rar
2014-06-07 03:48 - 2014-06-07 01:28 - 427950240 _____ () C:\Users\Loek\Downloads\932DJCollector7_ISRA.rar
2014-06-07 02:20 - 2013-03-18 11:51 - 00000000 ___RD () C:\Users\Loek\Dropbox
2014-06-07 02:11 - 2014-06-07 01:26 - 161931142 _____ () C:\Users\Loek\Downloads\Lights32.rar
2014-06-07 01:46 - 2014-06-07 01:46 - 00021342 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.alive.1970.eac.flac.torrent
2014-06-07 01:46 - 2014-06-07 01:46 - 00019731 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.visions.1971.eac.flac.torrent
2014-06-07 01:46 - 2014-06-07 01:46 - 00017112 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.the.latin.bit.1962.eac.flac.torrent
2014-06-07 01:46 - 2014-06-07 01:46 - 00016608 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.idle.moments.1963.eac.flac.torrent
2014-06-07 01:46 - 2014-06-07 01:46 - 00014161 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.first.session.2001.eac.flac.torrent
2014-06-07 01:46 - 2014-06-07 01:46 - 00014139 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.green.street.1961.eac.flac.torrent
2014-06-07 01:45 - 2014-06-07 01:45 - 00018700 _____ () C:\Users\Loek\Downloads\[kickass.to]va.zen.and.relaxation.music.torrent
2014-06-07 01:44 - 2014-06-07 01:44 - 00009666 _____ () C:\Users\Loek\Downloads\[kickass.to]anthony.b.seven.seals.cd.flac.1999.yard.torrent
2014-06-07 01:44 - 2014-06-07 01:44 - 00008456 _____ () C:\Users\Loek\Downloads\[kickass.to]td.rankin.sugar.daddy.cd.flac.2013.yard.torrent
2014-06-07 01:44 - 2014-06-07 01:44 - 00007443 _____ () C:\Users\Loek\Downloads\[kickass.to]mikey.dread.african.anthem.revisited.cd.flac.1991.yard.torrent
2014-06-07 01:43 - 2014-06-07 01:43 - 00043431 _____ () C:\Users\Loek\Downloads\[kickass.to]duane.allman.an.anthology.1972.torrent
2014-06-07 01:43 - 2014-06-07 01:43 - 00006874 _____ () C:\Users\Loek\Downloads\[kickass.to]va.yabby.you.and.the.prophets.deeper.roots.part.2.cd.flac.2014.yard.torrent
2014-06-07 01:42 - 2014-06-07 01:42 - 00018521 _____ () C:\Users\Loek\Downloads\[kickass.to]enigma.2013.classic.album.selection.5.cd.box.320.vodka.torrent
2014-06-07 01:39 - 2014-06-07 01:39 - 00011983 _____ () C:\Users\Loek\Downloads\[kickass.to]charles.eddie.duophonic.cd.torrent
2014-06-07 01:37 - 2014-06-07 01:36 - 110484860 _____ () C:\Users\Loek\Downloads\60X9zPvZOgpEPXQaK9F87i-v-56QH6OnmXKth7Dfjac.rar
2014-06-07 01:35 - 2014-06-07 01:35 - 170596021 _____ () C:\Users\Loek\Downloads\54OLIgVt7ECaLo4ZeMs-oTaCSLKDgCcUh5MuGG3iGwo.rar
2014-06-06 10:25 - 2014-06-06 08:44 - 186026957 _____ () C:\Users\Loek\Downloads\APrys@ck(968)FL.rar
2014-06-06 09:39 - 2014-06-06 08:46 - 189173870 _____ () C:\Users\Loek\Downloads\Arthur Prysock (1977).rar
2014-06-06 09:38 - 2014-06-06 06:43 - 531939817 _____ () C:\Users\Loek\Downloads\rmmos.rar
2014-06-06 09:17 - 2014-06-06 09:17 - 00000000 ____D () C:\Users\Loek\Documents\AAAA - Burgerkracht
2014-06-06 08:52 - 2014-06-06 08:52 - 00017065 _____ () C:\Users\Loek\Downloads\[kickass.to]arthur.prysock.4.albums.from.vinyls.torrent
2014-06-06 08:52 - 2014-06-06 08:51 - 00020222 _____ () C:\Users\Loek\Downloads\[kickass.to]dr.octagon.dr.octagonecologyst.1996.v0.torrent
2014-06-06 08:10 - 2014-06-06 06:52 - 280694645 _____ () C:\Users\Loek\Downloads\Arthur Prysock (1995).rar
2014-06-06 07:27 - 2014-06-06 06:49 - 118114894 _____ () C:\Users\Loek\Downloads\3575VAAA.14.rar
2014-06-06 06:45 - 2014-06-06 06:45 - 00342256 _____ (BrilliantInstaller) C:\Users\Loek\Downloads\dwmp.rar.exe
2014-06-06 02:41 - 2014-06-06 00:09 - 467113284 _____ () C:\Users\Loek\Downloads\920DJCollector2_ISRA.rar
2014-06-06 02:35 - 2014-06-06 00:08 - 449397699 _____ () C:\Users\Loek\Downloads\921DJCollector3_ISRA.rar
2014-06-06 01:29 - 2014-06-06 00:41 - 170551888 _____ () C:\Users\Loek\Downloads\Peabo Bryson (2006).rar
2014-06-06 00:44 - 2014-06-06 00:43 - 83518007 _____ () C:\Users\Loek\Downloads\D.O.7. Shirati Jazz - Rose Atieno.rar
2014-06-06 00:43 - 2014-06-06 00:42 - 88188782 _____ () C:\Users\Loek\Downloads\fP9jPI5F54llZYDXjfY-HwGwENhfwwrtlf3-gp4pT1I.rar
2014-06-06 00:39 - 2014-06-06 00:39 - 00014191 _____ () C:\Users\Loek\Downloads\[kickass.to]soul.ecstasy.vol.1.just.a.kiss.away.torrent
2014-06-06 00:39 - 2014-06-06 00:39 - 00013863 _____ () C:\Users\Loek\Downloads\[kickass.to]soul.ecstasy.vol.2.good.things.don.t.last.forever.torrent
2014-06-06 00:35 - 2014-06-06 00:35 - 00028053 _____ () C:\Users\Loek\Downloads\[kickass.to]willie.nelson.to.all.the.girls.2013.eac.flac.torrent
2014-06-06 00:35 - 2014-06-06 00:35 - 00022184 _____ () C:\Users\Loek\Downloads\[kickass.to]the.band.collection.1968.77.7cd.japanese.shm.box.2013.mp3.320kbps.beolab1700.torrent
2014-06-06 00:32 - 2014-06-06 00:32 - 00020158 _____ () C:\Users\Loek\Downloads\[kickass.to]american.top.40.1987.may.30th.torrent
2014-06-06 00:32 - 2014-06-06 00:32 - 00014031 _____ () C:\Users\Loek\Downloads\[kickass.to]jaco.pastorius.big.band.twins.i.1982.eac.flac.torrent
2014-06-06 00:29 - 2014-06-06 00:29 - 00026433 _____ () C:\Users\Loek\Downloads\[kickass.to]kelly.price.discography.1998.2011.mp3.320.torrent
2014-06-06 00:29 - 2014-06-06 00:29 - 00020175 _____ () C:\Users\Loek\Downloads\[kickass.to]american.top.40.1979.june.2nd.torrent
2014-06-06 00:28 - 2014-06-06 00:28 - 00012727 _____ () C:\Users\Loek\Downloads\[kickass.to]barrington.levy.original.ragga.muffin.2002.jahlifelabel.torrent
2014-06-06 00:26 - 2014-06-06 00:26 - 00053541 _____ () C:\Users\Loek\Downloads\[kickass.to]island.reggae.torrent
2014-06-06 00:26 - 2014-06-06 00:26 - 00013763 _____ () C:\Users\Loek\Downloads\[kickass.to]joan.osborne.love.and.hate.2014.torrent
2014-06-06 00:25 - 2014-06-06 00:25 - 00021252 _____ () C:\Users\Loek\Downloads\[kickass.to]extended.80.s.torrent
2014-06-06 00:24 - 2014-06-06 00:24 - 00030121 _____ () C:\Users\Loek\Downloads\[kickass.to]ned.doheny.separate.oceans.2014.torrent
2014-06-06 00:24 - 2014-06-06 00:24 - 00013293 _____ () C:\Users\Loek\Downloads\[kickass.to]pete.seeger.and.brother.kirk.visit.sesame.street.torrent
2014-06-06 00:23 - 2014-06-06 00:23 - 00015477 _____ () C:\Users\Loek\Downloads\[kickass.to]soul.ecstasy.vol.4.after.a.night.like.this.torrent
2014-06-06 00:23 - 2014-06-06 00:23 - 00013476 _____ () C:\Users\Loek\Downloads\[kickass.to]soul.ecstasy.vol.5.the.show.ain.t.over.torrent
2014-06-06 00:22 - 2014-06-06 00:22 - 00020932 _____ () C:\Users\Loek\Downloads\[kickass.to]creedence.clearwater.revival.greatest.hits.2014.flac.torrent
2014-06-06 00:22 - 2014-06-06 00:22 - 00017711 _____ () C:\Users\Loek\Downloads\[kickass.to]t.connection.t.connection.album.1979.mp3.192.kbps.uj.rip.torrent
2014-06-06 00:21 - 2014-06-06 00:21 - 00016108 _____ () C:\Users\Loek\Downloads\[kickass.to]va.miles.davis.tribute.to.a.genius.2014.320.jamal.the.moroccan.torrent
2014-06-06 00:20 - 2014-06-06 00:20 - 00018743 _____ () C:\Users\Loek\Downloads\[kickass.to]meshell.ndegeocello.comet.come.to.me.2014.mp3.320.torrent
2014-06-06 00:20 - 2014-06-06 00:20 - 00012928 _____ () C:\Users\Loek\Downloads\[kickass.to]jaco.pastorius.big.band.twins.ii.1982.2013.remaster.mp3.320.1337x.kawli.torrent
2014-06-06 00:19 - 2014-06-06 00:19 - 00028157 _____ () C:\Users\Loek\Downloads\[kickass.to]kelly.price.sing.pray.love.vol.1.sing.album.axiytuns.torrent
2014-06-06 00:18 - 2014-06-06 00:18 - 00021647 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.ballads.1962.eac.flac.torrent
2014-06-06 00:18 - 2014-06-06 00:18 - 00020124 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.grant.s.first.stand.1961.eac.ape.torrent
2014-06-06 00:18 - 2014-06-06 00:18 - 00011675 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.am.i.blue.1963.eac.flac.torrent
2014-06-06 00:18 - 2014-06-06 00:18 - 00011675 _____ () C:\Users\Loek\Downloads\[kickass.to]grant.green.am.i.blue.1963.eac.flac (1).torrent
2014-06-06 00:17 - 2014-06-06 00:17 - 00086348 _____ () C:\Users\Loek\Downloads\[kickass.to]donna.summer.anthology.1993.torrent
2014-06-06 00:17 - 2014-06-06 00:17 - 00030213 _____ () C:\Users\Loek\Downloads\[kickass.to]the.three.degrees.torrent
2014-06-05 23:00 - 2014-06-05 23:00 - 00001304 _____ () C:\Users\Loek\Desktop\Notepad.lnk
2014-06-05 10:29 - 2014-06-05 10:29 - 00002279 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-05 10:29 - 2012-11-06 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-05 10:28 - 2014-06-05 10:28 - 00000000 __SHD () C:\Users\Loek\AppData\Local\EmieUserList
2014-06-05 10:28 - 2014-06-05 10:28 - 00000000 __SHD () C:\Users\Loek\AppData\Local\EmieSiteList
2014-06-05 10:26 - 2013-11-13 12:31 - 00000000 ___RD () C:\Users\Loek\Google Drive
2014-06-05 10:22 - 2013-09-27 22:34 - 00000000 ____D () C:\Users\Loek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-05 10:02 - 2014-06-05 10:01 - 00000000 ____D () C:\Users\Loek\Documents\CHROME Bladwijzers
2014-06-05 09:59 - 2014-06-05 09:59 - 00001887 _____ () C:\Users\Loek\Desktop\ZHPFixReport.txt
2014-06-05 09:59 - 2014-06-05 00:27 - 00000000 ____D () C:\Users\Loek\AppData\Roaming\ZHP
2014-06-05 09:48 - 2014-06-05 00:27 - 00001991 _____ () C:\Users\Loek\Desktop\ZHPFix.lnk
2014-06-05 09:48 - 2014-06-05 00:27 - 00001864 _____ () C:\Users\Loek\Desktop\ZHPDiag.lnk
2014-06-05 09:48 - 2014-06-05 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-06-05 09:48 - 2014-06-05 00:27 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-06-05 09:47 - 2014-06-05 09:47 - 00003128 _____ () C:\Windows\System32\Tasks\{6E7432BC-3BDA-4BD0-8F98-8CB99237A060}
2014-06-05 09:44 - 2014-06-05 09:43 - 06823503 _____ (Nicolas Coolman ) C:\Users\Loek\Downloads\ZHPDiag2 (2).exe
2014-06-05 07:56 - 2014-06-05 07:56 - 00000000 ____D () C:\ProgramData\Trymedia
2014-06-05 00:42 - 2014-06-05 00:42 - 00037599 _____ () C:\Users\Loek\Desktop\14.06.05 ZHPDiag.txt
2014-06-05 00:34 - 2014-06-05 00:34 - 00037599 _____ () C:\Users\Loek\Desktop\ZHPDiag.txt
2014-06-05 00:33 - 2014-06-05 00:33 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-06-05 00:26 - 2014-06-05 00:26 - 06823503 _____ (Nicolas Coolman ) C:\Users\Loek\Downloads\ZHPDiag2 (1).exe
2014-06-05 00:19 - 2014-06-05 00:19 - 06823503 _____ (Nicolas Coolman ) C:\Users\Loek\Downloads\ZHPDiag2.exe
2014-06-04 17:13 - 2012-10-24 21:34 - 00000000 ____D () C:\Users\Loek\AppData\Roaming\vlc
2014-06-04 15:48 - 2014-06-04 15:48 - 00005393 _____ () C:\Users\Loek\Desktop\14.06.04 AdwCleaner[S0].txt
2014-06-04 15:47 - 2014-06-04 15:42 - 00000000 ____D () C:\AdwCleaner
2014-06-04 15:41 - 2014-06-04 15:41 - 01327971 _____ () C:\Users\Loek\Downloads\adwcleaner_3.211 (1).exe
2014-06-04 15:40 - 2014-06-04 15:40 - 01327971 _____ () C:\Users\Loek\Downloads\adwcleaner_3.211.exe
2014-06-04 15:39 - 2013-01-30 18:12 - 01699322 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-04 15:39 - 2012-10-24 07:51 - 00748742 _____ () C:\Windows\system32\perfh013.dat
2014-06-04 15:39 - 2012-10-24 07:51 - 00154784 _____ () C:\Windows\system32\perfc013.dat
2014-06-04 15:30 - 2014-06-04 15:30 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 15:28 - 2014-06-04 15:28 - 01016261 _____ (Thisisu) C:\Users\Loek\Downloads\JRT.exe
2014-06-04 15:26 - 2014-06-04 14:25 - 00001624 _____ () C:\Users\Loek\Desktop\mbam-setup-2.0.0.1000.exe
2014-06-04 15:16 - 2014-06-04 15:16 - 00001615 _____ () C:\14.06.04 mwb.txt
2014-06-04 15:16 - 2014-06-04 15:16 - 00000525 _____ () C:\Users\Loek\Desktop\14.06.04 mwb.lnk
2014-06-04 14:34 - 2014-06-04 14:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 14:33 - 2014-06-04 14:30 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 14:33 - 2014-06-04 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 14:29 - 2014-02-20 15:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 14:23 - 2013-12-12 10:18 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-04 14:07 - 2013-09-22 17:58 - 00000000 ____D () C:\Users\Loek\AppData\Roaming\VDownloader
2014-06-04 14:06 - 2013-09-22 17:58 - 00000000 ____D () C:\Program Files\VDownloader
2014-06-04 10:08 - 2014-05-05 22:05 - 00000000 ____D () C:\Users\Loek\Documents\Participatie Samenleving
2014-06-03 12:51 - 2013-12-12 10:18 - 00000000 ____D () C:\ProgramData\IObit
2014-06-03 12:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-03 11:44 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-03 11:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-03 10:37 - 2014-06-03 06:43 - 425730163 _____ () C:\Users\Loek\Downloads\Hank_Ballard-Midnighters-NothingButGood.israbox.part2.rar
2014-06-03 09:53 - 2014-06-03 09:07 - 142459354 _____ () C:\Users\Loek\Downloads\dmlol.rar
2014-06-03 09:50 - 2014-06-03 09:26 - 146208687 _____ () C:\Users\Loek\Downloads\VA - Studio One Showcase Volume 1.rar
2014-06-03 09:50 - 2014-06-03 09:25 - 164861925 _____ () C:\Users\Loek\Downloads\Cult Cargo - Salsa Boricua De Chicago (2011).rar
2014-06-03 09:48 - 2014-06-03 09:26 - 125099571 _____ () C:\Users\Loek\Downloads\VA - Solid Gold, Coxsone Style.rar
2014-06-03 09:47 - 2014-06-03 09:26 - 113944483 _____ () C:\Users\Loek\Downloads\VA - Rare Reggae Grooves From Studio One.rar
2014-06-03 09:46 - 2014-06-03 09:25 - 107605908 _____ () C:\Users\Loek\Downloads\Soul Defenders at Studio One.rar
2014-06-03 09:43 - 2014-06-03 09:25 - 90327698 _____ () C:\Users\Loek\Downloads\Brenda & The Tabulations - Dry Your Eyes (1967 Reissue 1997).rar
2014-06-03 09:42 - 2014-06-03 09:25 - 83185072 _____ () C:\Users\Loek\Downloads\Ultimate Northern Soul - 22 Classic & Rare Floorshakers!.rar
2014-06-03 09:21 - 2013-12-16 10:18 - 00000000 ____D () C:\Users\Loek\Documents\AAAA BAR ART
2014-06-02 23:09 - 2014-06-02 23:09 - 00022102 _____ () C:\Users\Loek\Downloads\[kickass.to]isaac.hayes.millie.jackson.royal.rappin.s.1979.eac.flac.torrent
2014-06-02 23:09 - 2014-06-02 23:09 - 00016619 _____ () C:\Users\Loek\Downloads\[kickass.to]isaac.hayes.isaac.hayes.at.wattstax.2003.eac.flac.torrent
2014-06-02 23:09 - 2014-06-02 23:09 - 00012859 _____ () C:\Users\Loek\Downloads\[kickass.to]isaac.hayes.greatest.hit.singles.1982.eac.flac.torrent
2014-06-02 23:08 - 2014-06-02 23:08 - 00021898 _____ () C:\Users\Loek\Downloads\[kickass.to]isaac.hayes.ultimate.isaac.hayes.can.you.dig.it.cd1.2005.eac.flac.torrent
2014-06-02 23:08 - 2014-06-02 23:08 - 00020503 _____ () C:\Users\Loek\Downloads\[kickass.to]isaac.hayes.ultimate.isaac.hayes.can.you.dig.it.cd2.2005.eac.flac.torrent
2014-06-01 10:25 - 2014-06-01 10:25 - 00042725 _____ () C:\Users\Loek\Downloads\[kickass.to]the.chemical.brothers.complete.studio.discography.1995.2011.torrent
2014-06-01 10:18 - 2014-06-01 10:09 - 00000000 ____D () C:\Users\Loek\Documents\Music Knowlegde
2014-05-31 23:39 - 2014-05-31 23:39 - 00021219 _____ () C:\Users\Loek\Downloads\[kickass.to]milton.nascimento.torrent
2014-05-31 10:34 - 2013-12-12 12:09 - 00000000 ____D () C:\Users\Loek\Documents\Music Collector
2014-05-30 00:04 - 2014-05-30 00:04 - 00019717 _____ () C:\Users\Loek\Downloads\[kickass.to]jerry.reed.the.essential.jerry.reed.torrent
2014-05-28 12:23 - 2013-11-13 12:33 - 00000000 ____D () C:\Users\Loek\Documents\De Regels van Cronkite
2014-05-28 06:56 - 2014-05-15 03:32 - 00000000 ____D () C:\Users\Loek\AppData\Roaming\DropboxMaster
2014-05-28 06:56 - 2013-03-18 11:48 - 00000000 ____D () C:\Users\Loek\AppData\Roaming\Dropbox
2014-05-28 06:56 - 2012-10-23 22:00 - 00000000 ___RD () C:\Users\Loek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 06:55 - 2013-03-18 11:49 - 00000000 ____D () C:\Users\Loek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 16:04 - 2013-11-13 12:33 - 00000000 ____D () C:\Users\Loek\Documents\AAAAAA - STIP - Krachtspoor
2014-05-23 01:03 - 2014-05-23 01:03 - 00014976 _____ () C:\Users\Loek\Downloads\[kickass.to]queen.bey.arthur.blythe.live.1997.vol.2.jazzmp3.320h33tschon55.torrent
2014-05-21 10:28 - 2014-05-21 09:49 - 00000000 ____D () C:\Users\Loek\Documents\AAAAA Subsidiemogelijkheden
2014-05-21 08:59 - 2013-09-25 23:43 - 00000000 ____D () C:\Users\Loek\AppData\Roaming\ConverterLite
2014-05-19 00:13 - 2014-05-19 00:13 - 00000000 ____D () C:\MUZIEK 2013
2014-05-16 08:40 - 2012-11-05 23:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 03:28 - 2012-10-23 22:00 - 00000000 ___RD () C:\Users\Loek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 03:23 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 03:06 - 2012-10-24 20:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 03:05 - 2013-08-14 13:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:02 - 2012-10-23 22:42 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 14:26 - 2012-10-24 21:31 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 14:25 - 2012-10-24 21:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 14:25 - 2012-10-24 21:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 07:26 - 2014-06-04 14:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 14:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-04 14:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 08:35 - 2014-04-30 23:58 - 00000000 ____D () C:\Users\Loek\Documents\A Thomas Piketty - Capital in the Twenty-First Century [2014]
2014-05-09 15:19 - 2013-11-13 12:33 - 00000000 ____D () C:\Users\Loek\Documents\B&G YOUTH MATTERS
2014-05-09 08:14 - 2014-05-14 22:05 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 01:41

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Loek at 2014-06-07 17:45:32
Running from C:\Users\Loek\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Torrent (HKCU\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version: - Belastingdienst)
Aangifte inkomstenbelasting voor ondernemers 2012 (HKLM-x32\...\Aangifte inkomstenbelasting voor ondernemers 2012) (Version: - Belastingdienst)
Able Duplicate Finder 2.1 (HKLM-x32\...\Able Duplicate Finder_is1) (Version: - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
Basissoftware voor HP Deskjet 3050 J610 series (HKLM\...\{3270086B-37FF-47AF-8A00-D3EE90813378}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-afdrukservices (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Book Collector (HKLM-x32\...\{FD0F8123-9035-44B0-B331-2596979E74ED}_is1) (Version: - Collectorz.com)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
ComicRack v0.9.160 (HKLM\...\ComicRack) (Version: v0.9.160 - cYo Soft)
ConverterLite 1.6.4.0 (HKLM-x32\...\ConverterLite) (Version: 1.6.4.0 - ConverterLite)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP Deskjet 3050 J610 series Haelp (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basissoftware van het apparaat (HKLM\...\{A2518197-0768-4AF0-BFE5-C2965A812F9A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{7788947C-D122-4E93-9F7D-52624FD8C10D}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Productverbeteringsonderzoek (HKLM\...\{1722618C-AACF-4EB3-915F-EA23E42DCE2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Keyboard Driver (HKLM-x32\...\InstallShield_{DFCDD1CE-6D49-49B8-BFB7-93391D22776B}) (Version: 5.1 - Driver Builder)
Keyboard Driver (x32 Version: 5.1 - Driver Builder) Hidden
Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Dutch) 2007 (x32 Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (Dutch) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Music Collector (HKLM-x32\...\{8CDFF5D2-89BF-4391-9D20-7D95C88DC98C}_is1) (Version: - Collectorz.com)
SoundWire Server version 1.7.3 (HKLM-x32\...\{E15658BC-7742-4397-999F-98B1BD11B784}_is1) (Version: 1.7.3 - GeorgieLabs)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0413-0000-0000000FF1CE}_STANDARD_{F8564AF8-30AE-4427-ACF3-69714E1BB656}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version: - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_STANDARD_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version: - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_STANDARD_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version: - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_STANDARD_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version: - Microsoft)
VDownloader 3.9.1614 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
Verbatim GREEN BUTTON 1.61 (HKLM-x32\...\Verbatim GREEN BUTTON_is1) (Version: - Verbatim)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
XnView 2.05 (HKLM-x32\...\XnView_is1) (Version: 2.05 - Gougelet Pierre-e)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points =========================

03-06-2014 21:44:09 24-05-2014
03-06-2014 21:45:36 15-05-2014
03-06-2014 21:50:30 15-5-2014
04-06-2014 12:18:12 IObit Uninstaller restore point
05-06-2014 08:21:00 IObit Uninstaller restore point
06-06-2014 12:33:34 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-07 08:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0C32AB85-28CE-4A81-BC58-E0075B5B27DC} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-21] (IObit)
Task: {410C945F-E169-40F8-BCA9-A55DE5D48750} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {61E13957-4F93-41DA-8671-A85F9C0EB4BC} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {6D3882ED-57DC-424B-B77D-96EE8D59B9AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06] (Google Inc.)
Task: {ADB7BECC-C5B8-4A1C-BFE0-4F430E7C28A2} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {BB618A81-7B7E-4A8C-8E9B-7EFFAA9D521E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DE7A0D14-7300-45C4-BBCF-DAC9E18A8988} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06] (Google Inc.)
Task: {E1315A21-6E0F-4461-8A5D-E1B81C7BD88C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {EAE5D822-4DF4-43EF-963E-BB3862F475ED} - \Express FilesUpdate No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2014 01:51:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14180

Error: (06/07/2014 01:51:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14180

Error: (06/07/2014 01:51:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/07/2014 01:51:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13182

Error: (06/07/2014 01:51:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13182

Error: (06/07/2014 01:51:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/07/2014 01:51:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12184

Error: (06/07/2014 01:51:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12184

Error: (06/07/2014 01:51:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/07/2014 01:51:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11185


System errors:
=============
Error: (06/07/2014 05:31:21 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/07/2014 05:30:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/07/2014 08:09:54 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/07/2014 08:09:54 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/07/2014 08:07:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.

Error: (06/07/2014 08:07:16 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.

Error: (06/07/2014 08:00:57 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.

Error: (06/07/2014 07:57:06 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.

Error: (06/07/2014 07:49:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De 4c3b406c51f6d85.exe-service is onverwacht beindigd. Dit is nu 1 keer gebeurd.

Error: (06/06/2014 06:40:54 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-06-07 08:00:57.319
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume1\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand genstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2014-06-07 08:00:57.272
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume1\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand genstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2013-02-14 15:47:10.149
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand genstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2013-02-14 15:47:10.126
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand genstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2013-02-14 15:47:07.942
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand genstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2013-02-14 15:47:07.919
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand genstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2013-02-14 15:47:05.736
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand genstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2013-02-14 15:47:05.712
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand genstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2013-02-14 15:47:03.443
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand genstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2013-02-14 15:47:03.417
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand genstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 4094.18 MB
Available physical RAM: 3077.84 MB
Total Pagefile: 8186.53 MB
Available Pagefile: 6931.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:112.31 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:465.76 GB) (Free:204.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:1397.26 GB) (Free:92.18 GB) NTFS
Drive i: () (Fixed) (Total:1863.01 GB) (Free:97.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B8C65133)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F7F614C8)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 00028D02)
Partition 1: (Not Active) - (Size=-698724909056) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000575BA)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Abraham54]

Waarschuwing: onderstaande bewerking is enkel voor deze computer bedoeld, het toepassen hiervan in een andere computer kan tot schade in Windows leiden.


We gaan

Farbar Recovery Scan Tool (FRST.exe) opnieuw gebruiken.

Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programmas\Bureau-accessoires\Kladblok (of Notepad)".

Kopieer en plak de volgende (blauwe tekst in het code-venster) in het lege kladblokvenster.

[B][color=#0000FF]ProxyServer: http=127.0.0.1:24990
Task: {61E13957-4F93-41DA-8671-A85F9C0EB4BC} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {EAE5D822-4DF4-43EF-963E-BB3862F475ED} - \Express FilesUpdate No Task File <==== ATTENTION[/COLOR][/B]

Sla nu dit kladblokbestand op in de map waar ook FRST.exe aanwezig is op als fixlist.txt

Farbar Recovery Scan Tool (FRST.exe) met de fixlist.txt gebruiken

• Dubbelklik op FRST.exe om de tool te starten.
• Als het programma is geopend klik Yes (Ja) bij de disclaimer.
• Druk op de Fix knop.
• Na de fix wordt een logbestand gemaakt (Fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
• Kopieer nu de inhoud van het zojuist gemaakte log en plak dit in uw nieuwe antwoord erbij.

 

[ADE]

Beste Abraham54

Hierbij het volgende logbestand

Met groet

ADE

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014
Ran by Loek at 2014-06-07 20:36:46 Run:2
Running from C:\Users\Loek\Desktop\Nieuwe map
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyServer: http=127.0.0.1:24990
Task: {61E13957-4F93-41DA-8671-A85F9C0EB4BC} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {EAE5D822-4DF4-43EF-963E-BB3862F475ED} - \Express FilesUpdate No Task File <==== ATTENTION
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61E13957-4F93-41DA-8671-A85F9C0EB4BC}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAE5D822-4DF4-43EF-963E-BB3862F475ED}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate'=> Key not found.

==== End of Fixlog ====

 

[Abraham54]

Hoe gaat nu, wil ik eerst weten.

 

[ADE]

Beste Abraham54

Zoals ik het nu zie, ik heb geen pop-ups meer. De pc gaat nu ook weer sneller.

Je probleemoplossingen en vooral je uitleg (stap voor stap) zijn voor een 'leek' zeer welkom. Soms is het even goed doorlezen alvorens te beginnen, maar het lukt, met enige hapering, allemaal tot nu toe.

Hiervoor mijn dank.

ADE

 

[Abraham54]

Dank voor de complimenten.
Fijn dat de pupups verlden tijd zijn, doe nu het volgende: download

Security Check
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
SecurityCheck.exe opstarten:

• Windows 2000 en Windows XP: dubbelklik op SecurityCheck.exe.
• Windows Vista, Windows 7 en Windows 8 rechtsklik op SecurityCheck.exe en kies "Als Administrator uitvoeren".
• Let op de instrukties in het zwarte venster.
• Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
• Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.

Post de inhoud van checkup.txt in jouw volgende post

Alernatieve downloadlink: http://www.bleepingcomputer.com/download/securitycheck/

 

[ADE]

Hallo Abraham54

Hierbij de security check logboek

Met groet

ADE

Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Adobe Reader XI
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Abraham54]

Dat ziet er goed uit.
Heb jij Java echt nodig?

Java
Download eerst Java SE Runtime Environment 7 Update 60 Windows Offline (64-bits) groot 29,5 MB

Echter nog niet de nieuwe versie installeren!

U gaat daarna eerst naar Configuratiescherm

• Software - Windows 2000/Windows XP
• Programma's en onderdelen - Windows Vista, Windows 7 en Windows 8

en u verwijdert daar alle voorkomende Java onderdelen.

Belangrijk: start nu eerst uw PC of notebook opnieuw op, zodat de oude Java instellingen verwijderd worden.
Nadat uw computer opnieuw is opgestart, mag u de nieuwste Java versie installeren.


Alleen de keuze voor de antivirus in jouw Windows is zonder meer slecht.
MSE heeft een virusherkenning van net 90% en dat is volkomen ondermaats.

Top antivirusprogramma volledig gratis