Vraag & Antwoord

Beveiliging & privacy

N.a.v Winsysclean installatie

34 antwoorden
  • Graag een controle van deze Laptop n.a.v deze link http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=219204&start=0&postdays=0&postorder=asc&highlight= ff na beneden scrollen en zie ( ks ) Klachten Geregeld Extra reclame (blokken/vensters)op de site’s. Gebruik haast altijd Aurora of Firefox nieuwste versies. Heb als add-ons geinstalleerd adblolckplus / adblock plus pop-up er opstaan. En duurt volgens mij lang dat hij afsluit. Besturing Windows 7 Home Prenium 64 bits Beveiliging Bitfender Security 2013 Mbam Pro SuperAntiVirus Heb 2 scans gedaan ( zie hier onder ) Combofix wil niet ( blijft steeds steken op voltooid Deel 3 ) en verder komt hij niet. Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Databaseversie: v2013.01.02.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16439 Gebruiker :: ACER [administrator] Bescherming: Ingeschakeld 2-1-2013 17:47:21 mbam-log-2013-01-02 (17-47-21).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 210517 Verstreken tijd: 5 minuut/minuten, 32 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) # AdwCleaner v2.104 - Verslag gemaakt op 02/01/2013 om 17:42:15 # Geactualiseerd op 29/12/2012 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruiker : Gebruiker - ACER # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Gebruiker\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : C:\Program Files (x86)\Mozilla firefox\searchplugins\v9.xml Map Verwijdert : C:\ProgramData\Partner ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} ***** [Browsers] ***** -\\ Internet Explorer v10.0.9200.16438 Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.v9.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=WDCXWD3200BPVT-22ZEST0_WD-WXA1A703168531685&ts=1356353714 --> hxxp://www.google.com Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.v9.com/newtab?utm_source=b&utm_medium=mlv&from=mlv&uid=WDCXWD3200BPVT-22ZEST0_WD-WXA1A703168531685&ts=1356353712 --> hxxp://www.google.com Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.v9.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=WDCXWD3200BPVT-22ZEST0_WD-WXA1A703168531685&ts=1356353714 --> hxxp://www.google.com Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.v9.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=WDCXWD3200BPVT-22ZEST0_WD-WXA1A703168531685&ts=1356353714 --> hxxp://www.google.com -\\ Mozilla Firefox v17.0.1 (nl) File : C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ma7hckcq.default\prefs.js Verwijdert : user_pref("browser.search.defaultenginename", "v9"); Verwijdert : user_pref("browser.search.order.1", "v9"); -\\ Opera v [Onmogelijk de versie te verkrijgen] File : C:\Users\Gebruiker\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[S1].txt - [1859 octets] - [22/07/2012 09:35:59] AdwCleaner[S2].txt - [1447 octets] - [30/12/2012 20:35:21] AdwCleaner[S3].txt - [2374 octets] - [02/01/2013 17:42:15] ########## EOF - C:\AdwCleaner[S3].txt - [2434 octets] ##########
  • Doe onderstaande: [b:54832e6a2f]Welk programma[/b:54832e6a2f]: [color=#008000:54832e6a2f][b:54832e6a2f]OTL.exe[/b:54832e6a2f][/color:54832e6a2f] [b:54832e6a2f]Waarvoor/waarom[/b:54832e6a2f]: multifunktioneel tool - analyse en fix [b:54832e6a2f]Moeilijkheidsgraad[/b:54832e6a2f]: geen. [b:54832e6a2f]Download[/b:54832e6a2f]: [url=http://oldtimer.geekstogo.com/OTL.exe][b:54832e6a2f][color=red:54832e6a2f]OTL.exe[/color:54832e6a2f][/b:54832e6a2f][/url] en plaats het bestand op het bureaublad. [b:54832e6a2f]Sluit voordat [color=#008000:54832e6a2f]OTL.exe[/color:54832e6a2f] gaat scannen, eerst alle andere openstaande vensters![/b:54832e6a2f] [b:54832e6a2f][color=#008000:54832e6a2f]OTL.exe[/color:54832e6a2f] gebruiken[/b:54832e6a2f]: [list:54832e6a2f][*:54832e6a2f] [b:54832e6a2f][color=#FF0000:54832e6a2f]Sluit nu eerst alle nog openstaande programmavensters![/color:54832e6a2f][/b:54832e6a2f] [list:54832e6a2f][*:54832e6a2f][b:54832e6a2f][color=#0000FF:54832e6a2f]Windows 2000[/color:54832e6a2f][/b:54832e6a2f] en [color=#0000FF:54832e6a2f][b:54832e6a2f]Windows XP[/b:54832e6a2f][/color:54832e6a2f]: dubbelklik op [color=#008000:54832e6a2f][b:54832e6a2f]OTL.exe[/b:54832e6a2f][/color:54832e6a2f]. [*:54832e6a2f][color=#0000FF:54832e6a2f][b:54832e6a2f]Windows Vista[/b:54832e6a2f][/color:54832e6a2f], [color=#0000FF:54832e6a2f][b:54832e6a2f]Windows 7[/b:54832e6a2f][/color:54832e6a2f] en [color=#0000FF:54832e6a2f][b:54832e6a2f]Windows 8[/b:54832e6a2f][/color:54832e6a2f]: via rechtsklik op [color=#008000:54832e6a2f][b:54832e6a2f]OTL.exe[/b:54832e6a2f][/color:54832e6a2f] en kies voor "Als Administrator uitvoeren".[/list:u:54832e6a2f][/list:u:54832e6a2f] [list:54832e6a2f][*:54832e6a2f]Zet een vinkje bij [color=#0000FF:54832e6a2f][b:54832e6a2f]Scan All Users[/b:54832e6a2f][/color:54832e6a2f], [color=#0000FF:54832e6a2f][b:54832e6a2f]LOP Check[/b:54832e6a2f][/color:54832e6a2f] en bij [color=#0000FF:54832e6a2f][b:54832e6a2f]PURITY Check[/b:54832e6a2f][/color:54832e6a2f]. [*:54832e6a2f]Kopieer en plak ondervermelde (vetgedrukte, blauwe tekst) in het kader onder [img:54832e6a2f]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:54832e6a2f] [color=#0000FF:54832e6a2f][b:54832e6a2f]netsvcs BASESERVICES DRIVES netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.sys /90 %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT[/color:54832e6a2f][/b:54832e6a2f] [*:54832e6a2f]Klik vervolgens op de knop [img:54832e6a2f]http://www.imgdumper.nl/uploads6/50cd93c69c626/50cd93c69be5b-OTL_-_Run_Scan_knop.jpg[/img:54832e6a2f]. [*:54832e6a2f]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef. [*:54832e6a2f]De scan zal niet heel erg lang duren. [list:54832e6a2f][*:54832e6a2f]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:54832e6a2f]OTL.Txt[/b:54832e6a2f] en [b:54832e6a2f]Extras.txt[/b:54832e6a2f]. [*:54832e6a2f]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:54832e6a2f] [*:54832e6a2f][color=#008000:54832e6a2f][b:54832e6a2f]Notabene:[/b:54832e6a2f][/color:54832e6a2f] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:54832e6a2f]
  • Hoi Abraham bedankt voor de instructie, en nog de beste wensen. Hierbij de 1e log OTL logfile created on: 1/2/2013 8:22:40 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gebruiker\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16438) Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 2.93 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 67.26% Memory free 3.42 Gb Paging File | 2.01 Gb Available in Paging File | 58.78% Paging File free Paging file location(s): c:\pagefile.sys 500 4501 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284.99 Gb Total Space | 233.41 Gb Free Space | 81.90% Space Free | Partition Type: NTFS Computer Name: ACER | User Name: Gebruiker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:a0cf55e3fc]========== Processes (SafeList) ==========[/color:a0cf55e3fc] PRC - [2013/01/02 20:19:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010/06/28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010/06/22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010/04/13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [color=#E56717:a0cf55e3fc]========== Modules (No Company Name) ==========[/color:a0cf55e3fc] [color=#E56717:a0cf55e3fc]========== Services (SafeList) ==========[/color:a0cf55e3fc] SRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/10/18 18:17:09 | 000,065,344 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental) SRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/10/12 16:18:07 | 001,637,112 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV) SRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/10/05 10:10:57 | 000,068,416 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV) SRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/09/22 12:28:02 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2011/01/25 11:45:08 | 003,051,848 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2010/06/11 22:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/09/14 06:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/09/14 06:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/01/02 09:48:38 | 000,115,776 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/15 18:51:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/07/16 10:31:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/06/28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/06/22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010/04/13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) [color=#E56717:a0cf55e3fc]========== Driver Services (SafeList) ==========[/color:a0cf55e3fc] DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/10/10 14:00:50 | 000,587,024 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/10/10 14:00:48 | 000,705,552 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/09/21 18:16:44 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/08/29 17:24:10 | 000,145,696 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/07/06 15:21:55 | 000,093,160 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/07/02 14:21:40 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2011/11/14 20:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2010/11/26 18:02:20 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2010/07/09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2010/05/24 08:46:36 | 000,246,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2010/05/14 22:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2010/05/11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2010/04/20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2010/04/13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/12/10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/07/09 23:45:10 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717:a0cf55e3fc]========== Standard Registry (SafeList) ==========[/color:a0cf55e3fc] [color=#E56717:a0cf55e3fc]========== Internet Explorer ==========[/color:a0cf55e3fc] IE:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\..\SearchScopes,DefaultScope = IE:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weeronline.nl/Europa/Nederland/Smilde/4057322 IE - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlNL405NL405 IE - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717:a0cf55e3fc]========== FireFox ==========[/color:a0cf55e3fc] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.weeronline.nl/Europa/Nederland/Smilde/4057322" FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3 FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926 FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5 FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5 FF - prefs.js..extensions.enabledAddons: %7B14323AEE-F6B8-4DC8-BCE3-E62645830585%7D:1.0.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2012/11/10 23:00:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 19.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2013/01/02 09:48:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 19.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/02 20:12:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012/11/10 23:00:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Aurora 19.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2013/01/02 09:48:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Aurora 19.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins [2011/02/12 21:01:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Extensions [2011/01/14 21:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/12/24 13:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\ma7hckcq.default\extensions [2012/10/06 09:53:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\ma7hckcq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012/10/03 16:18:53 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\ma7hckcq.default\extensions\foxmarks@kei.com [2012/11/24 09:01:32 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\ma7hckcq.default\extensions\foxyproxy@eric.h.jung [2011/03/12 23:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\ma7hckcq.default\extensions\personas@christopher.beard [2011/02/12 20:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\xog5c217.default\extensions [2012/12/09 00:10:19 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\adblockpopups@jessehakanen.net.xpi [2012/10/07 18:34:20 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\lazarus@interclue.com.xpi [2011/03/12 19:59:44 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\personas@christopher.beard.xpi [2012/12/24 13:55:12 | 000,002,117 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi [2012/11/23 18:00:45 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/09/22 09:54:33 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2011/02/12 20:07:37 | 000,571,320 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\xog5c217.default\extensions\testpilot@labs.mozilla.com.xpi [2013/01/02 20:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/11/29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/29 09:56:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/11/29 09:56:45 | 000,002,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml [2012/11/29 09:56:45 | 000,004,771 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml [2012/11/29 09:56:45 | 000,001,262 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml O1 HOSTS File: ([2012/11/24 20:03:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - Reg Error: Value error. File not found O2:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1540792951-4210785799-4223076911-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Value error. File not found O9:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Value error. File not found O10:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CCBDE7B-E9A8-48C3-9CD1-C52075FD3A38}: NameServer = 192.168.0.1,8.8.8.8 O18:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - Protocol\Handler\ms-help - No CLSID value found O18:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - Protocol\Handler\wlmailhtml - No CLSID value found O20:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\..comfile [open] -- "%1" %* O35:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b:a0cf55e3fc]64bit:[/b:a0cf55e3fc] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: [b:a0cf55e3fc]Acer ePower Management[/b:a0cf55e3fc] - hkey= - key= - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) MsConfig:64bit - StartUpReg: [b:a0cf55e3fc]BackupManagerTray[/b:a0cf55e3fc] - hkey= - key= - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) MsConfig:64bit - StartUpReg: [b:a0cf55e3fc]msnmsgr[/b:a0cf55e3fc] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b:a0cf55e3fc]mwlDaemon[/b:a0cf55e3fc] - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: [b:a0cf55e3fc]Norton Online Backup[/b:a0cf55e3fc] - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: [b:a0cf55e3fc]SUPERAntiSpyware[/b:a0cf55e3fc] - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717:a0cf55e3fc]========== Files/Folders - Created Within 30 Days ==========[/color:a0cf55e3fc] [2013/01/02 20:19:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe [2013/01/02 20:11:12 | 019,770,720 | ---- | C] (Mozilla) -- C:\Users\Gebruiker\Desktop\Firefox Setup 17.0.1.exe [2013/01/02 17:30:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/01/02 17:05:27 | 000,000,000 | --SD | C] -- C:\ComboFix [2013/01/02 09:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora [2012/12/30 16:41:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE [2012/12/30 16:36:42 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2012/12/30 16:36:42 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2012/12/30 16:36:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/30 16:36:42 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/30 16:36:42 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012/12/30 16:36:42 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2012/12/30 16:36:42 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2012/12/30 16:36:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012/12/30 16:36:42 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012/12/30 16:36:42 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/30 16:36:42 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012/12/30 16:36:42 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012/12/30 16:36:42 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012/12/30 16:36:42 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012/12/30 16:36:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012/12/30 16:36:42 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012/12/30 16:36:42 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/30 16:36:42 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012/12/30 16:36:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012/12/30 16:36:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012/12/30 16:36:42 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012/12/30 16:36:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012/12/30 16:36:42 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012/12/30 16:36:41 | 003,966,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/30 16:36:41 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/30 16:36:41 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/30 16:36:41 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012/12/30 16:36:41 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012/12/30 16:36:41 | 000,905,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2012/12/30 16:36:41 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/30 16:36:41 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012/12/30 16:36:41 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012/12/30 16:36:41 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/30 16:36:41 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/30 16:36:41 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/30 16:36:41 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012/12/30 16:36:41 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012/12/30 16:36:41 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012/12/30 16:36:41 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/30 16:36:41 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/30 16:36:41 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012/12/30 16:36:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012/12/30 16:36:41 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/30 16:36:41 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012/12/30 16:36:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012/12/30 16:36:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012/12/30 16:36:41 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012/12/30 16:36:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012/12/30 16:36:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012/12/30 16:36:41 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012/12/30 16:36:41 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/30 16:36:41 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012/12/30 16:36:41 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012/12/30 16:36:41 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012/12/30 16:36:41 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012/12/30 16:36:41 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012/12/30 16:36:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012/12/30 16:36:41 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012/12/30 16:36:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012/12/30 16:36:41 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012/12/30 16:36:41 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012/12/30 16:36:41 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012/12/30 16:36:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012/12/30 16:36:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012/12/30 16:36:41 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012/12/30 16:36:41 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012/12/30 16:36:41 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012/12/30 16:36:41 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012/12/30 16:35:33 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012/12/30 16:35:33 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2012/12/30 16:35:33 | 002,434,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012/12/30 16:35:33 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2012/12/30 16:35:33 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2012/12/30 16:35:33 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2012/12/30 16:35:33 | 001,643,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/12/30 16:35:33 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2012/12/30 16:35:33 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2012/12/30 16:35:33 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2012/12/30 16:35:33 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2012/12/30 16:35:33 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/12/30 16:35:33 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2012/12/30 16:35:33 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2012/12/30 16:35:33 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2012/12/30 16:35:33 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2012/12/30 16:35:33 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2012/12/30 16:35:33 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012/12/30 16:35:33 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2012/12/30 16:35:33 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2012/12/30 16:35:33 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2012/12/30 16:35:33 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012/12/30 16:35:33 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2012/12/30 16:35:33 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2012/12/30 16:35:33 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2012/12/30 16:35:33 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2012/12/30 16:35:33 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2012/12/30 16:35:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2012/12/30 16:35:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2012/12/30 16:35:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2012/12/30 16:35:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2012/12/30 16:35:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2012/12/30 16:35:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2012/12/30 16:35:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2012/12/30 16:35:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2012/12/30 16:35:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2012/12/30 16:35:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2012/12/30 16:35:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2012/12/30 16:35:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2012/12/30 16:35:33 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2012/12/30 16:35:33 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2012/12/30 01:36:54 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\addpcs [2012/12/30 01:06:37 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\Programs [2012/12/24 15:45:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag [2012/12/24 14:02:42 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\O&O [2012/12/24 14:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software [2012/12/24 14:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software [2012/12/24 14:01:43 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\Downloaded Installations [2012/12/23 18:53:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012/12/23 18:53:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012/12/23 18:53:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012/12/23 18:53:00 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012/12/23 18:53:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012/12/23 18:52:52 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012/12/23 18:52:52 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012/12/23 18:52:52 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012/12/23 18:52:52 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012/12/23 18:52:52 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012/12/23 18:52:52 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012/12/23 18:52:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012/12/23 18:52:52 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012/12/23 18:52:52 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012/12/23 18:52:52 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012/12/23 18:52:52 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012/12/23 18:52:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012/12/23 18:52:52 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012/12/23 18:52:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012/12/23 18:52:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012/12/23 18:52:52 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012/12/23 18:52:52 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012/12/23 18:52:51 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012/12/23 18:52:51 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012/12/23 18:52:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/12/23 18:52:05 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/12/23 18:51:58 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012/12/23 18:51:58 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012/12/23 09:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/12/23 09:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012/12/22 19:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012/12/22 19:58:32 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012/12/22 19:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012/12/22 19:33:45 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2012/12/22 19:33:45 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2012/12/22 19:33:42 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2012/12/22 19:33:42 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2012/12/22 19:33:38 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2012/12/22 19:33:38 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2012/12/22 19:33:34 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2012/12/22 19:33:34 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2012/12/21 13:16:27 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp [2012/12/21 13:13:06 | 005,987,320 | ---- | C] (Microsoft Corporation) -- C:\Users\Gebruiker\Desktop\SkyDriveSetup.exe [2012/12/21 10:54:28 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/21 10:54:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/21 10:54:27 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/21 10:54:27 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/15 18:27:25 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\AdFender [2012/12/13 13:00:09 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/13 13:00:09 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/12/13 13:00:09 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/12/13 13:00:09 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/12/13 13:00:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/12/13 13:00:07 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/12/13 13:00:07 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/12/13 13:00:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/12/13 13:00:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/12/13 13:00:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/12/13 13:00:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/12/13 13:00:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/12/13 13:00:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/13 13:00:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/12/13 13:00:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/12/13 13:00:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/12/13 13:00:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/13 13:00:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/13 13:00:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/13 13:00:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/13 13:00:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/12/13 13:00:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/12/13 13:00:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/12/13 13:00:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/13 13:00:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/12/13 13:00:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/12/13 13:00:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/12/13 13:00:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/13 13:00:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/12/13 13:00:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/12/13 13:00:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/12/13 13:00:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/12/13 13:00:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/12/13 13:00:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/12/13 13:00:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/12/13 13:00:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/12/13 12:59:38 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/13 12:59:37 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/08 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/12/08 17:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/12/08 17:38:45 | 000,000,000 | ---D | C] -- C:\Windows\MiniDump [2012/12/08 14:13:19 | 000,000,000 | ---D | C] -- C:\WindowsDebug [color=#E56717:a0cf55e3fc]========== Files - Modified Within 30 Days ==========[/color:a0cf55e3fc] [2013/01/02 20:19:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe [2013/01/02 20:12:18 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/02 20:11:13 | 019,770,720 | ---- | M] (Mozilla) -- C:\Users\Gebruiker\Desktop\Firefox Setup 17.0.1.exe [2013/01/02 19:53:01 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/02 19:32:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/02 19:32:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/02 19:32:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/02 19:25:20 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013/01/02 19:25:05 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/02 19:24:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/02 19:24:35 | 2360,844,288 | -HS- | M] () -- C:\hiberfil.sys [2013/01/02 18:00:01 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2013/01/02 17:36:20 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 68c8c91b-b266-4a42-b2c1-e31ad4ffec1d.job [2013/01/02 14:47:31 | 001,557,318 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/02 14:47:31 | 000,704,414 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013/01/02 14:47:31 | 000,618,858 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/02 14:47:31 | 000,135,012 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013/01/02 14:47:31 | 000,107,836 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/02 13:27:00 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f3e2cf55-a453-45ed-8
  • En hier nu de 2e log OTL Extras logfile created on: 1/2/2013 8:22:40 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gebruiker\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16438) Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 2.93 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 67.26% Memory free 3.42 Gb Paging File | 2.01 Gb Available in Paging File | 58.78% Paging File free Paging file location(s): c:\pagefile.sys 500 4501 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284.99 Gb Total Space | 233.41 Gb Free Space | 81.90% Space Free | Partition Type: NTFS Computer Name: ACER | User Name: Gebruiker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:8a5a91dff4]========== Extra Registry (SafeList) ==========[/color:8a5a91dff4] [color=#E56717:8a5a91dff4]========== File Associations ==========[/color:8a5a91dff4] [b:8a5a91dff4]64bit:[/b:8a5a91dff4] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-1540792951-4210785799-4223076911-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717:8a5a91dff4]========== Shell Spawning ==========[/color:8a5a91dff4] [b:8a5a91dff4]64bit:[/b:8a5a91dff4] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717:8a5a91dff4]========== Security Center Settings ==========[/color:8a5a91dff4] [b:8a5a91dff4]64bit:[/b:8a5a91dff4] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b:8a5a91dff4]64bit:[/b:8a5a91dff4] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b:8a5a91dff4]64bit:[/b:8a5a91dff4] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b:8a5a91dff4]64bit:[/b:8a5a91dff4] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UpdatesDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717:8a5a91dff4]========== System Restore Settings ==========[/color:8a5a91dff4] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717:8a5a91dff4]========== Firewall Settings ==========[/color:8a5a91dff4] [b:8a5a91dff4]64bit:[/b:8a5a91dff4] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b:8a5a91dff4]64bit:[/b:8a5a91dff4] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b:8a5a91dff4]64bit:[/b:8a5a91dff4] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717:8a5a91dff4]========== Authorized Applications List ==========[/color:8a5a91dff4] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717:8a5a91dff4]========== Vista Active Open Ports Exception List ==========[/color:8a5a91dff4] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{005C33C4-3D7E-45BA-A5CF-CE77A51EE546}" = lport=2869 | protocol=6 | dir=in | app=system | "{0A5BA6C9-A7F8-4A5A-8562-D26CCA63BD9D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0DE01341-BD06-46D6-A2E5-FC89EBEBE3E3}" = lport=138 | protocol=17 | dir=in | app=system | "{16808EAA-FA06-4923-A48D-B6017C547E5F}" = rport=445 | protocol=6 | dir=out | app=system | "{16954884-691E-41FD-8D3B-41503715A936}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{18594DE0-7822-437A-BF3D-D1A870B07533}" = rport=137 | protocol=17 | dir=out | app=system | "{18780E05-4F03-4C78-9E79-73E251F47C2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1C3901E9-F767-4A16-A96E-6C49A83069CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1F3D0F65-6A7A-4F2F-8CC7-17AFFC47747D}" = lport=80 | protocol=6 | dir=in | name=http | "{2A77107A-0248-486D-8CA4-927B826355C7}" = rport=138 | protocol=17 | dir=out | app=system | "{3140D97D-11BC-4C7B-974B-B0C2BD21A6F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{315014F8-1948-41D3-A323-0FBC54E442F9}" = lport=445 | protocol=6 | dir=in | app=system | "{34BBA4C6-EB99-4A73-B017-8C1823BBB73E}" = lport=139 | protocol=6 | dir=in | app=system | "{41D22CCE-6F6A-4D4A-883C-90552A5533C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4377C1B2-9F62-4875-9990-0A397536496B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{4B1D6FCD-E3C5-471E-8E25-B48F6878EA71}" = rport=10243 | protocol=6 | dir=out | app=system | "{54ED9FFF-54E4-4C12-8784-57777CBB7ABE}" = lport=2869 | protocol=6 | dir=in | app=system | "{6603BF29-3680-4C7E-841B-F482A897FE16}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6A2A3767-A278-4248-8573-FCDAB31F21F0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{743CC82E-A1AF-4833-872E-7E76FA00AE8D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7B2E4023-9D7E-42C8-84E3-C9591C7027E8}" = rport=2869 | protocol=6 | dir=out | app=system | "{87F0A334-62A6-45BB-9803-E891ED66CAB7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8D2288F4-E272-4E55-9A6C-9CD2573F4764}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9A4E1B63-35A5-440A-B662-D41A62C9ADF7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B7EB4EF5-46A0-4C41-A13E-94EEA35BFABF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B9A72F0E-D40C-42B8-825C-18496A5AC89F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{BE5FD74D-EE87-49AC-998A-5B2E57E40585}" = rport=139 | protocol=6 | dir=out | app=system | "{BFF8EA0C-421D-4E92-83E7-B46C2094AD67}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C2563411-732D-4DE1-B1D8-71AEE28BDE10}" = lport=2869 | protocol=6 | dir=in | app=system | "{C56AE9D8-0192-4C08-8D66-A348B25E45FE}" = lport=137 | protocol=17 | dir=in | app=system | "{CCA5A37A-9727-4131-AA01-EE7CE0C119B6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CF480899-03EA-42AF-A719-64C4F1BA93BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D3C5E3EF-F444-4D30-B345-52E66E2DE062}" = lport=10243 | protocol=6 | dir=in | app=system | "{F70258A9-8075-471F-B3AE-B2069CF56213}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F7F9E7A1-D8AA-41DF-AB52-8874EEF94C97}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FEBE2651-5D23-4796-8EF1-414A853457BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | [color=#E56717:8a5a91dff4]========== Vista Active Application Exception List ==========[/color:8a5a91dff4] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1DCFB5F3-748A-440B-BAC5-BBE76396783F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{232876AF-E3B0-4FFC-A755-84EF012E753C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{37E1B88D-28DD-4D36-B2F0-E9B1DAC366A2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{3BB07BFD-317B-450F-9DE1-DEA2444841F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{40D17E77-6F93-408E-AE7A-DC7554CC9B38}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{43D205C2-5AAC-4E79-9E60-533209F8905A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4461E5B1-BB54-4320-B5B1-20FFF856D92E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{493C0E7B-A93D-48C8-A1F9-3FB094E0FF88}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{5C8936E1-26DF-4DD6-86E2-4B70A4424C9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{63895B77-DCB5-4003-9279-63370B1C06CA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{81344E44-3FAB-4956-AE1E-873B51D816CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8252162D-A8D1-44F3-8373-0D821F71AA11}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{832BAC89-69D6-4D62-A50A-662706A48E20}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{880E8DEC-1BEC-479C-AD5F-E07EB58FDAEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8E2DA35E-B342-43ED-839A-AD529538B98B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{973BE6E3-E6B3-4C85-87CE-439EEA270BD3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{982C551B-F395-4287-8156-C8F59FC56FF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9A384F9D-F0FB-4873-8F4B-D25254037AB2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A48F3634-617F-4978-8A0D-818B1676D750}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A7CD45D6-DD77-4F3E-BC20-BF87A362AA9C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{ACC9488B-CCF4-467F-A447-4798761C0EE0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{BB3AFC94-F158-410E-B7FB-56F8CB9A181F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BE4AC9B5-8D86-44A2-A746-C288134B3EAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C4A179FC-B3C7-4F0E-B0D2-D367378535FA}" = protocol=6 | dir=out | app=system | "{C71EAFC0-B51D-4AF5-B6FE-57F9D935FBB8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CB009E52-CD95-4610-9B42-3E4CCA2ADCDE}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{D05CC5ED-D02C-4B43-96A3-C499E7CF7410}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D5DE22D9-883A-4A0F-A8D2-A42F7033E3BF}" = dir=in | app=c:\users\gebruiker\appdata\local\microsoft\skydrive\skydrive.exe | "{DCBC4E29-C676-4376-BDCD-3AA45CDBF9FF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EDF71A98-628F-4742-8218-DFAEA4B8258E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F901BB65-5FDC-4776-BD7F-340284A5CA50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FE19A603-4F5F-4E21-9272-0BB0451CED40}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{61E0FE55-D14E-4944-B79D-35B83FB5B29B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{A002283F-FABB-4C32-A268-6CBD688889C1}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{0307E2C0-A178-4A21-ADF4-73DC5B743A38}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{A8F3721C-FFDA-43B5-80F3-61A9BD18CF24}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | [color=#E56717:8a5a91dff4]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:8a5a91dff4] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}" = O&O Defrag Free Edition "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "Bitdefender" = Bitdefender Internet Security 2013 "EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall "HDMI" = Intel(R) Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2 "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010 "{90140000-0015-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010 "{90140000-0016-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010 "{90140000-0018-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010 "{90140000-0019-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010 "{90140000-001A-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010 "{90140000-001B-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010 "{90140000-001F-0413-0000-0000000FF1CE}_Office14.SingleImage_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0413-1000-0000000FF1CE}_Office14.SingleImage_{B9427E36-0B0A-48F4-8A51-1C178708A28E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010 "{90140000-002C-0413-0000-0000000FF1CE}_Office14.SingleImage_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010 "{90140000-006E-0413-0000-0000000FF1CE}_Office14.SingleImage_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010 "{90140000-00A1-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50" = MioMore Desktop 7.50 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI - Nederlands "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Acer Screensaver" = Acer ScreenSaver "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AKO" = AKO "Aurora 19.0a2 (x86 nl)" = Aurora 19.0a2 (x86 nl) "EPSON Scanner" = EPSON Scan "EPSON SX125 Series Manual" = EPSON SX125 Series Handboek "ESET Online Scanner" = ESET Online Scanner v3 "FileHippo.com" = FileHippo.com Update Checker "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "KLS Mail Backup_is1" = KLS Mail Backup 1.9.8.0 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.70.0.1100 "Mozilla Firefox 17.0.1 (x86 nl)" = Mozilla Firefox 17.0.1 (x86 nl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Picasa 3" = Picasa 3 "WinLiveSuite" = Windows Live Essentials [color=#E56717:8a5a91dff4]========== HKEY_USERS Uninstall List ==========[/color:8a5a91dff4] [HKEY_USERS\S-1-5-21-1540792951-4210785799-4223076911-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive [color=#E56717:8a5a91dff4]========== Last 20 Event Log Errors ==========[/color:8a5a91dff4] [ Application Events ] Error - 12/24/2012 7:09:05 AM | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/24/2012 7:09:05 AM | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2380294 Error - 12/24/2012 7:09:05 AM | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2380294 Error - 12/24/2012 7:09:06 AM | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/24/2012 7:09:06 AM | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2381495 Error - 12/24/2012 7:09:06 AM | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2381495 Error - 12/27/2012 5:22:28 AM | Computer Name = Acer | Source = Application Error | ID = 1000 Description = Naam van toepassing met fout: firefox.exe, versie: 19.0.0.4742, tijdstempel: 0x50d9c905 Naam van module met fout: xul.dll, versie: 19.0.0.4742, tijdstempel: 0x50d9c831 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00121328 Id van proces met fout: 0xf34 Starttijd van toepassing met fout: 0x01cde40c9c8e8d91 Pad naar toepassing met fout: C:\Program Files (x86)\Aurora\firefox.exe Pad naar module met fout: C:\Program Files (x86)\Aurora\xul.dll Rapport-id: ee54d4bd-5006-11e2-b0da-88ae1d77895e Error - 12/29/2012 8:26:37 PM | Computer Name = Acer | Source = SideBySide | ID = 16842832 Description = Kan activeringscontext voor C:\Users\Gebruiker\Documents\Software-Computer\esetsmartinstaller_enu.exe niet maken. Fout in manifest of beleidsbestand op regel . Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is. Conflicterende onderdelen zijn: Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 1/2/2013 2:25:29 PM | Computer Name = Acer | Source = System Restore | ID = 8210 Description = Error - 1/2/2013 3:06:43 PM | Computer Name = Acer | Source = SideBySide | ID = 16842832 Description = Kan activeringscontext voor C:\Users\Gebruiker\Documents\Software-Computer\esetsmartinstaller_enu.exe niet maken. Fout in manifest of beleidsbestand op regel . Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is. Conflicterende onderdelen zijn: Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ System Events ] Error - 1/2/2013 2:43:42 PM | Computer Name = Acer | Source = ipnathlp | ID = 31004 Description = Error - 1/2/2013 2:53:48 PM | Computer Name = Acer | Source = ipnathlp | ID = 31004 Description = Error - 1/2/2013 2:58:56 PM | Computer Name = Acer | Source = ipnathlp | ID = 31004 Description = Error - 1/2/2013 3:00:01 PM | Computer Name = Acer | Source = ipnathlp | ID = 31004 Description = Error - 1/2/2013 3:07:01 PM | Computer Name = Acer | Source = Service Control Manager | ID = 7034 Description = De ABBYY FineReader 9.0 Sprint Licensing Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error - 1/2/2013 3:12:21 PM | Computer Name = Acer | Source = ipnathlp | ID = 31004 Description = Error - 1/2/2013 3:14:19 PM | Computer Name = Acer | Source = ipnathlp | ID = 31004 Description = Error - 1/2/2013 3:21:29 PM | Computer Name = Acer | Source = ipnathlp | ID = 31004 Description = Error - 1/2/2013 3:24:46 PM | Computer Name = Acer | Source = ipnathlp | ID = 31004 Description = Error - 1/2/2013 3:26:49 PM | Computer Name = Acer | Source = ipnathlp | ID = 31004 Description = < End of report >
  • Ik heb geen antivirussoftware in jouw Windows gevonden. Wel een aktive Malwarebytes MBAM - dat is geen substituut voor antivirussoftware! [b:978553e375]Sluit voordat [color=#008000:978553e375]OTL[/color:978553e375] de fix gaat doen, eerst alle andere openstaande vensters![/b:978553e375] [list:978553e375][*:978553e375][b:978553e375][color=#0000FF:978553e375]Windows 2000[/color:978553e375][/b:978553e375] en [color=#0000FF:978553e375][b:978553e375]Windows XP[/b:978553e375][/color:978553e375]: dubbelklik op [color=#008000:978553e375][b:978553e375]OTL.exe[/b:978553e375][/color:978553e375]. [*:978553e375][color=#0000FF:978553e375][b:978553e375]Windows Vista[/b:978553e375][/color:978553e375], [color=#0000FF:978553e375][b:978553e375]Windows 7[/b:978553e375][/color:978553e375] en [color=#0000FF:978553e375][b:978553e375]Windows 8[/b:978553e375][/color:978553e375]: via rechtsklik op [color=#008000:978553e375][b:978553e375]OTL.exe[/b:978553e375][/color:978553e375] en kies voor "Als Administrator uitvoeren". [list:978553e375][*:978553e375][b:978553e375][color=#008000:978553e375]Kopieer en plak de volgende (vetgedrukte,[/color:978553e375] [color=#0000FF:978553e375]blauwe tekst[/color:978553e375][color=#008000:978553e375]) in het kader onder [/color:978553e375][/b:978553e375][img:978553e375]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:978553e375][/list:u:978553e375][/list:u:978553e375] [b:978553e375][color=#0000FF:978553e375] :OTL FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926 FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5 [2011/03/12 23:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\ma7hckcq.default\extensions\personas@christopher.beard [2011/02/12 20:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\xog5c217.default\extensions [2012/12/09 00:10:19 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\adblockpopups@jessehakanen.net.xpi [2012/10/07 18:34:20 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\lazarus@interclue.com.xpi [2011/03/12 19:59:44 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\personas@christopher.beard.xpi [2012/12/24 13:55:12 | 000,002,117 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi [2012/11/23 18:00:45 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/09/22 09:54:33 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2011/02/12 20:07:37 | 000,571,320 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\xog5c217.default\extensions\testpilot@labs.mozilla.com.xpi [2013/01/02 20:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/01/02 18:00:01 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job :Services :Reg :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts] [emptyjava] [emptyflash] [createrestorepoint] [reboot][/color:978553e375][/b:978553e375] [list:978553e375][*:978553e375]Klik daarna bovenaan op [img:978553e375]http://www.imgdumper.nl/uploads5/4f911cee9de47/4f911cee9da59-OTL-4.png[/img:978553e375] [*:978553e375]Laat het programma ongestoord zijn werk doen. [*:978553e375][color=#FF0000:978553e375][b:978553e375]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/b:978553e375][/color:978553e375] [*:978553e375]Klik op [b:978553e375]OK[/b:978553e375] [*:978553e375]Na het opnieuw opstarten wordt enkel een nieuw log geopend. [*:978553e375]Post via kopiëren en plakken de inhoud van dat OTL-scanlog.[/list:u:978553e375]
  • Heb ff gekeken maar het staat wel aan de antivirus Ik heb dan Bitdefender Internet Security 2013 En hierbij de log All processes killed ========== OTL ========== C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\ma7hckcq.default\extensions\personas@christopher.beard\modules folder moved successfully. C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\ma7hckcq.default\extensions\personas@christopher.beard\defaults\preferences folder moved successfully. C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\ma7hckcq.default\extensions\personas@christopher.beard\defaults folder moved successfully. C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\ma7hckcq.default\extensions\personas@christopher.beard\components folder moved successfully. C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\ma7hckcq.default\extensions\personas@christopher.beard folder moved successfully. C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\xog5c217.default\extensions folder moved successfully. C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\adblockpopups@jessehakanen.net.xpi moved successfully. C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\lazarus@interclue.com.xpi moved successfully. C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\personas@christopher.beard.xpi moved successfully. C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi moved successfully. C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi moved successfully. C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\ma7hckcq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi moved successfully. File C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\xog5c217.default\extensions\testpilot@labs.mozilla.com.xpi not found. C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully. C:\Windows\Tasks\ParetoLogic Registration3.job moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== [color=#A23BEC:7394b15333]< ipconfig /flushdns /c >[/color:7394b15333] Windows IP-configuratie De DNS-omzettingscache is leeggemaakt. C:\Users\Gebruiker\Desktop\cmd.bat deleted successfully. C:\Users\Gebruiker\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gebruiker ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1299 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 97099620 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 1670 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 19770720 bytes Total Files Cleaned = 111.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYJAVA] User: All Users User: Default User: Default User User: Gebruiker ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Gebruiker ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 01022013_223014 Files\Folders moved on Reboot... C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. File\Folder C:\Windows\temp\~bd596E.tmp not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Zie morgen wel verder, wat ik moet doen. Ga eerst naar het dromeland toe. En jij ook een goede nachtrust toegewenst.
  • Jij ook welterusten. Morgen mag je verder gaan met: [color=#FF0000:dcaf91ea49][b:dcaf91ea49]Stap •1•[/b:dcaf91ea49][/color:dcaf91ea49] [b:dcaf91ea49]Welk programma[/b:dcaf91ea49]: [color=#008000:dcaf91ea49][b:dcaf91ea49]AdwCleaner[/b:dcaf91ea49][/color:dcaf91ea49] [b:dcaf91ea49]Waarvoor/waarom[/b:dcaf91ea49]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars. [b:dcaf91ea49]Moeilijkheidsgraad[/b:dcaf91ea49]: Geen. [b:dcaf91ea49]Downloadlokatie[/b:dcaf91ea49]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:dcaf91ea49]Download[/b:dcaf91ea49]: [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner][color=#FF0000:dcaf91ea49][b:dcaf91ea49]AdwCleaner by Xplode[/b:dcaf91ea49][/color:dcaf91ea49][/url]. [b:dcaf91ea49]Opmerkingen[/b:dcaf91ea49]: [list:dcaf91ea49][*:dcaf91ea49][color=#FF0000:dcaf91ea49][b:dcaf91ea49] Alle openstaande programma's en webpagina's dienen afgesloten te zijn[/b:dcaf91ea49][/color:dcaf91ea49]. [*:dcaf91ea49]Dat na opstarten van [color=#008000:dcaf91ea49][b:dcaf91ea49]AdwCleaner[/b:dcaf91ea49][/color:dcaf91ea49] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:dcaf91ea49] [b:dcaf91ea49][color=#008000:dcaf91ea49]AdwCleaner[/color:dcaf91ea49] opstarten[/b:dcaf91ea49]: [list:dcaf91ea49][*:dcaf91ea49][b:dcaf91ea49][color=#0000FF:dcaf91ea49]Windows 2000[/color:dcaf91ea49][/b:dcaf91ea49] en [color=#0000FF:dcaf91ea49][b:dcaf91ea49]Windows XP[/b:dcaf91ea49][/color:dcaf91ea49]: dubbelklik op adwcleaner.exe. [*:dcaf91ea49][color=#0000FF:dcaf91ea49][b:dcaf91ea49]Windows Vista[/b:dcaf91ea49][/color:dcaf91ea49], [color=#0000FF:dcaf91ea49][b:dcaf91ea49]Windows 7[/b:dcaf91ea49][/color:dcaf91ea49] en [color=#0000FF:dcaf91ea49][b:dcaf91ea49]Windows 8[/b:dcaf91ea49][/color:dcaf91ea49]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:dcaf91ea49] [b:dcaf91ea49][color=#008000:dcaf91ea49]AdwCleaner[/color:dcaf91ea49] is opgestart[/b:dcaf91ea49]: [list:dcaf91ea49][*:dcaf91ea49]Klik op de knop [color=#0000FF:dcaf91ea49][b:dcaf91ea49]Verwijderen[/b:dcaf91ea49][/color:dcaf91ea49] [*:dcaf91ea49]Klik bij [color=#0000FF:dcaf91ea49][b:dcaf91ea49]AdwCleaner – Afsluiting van de programma's[/b:dcaf91ea49][/color:dcaf91ea49] op [b:dcaf91ea49]OK[/b:dcaf91ea49] [*:dcaf91ea49]Klik bij [color=#0000FF:dcaf91ea49][b:dcaf91ea49]AdwCleaner – Herstarten noodzakelijk[/b:dcaf91ea49][/color:dcaf91ea49] op [b:dcaf91ea49]OK[/b:dcaf91ea49][/list:u:dcaf91ea49] [b:dcaf91ea49][color=#008000:dcaf91ea49]AdwCleaner[/color:dcaf91ea49] logbestand[/b:dcaf91ea49]: [list:dcaf91ea49][*:dcaf91ea49]Nadat de PC opnieuw is opgestart, opent een logfile. [*:dcaf91ea49]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:dcaf91ea49] [color=#FF0000:dcaf91ea49][b:dcaf91ea49]Stap •2•[/b:dcaf91ea49][/color:dcaf91ea49] [b:dcaf91ea49]Welk programma[/b:dcaf91ea49]: [color=#008000:dcaf91ea49][b:dcaf91ea49]ComboFix[/b:dcaf91ea49][/color:dcaf91ea49] [b:dcaf91ea49]Waarvoor/waarom[/b:dcaf91ea49]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen. [b:dcaf91ea49]Moeilijkheidsgraad[/b:dcaf91ea49]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:dcaf91ea49]Downloadlokatie[/b:dcaf91ea49]: Dit programma absoluut naar het bureaublad downloaden! [b:dcaf91ea49]Download ComboFix via één van deze locaties[/b:dcaf91ea49]: [list:dcaf91ea49][*:dcaf91ea49][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:dcaf91ea49]Bleepingcomputer[/b:dcaf91ea49][/url] [*:dcaf91ea49][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:dcaf91ea49]ForoSpyware[/b:dcaf91ea49][/url] [*:dcaf91ea49][url=http://subs.geekstogo.com/ComboFix.exe][b:dcaf91ea49]Geekstogo[/b:dcaf91ea49][/url][/list:u:dcaf91ea49] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:dcaf91ea49][color=#0000FF:dcaf91ea49]Hier[/color:dcaf91ea49][/b:dcaf91ea49][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:dcaf91ea49][color=#0000FF:dcaf91ea49]Hier[/color:dcaf91ea49][/b:dcaf91ea49][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:dcaf91ea49][color=#0000FF:dcaf91ea49]hier[/color:dcaf91ea49][/b:dcaf91ea49][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:dcaf91ea49]Opmerkingen[/b:dcaf91ea49]: [list:dcaf91ea49][*:dcaf91ea49] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:dcaf91ea49]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:dcaf91ea49] [b:dcaf91ea49]ComboFix opstarten[/b:dcaf91ea49]: [list:dcaf91ea49][*:dcaf91ea49][b:dcaf91ea49][color=#0000FF:dcaf91ea49]Windows 2000[/color:dcaf91ea49][/b:dcaf91ea49] en [color=#0000FF:dcaf91ea49][b:dcaf91ea49]Windows XP[/b:dcaf91ea49][/color:dcaf91ea49]: dubbelklik op ComboFix.exe. [*:dcaf91ea49][color=#0000FF:dcaf91ea49][b:dcaf91ea49]Windows Vista[/b:dcaf91ea49][/color:dcaf91ea49] en [color=#0000FF:dcaf91ea49][b:dcaf91ea49]Windows 7[/b:dcaf91ea49][/color:dcaf91ea49]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:dcaf91ea49] [b:dcaf91ea49]ComboFix is opgestart[/b:dcaf91ea49]: [list:dcaf91ea49][*:dcaf91ea49]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:dcaf91ea49]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:dcaf91ea49]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:dcaf91ea49]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:dcaf91ea49]Post de inhoud van dit logbestand in je volgende bericht. [*:dcaf91ea49]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:dcaf91ea49] [b:dcaf91ea49]Belangrijke opmerking[/b:dcaf91ea49]: [list:dcaf91ea49][*:dcaf91ea49][b:dcaf91ea49][color=#0000FF:dcaf91ea49]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:dcaf91ea49][/b:dcaf91ea49] [*:dcaf91ea49][b:dcaf91ea49][color=#FF0000:dcaf91ea49]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:dcaf91ea49][/b:dcaf91ea49] [*:dcaf91ea49][b:dcaf91ea49][color=#008000:dcaf91ea49]Start dan de computer opnieuw op.[/color:dcaf91ea49][/b:dcaf91ea49][/list:u:dcaf91ea49]
  • Goedemorgen Abraham Alvast de log van AdwCleaner. # AdwCleaner v2.104 - Verslag gemaakt op 03/01/2013 om 07:50:55 # Geactualiseerd op 29/12/2012 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruiker : Gebruiker - ACER # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Gebruiker\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** ***** [Register] ***** ***** [Browsers] ***** -\\ Internet Explorer v10.0.9200.16438 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v17.0.1 (nl) File : C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ma7hckcq.default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. -\\ Opera v [Onmogelijk de versie te verkrijgen] File : C:\Users\Gebruiker\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[S1].txt - [1859 octets] - [22/07/2012 09:35:59] AdwCleaner[S2].txt - [1447 octets] - [30/12/2012 20:35:21] AdwCleaner[S3].txt - [2501 octets] - [02/01/2013 17:42:15] AdwCleaner[S4].txt - [1134 octets] - [03/01/2013 07:50:55] ########## EOF - C:\AdwCleaner[S4].txt - [1194 octets] ##########
  • Dit komt ff van een andere laptop Heb nu Combofix al draaien van vanmorgenaf 09,10 en hij blijft staan bij Voltooid Deel 3 en verder komt hij niet. Wat moet ik nu doen, afwachten de fix of stoppen ermee.
  • Stoppen. En probeer dan of de scan in Veilige modus wel lukt.
  • Hier de log in veilig modus ComboFix 13-01-03.01 - Gebruiker 03-01-2013 13:12:53.14.2 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3002.1948 [GMT 1:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe AV: Bitdefender Antivirus *Disabled/Outdated* {98CD50CE-5097-4098-9669-6C401FB3969C} FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7} SP: Bitdefender Antispyware *Disabled/Outdated* {23ACB12A-76AD-4F16-ACD9-57326434DC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Acer c:\programdata\Acer\Acer Updater\_UpdaterService_LOG.txt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-03 to 2013-01-03 )))))))))))))))))))))))))))))) . . 2013-01-03 12:20 . 2013-01-03 12:20 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-03 12:20 . 2013-01-03 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-02 21:30 . 2013-01-02 21:30 -------- d-----w- C:\_OTL 2013-01-02 08:48 . 2013-01-02 08:48 -------- d-----w- c:\program files (x86)\Aurora 2012-12-30 16:16 . 2012-11-14 03:51 19450880 ----a-w- c:\windows\system32\mshtml.dll 2012-12-30 16:16 . 2012-11-14 03:25 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-30 16:16 . 2012-11-14 01:14 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-12-30 15:41 . 2012-11-08 23:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE 2012-12-30 15:35 . 2012-12-30 15:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2012-12-30 00:36 . 2012-12-30 00:36 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\addpcs 2012-12-30 00:06 . 2012-12-30 00:06 -------- d-----w- c:\users\Gebruiker\AppData\Local\Programs 2012-12-24 14:45 . 2012-12-24 14:45 -------- d-----w- c:\windows\system32\oodag 2012-12-24 13:02 . 2012-12-24 13:02 -------- d-----w- c:\users\Gebruiker\AppData\Local\O&O 2012-12-24 13:02 . 2012-12-24 13:02 -------- d-----w- c:\program files\OO Software 2012-12-24 13:01 . 2012-12-24 13:01 -------- d-----w- c:\users\Gebruiker\AppData\Local\Downloaded Installations 2012-12-23 17:53 . 2012-08-23 15:28 3584 ----a-w- c:\windows\system32\drivers\nl-NL\tsusbflt.sys.mui 2012-12-23 17:53 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2012-12-23 17:53 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2012-12-23 17:53 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2012-12-23 17:53 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys 2012-12-23 17:53 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys 2012-12-23 17:51 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-12-23 17:51 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-12-23 08:51 . 2012-12-23 08:51 -------- d-----w- c:\program files\Bonjour 2012-12-23 08:51 . 2012-12-23 08:51 -------- d-----w- c:\program files (x86)\Bonjour 2012-12-22 18:58 . 2012-12-22 18:58 -------- d-----w- c:\program files\Windows Live 2012-12-22 18:58 . 2012-12-22 18:58 -------- d-----w- c:\windows\PCHEALTH 2012-12-22 18:58 . 2012-12-22 18:59 -------- d-----w- c:\program files (x86)\Windows Live 2012-12-22 18:33 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2012-12-22 18:33 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll 2012-12-22 18:33 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll 2012-12-22 18:33 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll 2012-12-22 18:33 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2012-12-22 18:33 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2012-12-22 18:33 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll 2012-12-22 18:33 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2012-12-21 12:16 . 2012-12-21 12:16 -------- d-----w- C:\SkyDriveTemp 2012-12-21 09:54 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 09:54 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 09:54 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 09:54 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-15 17:27 . 2012-12-29 13:31 -------- d-----w- c:\users\Gebruiker\AppData\Local\AdFender 2012-12-13 11:59 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 11:59 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-08 16:52 . 2013-01-02 21:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-12-08 13:13 . 2012-12-08 13:13 -------- d-----w- C:\WindowsDebug . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-15 17:51 . 2012-11-17 14:08 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-15 17:51 . 2012-11-17 14:08 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-14 15:49 . 2012-04-13 03:35 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 12:55 . 2010-11-15 14:01 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-11 15:05 . 2012-11-11 15:05 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-28 16:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 16:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 16:23 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-10 15:23 . 2012-10-10 15:23 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-10-10 13:00 . 2012-11-10 22:00 587024 ----a-w- c:\windows\system32\drivers\avckf.sys 2012-10-10 13:00 . 2012-11-10 22:00 705552 ----a-w- c:\windows\system32\drivers\avc3.sys 2012-10-09 18:17 . 2012-11-14 16:54 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-14 16:54 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-14 16:54 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 16:54 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-12-21 12:12 222712 ----a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-12-21 12:12 222712 ----a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-12-21 12:12 222712 ----a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-16 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-10-10 705552] R0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-08-29 145696] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104] R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] R2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-01-25 3051848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [x] R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232] R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-10-05 68416] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-10-10 587024] R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-09-21 82384] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-15 1255736] R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-10-18 65344] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 93160] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-22 140672] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040] . . Inhoud van de 'Gedeelde Taken' map . 2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 17:51] . 2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-24 11:33] . 2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-24 11:33] . 2011-01-23 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01] . 2013-01-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 68c8c91b-b266-4a42-b2c1-e31ad4ffec1d.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2013-01-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f3e2cf55-a453-45ed-82f2-bee21ef6c466.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-12-21 12:13 261624 ----a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-12-21 12:13 261624 ----a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-12-21 12:13 261624 ----a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304] "Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-10-22 1568560] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 3942216] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.weeronline.nl/Europa/Nederland/Smilde/4057322 uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mCustomizeSearch = hxxp://www.google.com mSearchAssistant = hxxp://www.google.com IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 TCP: Interfaces\{1CCBDE7B-E9A8-48C3-9CD1-C52075FD3A38}: NameServer = 192.168.0.1,8.8.8.8 FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ma7hckcq.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.weeronline.nl/Europa/Nederland/Smilde/4057322 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-01-03 08:09; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ma7hckcq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1540792951-4210785799-4223076911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-1540792951-4210785799-4223076911-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1540792951-4210785799-4223076911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-1540792951-4210785799-4223076911-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-01-03 13:22:32 ComboFix-quarantined-files.txt 2013-01-03 12:22 ComboFix2.txt 2013-01-03 11:59 ComboFix3.txt 2012-11-24 19:08 . Pre-Run: 249.110.323.200 bytes beschikbaar Post-Run: 248.945.217.536 bytes beschikbaar . - - End Of File - - 75F3A8F8833251822A2758E715A8F816
  • Ziet er al goed uit. [b:5e6a42e110][url=http://www.eset.com/home/products/online-scanner/]Doe de ESET online scan (Klik).[/url][/b:5e6a42e110] [list:5e6a42e110] [*:5e6a42e110]Klik op de knop [b:5e6a42e110]ESET Online Scanner[/b:5e6a42e110] [*:5e6a42e110]Zet een vinkje bij [b:5e6a42e110]YES, I accept the Terms of Use[/b:5e6a42e110] [*:5e6a42e110]Klik op [b:5e6a42e110]Start[/b:5e6a42e110] [*:5e6a42e110]Sta het ActiveX control toe om te installeren. [*:5e6a42e110]Zet een vinkje bij de volgende opties: [list:5e6a42e110][*:5e6a42e110][b:5e6a42e110]Remove found threats[/b:5e6a42e110] [*:5e6a42e110][b:5e6a42e110]Scan archives[/b:5e6a42e110][/list:u:5e6a42e110] [*:5e6a42e110]Klik vervolgens op [b:5e6a42e110][color=#0000FF:5e6a42e110]"Advanced Settings"[/color:5e6a42e110][/b:5e6a42e110] [list:5e6a42e110][*:5e6a42e110][b:5e6a42e110]Scan for potentially unwanted applications[/b:5e6a42e110] [*:5e6a42e110][b:5e6a42e110]Scan for potentially unsafe applications[/b:5e6a42e110] [*:5e6a42e110][b:5e6a42e110]Enable Anti-Stealth technology [/b:5e6a42e110][/list:u:5e6a42e110] [*:5e6a42e110]Klik op [b:5e6a42e110]Start[/b:5e6a42e110] [*:5e6a42e110]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:5e6a42e110]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is. [*:5e6a42e110]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt [*:5e6a42e110]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:5e6a42e110] [color=#0000FF:5e6a42e110][b:5e6a42e110]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/b:5e6a42e110][/color:5e6a42e110]
  • Nu vanaf mijn andere Laptop Eset heeft alles gescand, ± 03.30 uur over gedaan. En het heeft niets gevonden. Kan er nu niet meer mee op het internet,( gele driehoekje rechts onderin ) Had vanmiddag al problemen mee, na de scan van Combofix in veilig modus. Heb vanavond al een uur of wat bezig geweest, maar kan nog geen verbinding krijgen. Dus morgen zal ik weer verder kijken hoe en wat.
  • Aha. Opnieuw scannen met ComboFix! Vervolgens is er een herstart en moet internet het weer doen!
  • Geen resultaat opgeleverd. Als ik het driehoekje open krijg ik de verbindings te zien, en daar geeft hij dan aan dat hij wel verbonden is met de router. Maar ik krijg de website’s niet geopend. Dus er mist iets, maar wat.? P,s Dit vanaf mijn andere laptop. Mijn Desktop daar werkt ook alles wel goed.
  • Download [url=http://download.bleepingcomputer.com/farbar/MiniToolBox.exe]MiniToolBox[/url] en plaats dit tool op jouw bureaublad. [b:cee9e3ffd2]"Farbar MiniToolBox" gebruiken[/b:cee9e3ffd2]: [list:cee9e3ffd2][*:cee9e3ffd2] [b:cee9e3ffd2][color=#0000FF:cee9e3ffd2]Sluit nu eerst alle nog openstaande programmavensters![/color:cee9e3ffd2][/b:cee9e3ffd2] [list:cee9e3ffd2][*:cee9e3ffd2][b:cee9e3ffd2][color=#0000FF:cee9e3ffd2]Windows 2000[/color:cee9e3ffd2][/b:cee9e3ffd2] en [color=#0000FF:cee9e3ffd2][b:cee9e3ffd2]Windows XP[/b:cee9e3ffd2][/color:cee9e3ffd2]: start "MiniToolBox.exe" via dubbelklikken. [*:cee9e3ffd2][color=#0000FF:cee9e3ffd2][b:cee9e3ffd2]Windows Vista[/b:cee9e3ffd2][/color:cee9e3ffd2], [color=#0000FF:cee9e3ffd2][b:cee9e3ffd2]Windows 7[/b:cee9e3ffd2][/color:cee9e3ffd2] en [color=#0000FF:cee9e3ffd2][b:cee9e3ffd2]Windows 8[/b:cee9e3ffd2][/color:cee9e3ffd2]: start "MiniToolBox.exe" via rechtsklik [b:cee9e3ffd2]Als Administrator uitvoeren[/b:cee9e3ffd2].[/list:u:cee9e3ffd2][/list:u:cee9e3ffd2] Vink de volgende onderdelen aan: [list:cee9e3ffd2] [*:cee9e3ffd2]Flush DNS [*:cee9e3ffd2]Report IE Proxy Settings [*:cee9e3ffd2]Reset IE Proxy Settings [*:cee9e3ffd2]Report FF Proxy Settings [*:cee9e3ffd2]Reset FF Proxy Settings [*:cee9e3ffd2]List content of Hosts [*:cee9e3ffd2]List IP configuration [*:cee9e3ffd2]List Winsock Entries [*:cee9e3ffd2]List last 10 Event Viewer log [list:cee9e3ffd2][*:cee9e3ffd2]Klik nu op de knop "Go". [*:cee9e3ffd2]Aansluitend wordt een log aangemaakt (Result.txt) in de zelfde map waar "MiniToolBox.exe" in zit. [*:cee9e3ffd2]Kopieer en plak de inhoud van het log in jouw volgende bericht.[/list:u:cee9e3ffd2][/list:u:cee9e3ffd2] [color=#008000:cee9e3ffd2][b:cee9e3ffd2]Notabene:[/b:cee9e3ffd2][/color:cee9e3ffd2] indien "Reset FF Proxy Settings" gekozen is, dient Firefox afgesloten te zijn!
  • Ik heb dit ff gedaan met een Usb-stick Hierbij de log MiniToolBox by Farbar Version: 25-11-2012 Ran by Gebruiker (administrator) on 04-01-2013 at 13:29:47 Running from "E:\" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP-configuratie De DNS-omzettingscache is leeggemaakt. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Atheros AR5B97 Wireless Network Adapter = Draadloze netwerkverbinding (Connected) Broadcom NetLink (TM) Gigabit Ethernet = LAN-verbinding (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Draadloze netwerkverbinding 2 (Media disconnected) # ---------------------------------- # IPv4-configuratie # ---------------------------------- pushd interface ipv4 reset set global add address name="Draadloze netwerkverbinding" address=192.168.0.106 mask=255.255.255.0 add address name="LAN-verbinding" address=192.168.137.1 mask=255.255.255.0 popd # Einde van IPv4-configuratie Windows IP-configuratie Hostnaam . . . . . . . . . . . . : Acer Primair DNS-achtervoegsel . . . . : Knooppunttype . . . . . . . . . . : hybride IP-routering ingeschakeld . . . . : nee WINS-proxy ingeschakeld . . . . . : nee Draadloos LAN-adapter voor Draadloze netwerkverbinding 2: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Fysiek adres. . . . . . . . . . . : CE-46-19-5D-C3-AB DHCP ingeschakeld . . . . . . . . : ja Autom. configuratie ingeschakeld : ja Draadloos LAN-adapter voor Draadloze netwerkverbinding: Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter Fysiek adres. . . . . . . . . . . : C4-46-19-5D-C3-AB DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja Link-local IPv6-adres . . . . . . : fe80::9554:e92a:c0af:6e22%11(voorkeur) IPv4-adres. . . . . . . . . . . . : 192.168.0.106(voorkeur) Subnetmasker. . . . . . . . . . . : 255.255.255.0 Standaardgateway. . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 398738969 DHCPv6-client DUID. . . . . . . . : 00-01-00-01-13-FE-D0-C2-88-AE-1D-77-89-5E DNS-servers . . . . . . . . . . . : 192.168.0.1 8.8.8.8 NetBIOS via TCPIP . . . . . . . . : ingeschakeld Ethernet-adapter voor LAN-verbinding: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet Fysiek adres. . . . . . . . . . . : 88-AE-1D-77-89-5E DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja Tunnel-adapter voor isatap.sitecomwl342: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja Tunnel-adapter voor Teredo Tunneling Pseudo-Interface: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja Tunnel-adapter voor isatap.{1CCBDE7B-E9A8-48C3-9CD1-C52075FD3A38}: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter #2 Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja Tunnel-adapter voor isatap.{1652FB9C-1406-4354-BA78-26CF446682DF}: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter #3 Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja Tunnel-adapter voor isatap.{408C2479-EDC1-4CC6-BE86-A6E94EF74B14}: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter #4 Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.0.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. Ping-aanvraag kan host google.com niet vinden. Controleer de naam en probeer het opnieuw. DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.0.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. Ping-aanvraag kan host yahoo.com niet vinden. Controleer de naam en probeer het opnieuw. Pingen naar 127.0.0.1 met 32 bytes aan gegevens: Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128 Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128 Ping-statistieken voor 127.0.0.1: Pakketten: verzonden = 2, ontvangen = 2, verloren = 0 (0% verlies). De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden: Minimum = 0ms, Maximum = 0ms, Gemiddelde = 0ms =========================================================================== Interfacelijst 14...ce 46 19 5d c3 ab ......Microsoft Virtual WiFi Miniport Adapter 11...c4 46 19 5d c3 ab ......Atheros AR5B97 Wireless Network Adapter 10...88 ae 1d 77 89 5e ......Broadcom NetLink (TM) Gigabit Ethernet 1...........................Software Loopback Interface 1 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4 =========================================================================== IPv4 routetabel =========================================================================== Actieve routes: Netwerkadres Netmasker Gateway Interface Metric 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.106 276 192.168.0.106 255.255.255.255 On-link 192.168.0.106 276 192.168.0.255 255.255.255.255 On-link 192.168.0.106 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.106 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.106 276 =========================================================================== Permanente routes: Geen IPv6 routetabel =========================================================================== Actieve routes: Indien metrische netwerkbestemming Gateway 1 306 ::1/128 On-link 11 276 fe80::/64 On-link 11 276 fe80::9554:e92a:c0af:6e22/128 On-link 1 306 ff00::/8 On-link 11 276 ff00::/8 On-link =========================================================================== Permanente routes: Geen ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.) Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.) Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.) x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.) x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (01/04/2013 11:27:14 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6381 Error: (01/04/2013 11:27:14 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6381 Error: (01/04/2013 11:27:14 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/04/2013 11:27:12 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5304 Error: (01/04/2013 11:27:12 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5304 Error: (01/04/2013 11:27:12 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/04/2013 11:27:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4290 Error: (01/04/2013 11:27:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4290 Error: (01/04/2013 11:27:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/04/2013 11:27:10 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3292 System errors: ============= Error: (01/04/2013 11:36:13 AM) (Source: Service Control Manager) (User: ) Description: De Secunia Update Agent-service kan vanwege de volgende fout niet worden gestart: %%2 Error: (01/04/2013 11:33:26 AM) (Source: Disk) (User: ) Description: Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk1\DR2. Error: (01/04/2013 10:23:52 AM) (Source: Service Control Manager) (User: ) Description: De Secunia Update Agent-service kan vanwege de volgende fout niet worden gestart: %%2 Error: (01/04/2013 10:21:19 AM) (Source: Service Control Manager) (User: ) Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: %%1068 Error: (01/04/2013 10:21:19 AM) (Source: DCOM) (User: ) Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F} Error: (01/04/2013 10:21:19 AM) (Source: DCOM) (User: ) Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF} Error: (01/04/2013 10:17:47 AM) (Source: Service Control Manager) (User: ) Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error: (01/04/2013 10:17:19 AM) (Source: Application Popup) (User: ) Description: \??\C:\ComboFix\catchme.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma. Error: (01/04/2013 10:17:19 AM) (Source: Application Popup) (User: ) Description: \??\C:\ComboFix\catchme.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma. Error: (01/04/2013 10:15:27 AM) (Source: Service Control Manager) (User: ) Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Microsoft Office Sessions: ========================= Error: (01/04/2013 11:27:14 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6381 Error: (01/04/2013 11:27:14 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6381 Error: (01/04/2013 11:27:14 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/04/2013 11:27:12 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5304 Error: (01/04/2013 11:27:12 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5304 Error: (01/04/2013 11:27:12 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/04/2013 11:27:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4290 Error: (01/04/2013 11:27:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4290 Error: (01/04/2013 11:27:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/04/2013 11:27:10 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3292 CodeIntegrity Errors: =================================== Date: 2013-01-04 11:35:59.220 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00172_007\avcuf64.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2013-01-04 11:33:22.113 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00172_007\avcuf64.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2013-01-04 11:22:07.482 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00172_007\avcuf64.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2013-01-04 10:50:58.793 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00172_007\avcuf64.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2013-01-04 10:23:37.826 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00172_007\avcuf64.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2013-01-04 10:17:19.652 Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is. Date: 2013-01-04 10:17:19.480 Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is. Date: 2013-01-04 10:17:19.262 Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is. Date: 2013-01-04 10:17:19.121 Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is. Date: 2013-01-04 10:07:54.980 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00172_007\avcuf64.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. **** End of log ****
  • Download ComboFix nogmaals. Wel eerst de oude ComboFix naar de prullenbak doen en daarna deze legen. [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][color=#FF0000:ee8005f138][b:ee8005f138]Bleepingcomputer[/b:ee8005f138][/color:ee8005f138][/url] Start daarna ComboFix opnieuw voor een scan.
  • Heb Combofix op degoeie laptop weer gedownload, en via Usb-stick weer geplaatst. Deze melding staat er als ik op het driehoekje klik. Onbekend netwerk en geen toegang internet. Combofix weer in veilige modus gedaan, andere wou niet (bleef weer op Deel 4 steken) Hierbij de log via de usb-stick. ComboFix 13-01-04.01 - Gebruiker 04-01-2013 15:14:30.22.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3002.1960 [GMT 1:00] Gestart vanuit: E:\ComboFix.exe AV: Bitdefender Antivirus *Disabled/Outdated* {98CD50CE-5097-4098-9669-6C401FB3969C} FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7} SP: Bitdefender Antispyware *Disabled/Outdated* {23ACB12A-76AD-4F16-ACD9-57326434DC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Acer c:\programdata\Acer\Acer Updater\_UpdaterService_CFG.ini c:\programdata\Acer\Acer Updater\_UpdaterService_LOG.txt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))) . . 2013-01-04 14:20 . 2013-01-04 14:20 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-04 14:20 . 2013-01-04 14:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-02 08:48 . 2013-01-03 20:00 -------- d-----w- c:\program files (x86)\Aurora 2012-12-30 16:16 . 2012-11-14 03:51 19450880 ----a-w- c:\windows\system32\mshtml.dll 2012-12-30 16:16 . 2012-11-14 03:25 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-30 16:16 . 2012-11-14 01:14 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-12-30 15:41 . 2012-11-08 23:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE 2012-12-30 15:35 . 2012-12-30 15:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2012-12-30 00:36 . 2012-12-30 00:36 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\addpcs 2012-12-30 00:06 . 2012-12-30 00:06 -------- d-----w- c:\users\Gebruiker\AppData\Local\Programs 2012-12-24 14:45 . 2012-12-24 14:45 -------- d-----w- c:\windows\system32\oodag 2012-12-24 13:02 . 2012-12-24 13:02 -------- d-----w- c:\users\Gebruiker\AppData\Local\O&O 2012-12-24 13:02 . 2012-12-24 13:02 -------- d-----w- c:\program files\OO Software 2012-12-24 13:01 . 2012-12-24 13:01 -------- d-----w- c:\users\Gebruiker\AppData\Local\Downloaded Installations 2012-12-23 17:53 . 2012-08-23 15:28 3584 ----a-w- c:\windows\system32\drivers\nl-NL\tsusbflt.sys.mui 2012-12-23 17:53 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2012-12-23 17:53 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2012-12-23 17:53 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2012-12-23 17:53 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys 2012-12-23 17:53 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys 2012-12-23 17:51 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-12-23 17:51 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-12-23 08:51 . 2012-12-23 08:51 -------- d-----w- c:\program files\Bonjour 2012-12-23 08:51 . 2012-12-23 08:51 -------- d-----w- c:\program files (x86)\Bonjour 2012-12-22 18:58 . 2012-12-22 18:58 -------- d-----w- c:\program files\Windows Live 2012-12-22 18:58 . 2012-12-22 18:58 -------- d-----w- c:\windows\PCHEALTH 2012-12-22 18:58 . 2012-12-22 18:59 -------- d-----w- c:\program files (x86)\Windows Live 2012-12-22 18:33 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2012-12-22 18:33 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll 2012-12-22 18:33 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll 2012-12-22 18:33 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll 2012-12-22 18:33 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2012-12-22 18:33 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2012-12-22 18:33 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll 2012-12-22 18:33 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2012-12-21 12:16 . 2012-12-21 12:16 -------- d-----w- C:\SkyDriveTemp 2012-12-21 09:54 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 09:54 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 09:54 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 09:54 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-15 17:27 . 2012-12-29 13:31 -------- d-----w- c:\users\Gebruiker\AppData\Local\AdFender 2012-12-13 11:59 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 11:59 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-08 16:52 . 2013-01-03 20:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-12-08 13:13 . 2012-12-08 13:13 -------- d-----w- C:\WindowsDebug . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-15 17:51 . 2012-11-17 14:08 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-15 17:51 . 2012-11-17 14:08 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-14 15:49 . 2012-04-13 03:35 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 12:55 . 2010-11-15 14:01 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-11 15:05 . 2012-11-11 15:05 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-28 16:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 16:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 16:23 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-10 15:23 . 2012-10-10 15:23 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-10-10 13:00 . 2012-11-10 22:00 587024 ----a-w- c:\windows\system32\drivers\avckf.sys 2012-10-10 13:00 . 2012-11-10 22:00 705552 ----a-w- c:\windows\system32\drivers\avc3.sys 2012-10-09 18:17 . 2012-11-14 16:54 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-14 16:54 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-14 16:54 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 16:54 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-12-21 12:12 222712 ----a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-12-21 12:12 222712 ----a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-12-21 12:12 222712 ----a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-16 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-10-10 705552] R0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-08-29 145696] R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 93160] R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104] R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] R2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-01-25 3051848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [x] R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232] R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-10-05 68416] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-10-10 587024] R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-09-21 82384] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264] R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-15 1255736] R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-10-18 65344] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-22 140672] . . Inhoud van de 'Gedeelde Taken' map . 2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 17:51] . 2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-24 11:33] . 2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-24 11:33] . 2011-01-23 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01] . 2013-01-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 68c8c91b-b266-4a42-b2c1-e31ad4ffec1d.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2013-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f3e2cf55-a453-45ed-82f2-bee21ef6c466.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-12-21 12:13 261624 ----a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-12-21 12:13 261624 ----a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-12-21 12:13 261624 ----a-w- c:\users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304] "Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-10-22 1568560] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 3942216] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.weeronline.nl/Europa/Nederland/Smilde/4057322 uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mCustomizeSearch = hxxp://www.google.com mSearchAssistant = hxxp://www.google.com IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 TCP: Interfaces\{1CCBDE7B-E9A8-48C3-9CD1-C52075FD3A38}: NameServer = 192.168.0.1,8.8.8.8 FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\h51kxhcd.default\ . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{C5089197-5B15-44AD-B0FC-2E94EE9ECB63} - c:\programdata\{B2FE6FE4-63BF-44CA-91FD-921DA2BAAE44}\wsc_x1.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1540792951-4210785799-4223076911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-1540792951-4210785799-4223076911-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1540792951-4210785799-4223076911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-1540792951-4210785799-4223076911-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-01-04 15:23:24 ComboFix-quarantined-files.txt 2013-01-04 14:23 . Pre-Run: 247.640.358.912 bytes beschikbaar Post-Run: 247.480.410.112 bytes beschikbaar . - - End Of File - - 6371D49DC69E5AE8738911948F03CE28 Of is het verstandig nu om hem weer naar de fabrieksinstelling terug te zetten.?
  • Nog steeds geen internet? Kijk dan eerst of je voor de WLAN-kaart een nieuwe driver kan vinden en anders de huidige driver opniew installeren. En dat ComboFix telkens in veilige modus moet draaien zint mij ook voor geen meter!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.