Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Vreemde problemen....

None
30 antwoorden
  • Sinds enige tijd kan ik in Firefox geen foto's uploaden naar een forum.
    Hoor er wel meer klachten over , maar ook met de standaard dingen begint mijn lappie traag te worden en heeft bv veel moeite met opstarten.
    OK er zijn een aantal netwerkschijven die gezocht worden, maar toch.
    Zowel WinSysclean 14 en Auslogics draaien ( betaald en legaal) .
    RSIT log
    Logfile of random's system information tool 1.09 (written by random
    andom)
    Run by HP-G6 at 2013-03-20 12:18:04
    Microsoft Windows 7 Ultimate Service Pack 1
    System drive C: has 76 GB (66%) free of 115 GB
    Total RAM: 4044 MB (60% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:18:16, on 20-3-2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16470)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Users\HP-G6\AppData\Local\CloudStation\bin\cloud.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\HP-G6\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE
    C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
    C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
    C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Users\HP-G6\AppData\Local\CloudStation\bin\client-win.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files\trend micro\HP-G6.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ÿþ127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [F-Secure Hoster (45123)] "C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe" -app -hosterid:1
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized
    egrun
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_9AB5F54D94D79F19590B8088A1CE54B7] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" –no-startup-window
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - Startup: CloudStation.lnk = HP-G6\AppData\Local\CloudStation\bin\cloud.exe
    O4 - Startup: Dropbox.lnk = HP-G6\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe
    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 12024 bytes

    ======Listing Processes======

    \SystemRoot\System32\smss.exe
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    wininit.exe
    winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    "C:\Program Files\IDT\WDM\STacSV64.exe"
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
    "C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe" -hosterid:0
    taskeng.exe {FC63A958-5842-4577-AB79-F73524838044}
    taskeng.exe {234C5B58-3D4A-407F-8ADF-C8D74AB1A42F}
    "C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe" -UseTray
    "C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe"
    "C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe"
    "C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE" /service /stopevent=732 /ipcexch=808
    "C:\Windows\system32\Dwm.exe"
    C:\Windows\Explorer.EXE
    "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
    C:\Windows\system32\HPSIsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    "C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
    "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    "C:\Windows\System32\igfxtray.exe"
    "C:\Windows\System32\hkcmd.exe"
    "C:\Windows\System32\igfxpers.exe"
    "C:\Program Files\IDT\WDM\sttray64.exe"
    "C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
    "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized
    egrun
    "C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE"
    C:\Windows\system32\SearchIndexer.exe /Embedding
    "C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\fssm32.exe" 3 820 824 828
    "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    oid 1.3.6.1.4.1.2213.11.1.27.64 HosterGroupType 0
    "C:\Program Files\Windows Media Player\wmpnetwk.exe"
    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" –no-startup-window
    "C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    "C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
    "C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe"
    "C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe"
    "C:\Users\HP-G6\AppData\Local\CloudStation\bin\cloud.exe"
    KHALMNPR.EXE /API
    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" –type=gpu-process –channel="3408.0.452697934\801267175" –supports-dual-gpus=false –gpu-vendor-id=0x8086 –gpu-device-id=0x0116 –gpu-driver-vendor="Intel Corporation" –gpu-driver-version=9.17.10.2875 –ignored=" –type=renderer " /prefetch:12
    "C:\Users\HP-G6\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" –type=renderer –lang=nl –force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/OmniboxSearchSuggestTrialStarted2013Q1/1/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/SideloadWipeout/Enabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_99/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/ –extension-process –renderer-print-preview –enable-threaded-compositing –channel="3408.1.296618198\1341380902" /prefetch:3
    "C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe" –action hooks –log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
    "C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe" –action hooks –log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
    "C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE" /splash
    "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe"
    "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
    "C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe" -app -hosterid:1
    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    "C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Spam Control\fsscoepl_x64.exe"
    "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
    "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Users\HP-G6\AppData\Local\CloudStation\bin\..\bin\client-win.exe C:/Users/HP-G6/AppData/Local/CloudStation/bin/../session/1/conf/client.conf 1024
    \??\C:\Windows\system32\conhost.exe "1255834311148699758145317531-280377918-32680055112820689641129972058-947828294
    "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
    "C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    "C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
    "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-923864647-1305126636-2454660077-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-923864647-1305126636-2454660077-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
    "C:\Users\HP-G6\Desktop\RSITx64.exe"

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    =========Mozilla firefox=========

    ProfilePath - C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default

    prefs.js - "browser.startup.homepage" - "https://www.google.nl/|https://mail.google.com/mail/u/0/?tab=mm#inbox|http://www.zeilersforum.nl/index.php/Forum/Recent"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
    "Description"=Adobe® Flash® Player 11.6.602.180 Plugin
    "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
    "Description"=Java™ Deployment Toolkit
    "Path"=C:\Windows\SysWOW64
    pDeployJava1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
    "Description"=Oracle® Next Generation Java™ Plug-In
    "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2
    pjp2.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
    "Description"=Ag Player Plugin
    "Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0
    pctrl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
    "Description"=Office Authorization plug-in for NPAPI browsers
    "Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
    "Description"=Microsoft SharePoint Plug-in for Firefox
    "Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
    "Description"=Google Update
    "Path"=C:\Program Files (x86)\Google\Update\1.3.21.135
    pGoogleUpdate3.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
    "Description"=Google Update
    "Path"=C:\Program Files (x86)\Google\Update\1.3.21.135
    pGoogleUpdate3.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
    "Description"=VLC Multimedia Plugin
    "Path"=C:\Program Files (x86)\VideoLAN\VLC
    pvlc.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
    "Description"=Handles PDFs in-place in Firefox
    "Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR
    ppdf32.dll


    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
    "Description"=Adobe® Flash® Player 11.6.602.180 Plugin
    "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
    "Description"=Ag Player Plugin
    "Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0
    pctrl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
    "Description"=Office Authorization plug-in for NPAPI browsers
    "Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

    C:\Program Files (x86)\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd}

    C:\Program Files (x86)\Mozilla Firefox\components\
    binary.manifest
    browsercomps.dll

    C:\Program Files (x86)\Mozilla Firefox\searchplugins\
    bing.xml
    bolcom-nl.xml
    google.xml
    marktplaats-nl.xml
    wikipedia-nl.xml

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
    Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-09 461216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
    Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04 366904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
    Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-09 170912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
    HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2837288]
    "IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-10-22 171040]
    "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-10-22 399392]
    "Persistence"=C:\Windows\system32\igfxpers.exe [2012-10-22 441888]
    "SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-08-19 1664000]
    "EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2012-11-04 2419512]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18705664]
    "GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2013-03-07 19357112]
    "GoogleChromeAutoLaunch_9AB5F54D94D79F19590B8088A1CE54B7"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2013-03-11 1274320]
    "VoipBuster"=C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe [2013-03-05 19218240]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
    C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [2012-12-20 11325456]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^HP-G6^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FAHControl.lnk]
    C:\PROGRA~2\FAHCLI~1\FAHCON~1.EXE [2012-10-04 1525760]

    [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
    "F-Secure Manager"=C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE [2012-07-03 310992]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
    ""= []
    "HPUsageTrackingLEDM"=C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [2009-08-04 30264]
    "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
    "F-Secure Hoster (45123)"=C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe [2012-10-19 183864]
    "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Google Calendar Sync.lnk - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

    C:\Users\HP-G6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    CloudStation.lnk - C:\Users\HP-G6\AppData\Local\CloudStation\bin\cloud.exe
    Dropbox.lnk - C:\Users\HP-G6\AppData\Roaming\Dropbox\bin\Dropbox.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\Windows\system32\igfxdev.dll [2012-10-22 441344]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2012-10-01 68408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=credssp.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
    etwork\AFD]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=5
    "ConsentPromptBehaviorUser"=3
    "EnableUIADesktopToggle"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "vidc.mrle"=msrle32.dll
    "vidc.msvc"=msvidc32.dll
    "msacm.imaadpcm"=imaadp32.acm
    "msacm.msg711"=msg711.acm
    "msacm.msgsm610"=msgsm32.acm
    "msacm.msadpcm"=msadp32.acm
    "midimapper"=midimap.dll
    "wavemapper"=msacm32.drv
    "VIDC.UYVY"=msyuv.dll
    "VIDC.YUY2"=msyuv.dll
    "VIDC.YVYU"=msyuv.dll
    "VIDC.IYUV"=iyuv_32.dll
    "vidc.i420"=iyuv_32.dll
    "VIDC.YVU9"=tsbyuv.dll
    "msacm.l3acm"=C:\Windows\System32\l3codeca.acm
    "MSVideo8"=VfWWDM32.dll
    "wave1"=wdmaud.drv
    "midi1"=wdmaud.drv
    "mixer1"=wdmaud.drv
    "aux"=wdmaud.drv
    "wave"=wdmaud.drv
    "midi"=wdmaud.drv
    "mixer"=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    ======List of files/folders created in the last 3 months======

    2013-03-20 12:18:04 —-D—- C:\rsit
    2013-03-20 12:18:04 —-D—- C:\Program Files\trend micro
    2013-03-20 08:53:08 —-D—- C:\Windows\MiniDump
    2013-03-20 08:45:04 —-HDC—- C:\ProgramData\{24C97889-562A-425F-91C7-463C1F97DC6D}
    2013-03-20 08:45:03 —-D—- C:\Program Files\WinSysClean X4
    2013-03-19 17:48:28 —-A—- C:\Windows\system32\drivers\usb8023.sys
    2013-03-19 09:30:15 —-D—- C:\WindowsDebug
    2013-03-19 09:24:30 —-D—- C:\Program Files\WinSysClean X4 Trial
    2013-03-16 20:46:13 —-D—- C:\Users\HP-G6\AppData\Roaming\VoipBuster
    2013-03-16 20:46:06 —-D—- C:\Program Files (x86)\VoipBuster.com
    2013-03-13 22:25:05 —-D—- C:\Windows\PCHEALTH
    2013-03-13 22:23:58 —-A—- C:\Windows\SYSWOW64\vbscript.dll
    2013-03-13 22:23:58 —-A—- C:\Windows\SYSWOW64\url.dll
    2013-03-13 22:23:58 —-A—- C:\Windows\SYSWOW64\mshtmled.dll
    2013-03-13 22:23:58 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe
    2013-03-13 22:23:58 —-A—- C:\Windows\SYSWOW64\ieui.dll
    2013-03-13 22:23:58 —-A—- C:\Windows\system32\url.dll
    2013-03-13 22:23:58 —-A—- C:\Windows\system32\mshtmled.dll
    2013-03-13 22:23:58 —-A—- C:\Windows\system32\ieUnatt.exe
    2013-03-13 22:23:58 —-A—- C:\Windows\system32\ieui.dll
    2013-03-13 22:23:57 —-A—- C:\Windows\SYSWOW64\wininet.dll
    2013-03-13 22:23:57 —-A—- C:\Windows\SYSWOW64\urlmon.dll
    2013-03-13 22:23:57 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
    2013-03-13 22:23:57 —-A—- C:\Windows\system32\wininet.dll
    2013-03-13 22:23:57 —-A—- C:\Windows\system32\urlmon.dll
    2013-03-13 22:23:57 —-A—- C:\Windows\system32\msfeeds.dll
    2013-03-13 22:23:57 —-A—- C:\Windows\system32\jscript9.dll
    2013-03-13 22:23:56 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
    2013-03-13 22:23:56 —-A—- C:\Windows\SYSWOW64\jscript9.dll
    2013-03-13 22:23:56 —-A—- C:\Windows\SYSWOW64\jscript.dll
    2013-03-13 22:23:56 —-A—- C:\Windows\SYSWOW64\iertutil.dll
    2013-03-13 22:23:56 —-A—- C:\Windows\system32\vbscript.dll
    2013-03-13 22:23:56 —-A—- C:\Windows\system32\jsproxy.dll
    2013-03-13 22:23:56 —-A—- C:\Windows\system32\jscript.dll
    2013-03-13 22:23:56 —-A—- C:\Windows\system32\iertutil.dll
    2013-03-13 22:23:55 —-A—- C:\Windows\SYSWOW64\mshtml.dll
    2013-03-13 22:23:54 —-A—- C:\Windows\system32\mshtml.dll
    2013-03-13 22:23:53 —-A—- C:\Windows\SYSWOW64\ieframe.dll
    2013-03-13 22:23:53 —-A—- C:\Windows\system32\ieframe.dll
    2013-03-09 20:08:32 —-A—- C:\Windows\SYSWOW64\javaws.exe
    2013-03-09 20:08:19 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
    2013-03-09 20:08:19 —-A—- C:\Windows\SYSWOW64\javaw.exe
    2013-03-09 20:08:19 —-A—- C:\Windows\SYSWOW64\java.exe
    2013-03-09 20:08:12 —-D—- C:\Program Files (x86)\Java
    2013-03-08 07:33:13 —-D—- C:\Program Files (x86)\Mozilla Firefox
    2013-02-28 21:36:44 —-D—- C:\Users\HP-G6\AppData\Roaming\WinRAR
    2013-02-28 21:36:40 —-D—- C:\Program Files\WinRAR
    2013-02-27 22:58:23 —-A—- C:\Windows\SYSWOW64\msmpeg2vdec.dll
    2013-02-27 22:58:22 —-A—- C:\Windows\SYSWOW64\UIAnimation.dll
    2013-02-27 22:58:22 —-A—- C:\Windows\system32\UIAnimation.dll
    2013-02-27 22:58:22 —-A—- C:\Windows\system32\msmpeg2vdec.dll
    2013-02-27 22:58:20 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-02-27 22:58:20 —-AH—- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-02-27 22:58:20 —-AH—- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-02-27 22:58:20 —-A—- C:\Windows\SYSWOW64\WMPhoto.dll
    2013-02-27 22:58:20 —-A—- C:\Windows\system32\WMPhoto.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-02-27 22:58:19 —-AH—- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-02-27 22:58:19 —-A—- C:\Windows\SYSWOW64\XpsGdiConverter.dll
    2013-02-27 22:58:19 —-A—- C:\Windows\SYSWOW64\dxgi.dll
    2013-02-27 22:58:19 —-A—- C:\Windows\SYSWOW64\d3d10warp.dll
    2013-02-27 22:58:19 —-A—- C:\Windows\SYSWOW64\d3d10level9.dll
    2013-02-27 22:58:19 —-A—- C:\Windows\SYSWOW64\d3d10core.dll
    2013-02-27 22:58:19 —-A—- C:\Windows\SYSWOW64\d3d10_1core.dll
    2013-02-27 22:58:19 —-A—- C:\Windows\SYSWOW64\d3d10_1.dll
    2013-02-27 22:58:19 —-A—- C:\Windows\system32\XpsGdiConverter.dll
    2013-02-27 22:58:19 —-A—- C:\Windows\system32\dxgi.dll
    2013-02-27 22:58:19 —-A—- C:\Windows\system32\d3d10warp.dll
    2013-02-27 22:58:19 —-A—- C:\Windows\system32\d3d10level9.dll
    2013-02-27 22:58:19 —-A—- C:\Windows\system32\d3d10_1.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\SYSWOW64\XpsPrint.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\SYSWOW64\WindowsCodecsExt.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\SYSWOW64\WindowsCodecs.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\SYSWOW64\DWrite.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\SYSWOW64\d3d11.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\SYSWOW64\d3d10.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\system32\XpsPrint.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\system32\WindowsCodecsExt.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\system32\FntCache.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\system32\DWrite.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\system32\d3d11.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\system32\d3d10core.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\system32\d3d10_1core.dll
    2013-02-27 22:58:18 —-A—- C:\Windows\system32\d3d10.dll
    2013-02-27 22:58:17 —-A—- C:\Windows\SYSWOW64\d2d1.dll
    2013-02-27 22:58:17 —-A—- C:\Windows\system32\WindowsCodecs.dll
    2013-02-27 22:58:17 —-A—- C:\Windows\system32\d2d1.dll
    2013-02-20 17:26:00 —-D—- C:\hyperterminal
    2013-02-14 17:29:04 —-D—- C:\Users\HP-G6\AppData\Roaming\Mozilla
    2013-02-14 17:28:58 —-D—- C:\Program Files (x86)\Mozilla Maintenance Service
    2013-02-13 19:11:15 —-A—- C:\Windows\system32
    toskrnl.exe
    2013-02-13 19:11:12 —-A—- C:\Windows\SYSWOW64
    tkrnlpa.exe
    2013-02-13 19:11:10 —-A—- C:\Windows\SYSWOW64
    toskrnl.exe
    2013-02-13 19:10:29 —-A—- C:\Windows\system32\win32k.sys
    2013-02-13 19:10:20 —-A—- C:\Windows\system32\winsrv.dll
    2013-02-13 19:10:19 —-A—- C:\Windows\SYSWOW64
    tvdm64.dll
    2013-02-13 19:10:18 —-A—- C:\Windows\SYSWOW64\wow32.dll
    2013-02-13 19:10:18 —-A—- C:\Windows\SYSWOW64\setup16.exe
    2013-02-13 19:10:18 —-A—- C:\Windows\SYSWOW64\instnm.exe
    2013-02-13 19:10:13 —-A—- C:\Windows\SYSWOW64\user.exe
    2013-02-13 19:10:06 —-A—- C:\Windows\system32\drivers\tcpip.sys
    2013-02-13 19:10:06 —-A—- C:\Windows\system32\drivers\FWPKCLNT.SYS
    2013-02-13 17:51:27 —-D—- C:\Program Files (x86)\Com Port Plug and Play Blocker
    2013-01-27 07:59:29 —-RD—- C:\Program Files (x86)\Skype
    2013-01-09 19:27:18 —-D—- C:\ProgramData\Sail Support
    2013-01-09 19:27:17 —-D—- C:\Program Files (x86)\SW Programma
    2013-01-09 08:57:16 —-A—- C:\Windows\SYSWOW64\win32spl.dll
    2013-01-09 08:57:16 —-A—- C:\Windows\system32\win32spl.dll
    2013-01-09 08:56:21 —-A—- C:\Windows\system32\msxml6.dll
    2013-01-09 08:56:18 —-A—- C:\Windows\system32\msxml3.dll
    2013-01-09 08:56:17 —-A—- C:\Windows\SYSWOW64\msxml6.dll
    2013-01-09 08:56:16 —-A—- C:\Windows\SYSWOW64\msxml3.dll
    2013-01-09 08:56:12 —-A—- C:\Windows\system32
    crypt.dll
    2013-01-09 08:56:11 —-A—- C:\Windows\SYSWOW64
    crypt.dll
    2013-01-09 08:56:07 —-A—- C:\Windows\SYSWOW64\usp10.dll
    2013-01-09 08:56:07 —-A—- C:\Windows\system32\usp10.dll
    2013-01-09 08:55:46 —-A—- C:\Windows\system32\KernelBase.dll
    2013-01-09 08:55:44 —-A—- C:\Windows\SYSWOW64\KernelBase.dll
    2013-01-09 08:55:43 —-A—- C:\Windows\system32\kernel32.dll
    2013-01-09 08:55:39 —-A—- C:\Windows\SYSWOW64\kernel32.dll
    2013-01-09 08:55:38 —-AH—- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2013-01-09 08:55:38 —-A—- C:\Windows\system32\wow64win.dll
    2013-01-09 08:55:38 —-A—- C:\Windows\system32\wow64cpu.dll
    2013-01-09 08:55:38 —-A—- C:\Windows\system32\wow64.dll
    2013-01-09 08:55:38 —-A—- C:\Windows\system32
    tvdm64.dll
    2013-01-09 08:55:38 —-A—- C:\Windows\system32\conhost.exe
    2013-01-09 08:55:37 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
    2013-01-09 08:55:37 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-09 08:55:37 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-09 08:55:37 —-AH—- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2013-01-09 08:55:37 —-AH—- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2013-01-09 08:55:37 —-AH—- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-09 08:55:36 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-09 08:55:36 —-AH—- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-09 08:55:36 —-AH—- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2013-01-09 08:55:36 —-AH—- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-09 08:55:34 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
    2013-01-09 08:55:34 —-AH—- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-09 08:55:34 —-AH—- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2013-01-09 08:55:33 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
    2013-01-09 08:55:33 —-AH—- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-09 08:55:33 —-AH—- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2013-01-09 08:55:32 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
    2013-01-09 08:55:32 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-09 08:55:31 —-AH—- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-09 08:55:30 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-09 08:55:27 —-AH—- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-09 08:55:26 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-09 08:55:25 —-AH—- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-09 08:55:24 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
    2013-01-09 08:55:24 —-AH—- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2013-01-09 08:55:23 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
    2013-01-09 08:55:21 —-AH—- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2013-01-09 08:55:19 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-09 08:55:17 —-AH—- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-09 08:55:15 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-09 08:55:14 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
    2013-01-09 08:55:14 —-AH—- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-09 08:55:13 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-09 08:55:13 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
    2013-01-09 08:55:13 —-AH—- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2013-01-09 08:55:13 —-AH—- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-09 08:55:13 —-AH—- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2013-01-09 08:55:12 —-AH—- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
    2013-01-09 08:55:12 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-09 08:55:12 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
    2013-01-09 08:55:12 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-09 08:55:12 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
    2013-01-09 08:55:12 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-09 08:55:12 —-AH—- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2013-01-09 08:55:12 —-AH—- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-09 08:55:12 —-AH—- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-09 08:55:12 —-AH—- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2013-01-09 08:55:12 —-AH—- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-09 08:55:11 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
    2013-01-09 08:55:11 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-09 08:55:11 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-09 08:55:09 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
    2013-01-09 08:55:06 —-AH—- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2013-01-09 08:55:05 —-AH—- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
    2013-01-09 08:55:01 —-AH—- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2013-01-09 08:53:11 —-A—- C:\Windows\system32\Wpc.dll
    2013-01-09 08:53:08 —-A—- C:\Windows\system32\gameux.dll
    2013-01-09 08:53:07 —-A—- C:\Windows\SYSWOW64\gameux.dll
    2013-01-09 08:53:06 —-A—- C:\Windows\SYSWOW64\Wpc.dll
    2013-01-09 08:52:35 —-A—- C:\Windows\system32\taskhost.exe
    2013-01-07 07:47:43 —-D—- C:\Windows\pss
    2013-01-03 21:14:27 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
    2013-01-03 08:41:08 —-SHD—- C:\$RECYCLE.BIN
    2013-01-03 08:35:14 —-D—- C:\Windows\temp
    2012-12-21 21:48:06 —-D—- C:\MSNCleaner
    2012-12-21 11:45:22 —-D—- C:\Windows\erdnt
    2012-12-21 11:44:21 —-A—- C:\AdwCleaner[R1].txt
    2012-12-21 11:22:51 —-A—- C:\Windows\SYSWOW64\atmlib.dll
    2012-12-21 11:22:51 —-A—- C:\Windows\system32\atmlib.dll
    2012-12-21 11:22:51 —-A—- C:\Windows\system32\atmfd.dll
    2012-12-21 11:22:50 —-A—- C:\Windows\SYSWOW64\atmfd.dll
    2012-12-21 08:24:07 —-D—- C:\Users\HP-G6\AppData\Roaming\Malwarebytes
    2012-12-21 08:23:50 —-D—- C:\ProgramData\Malwarebytes
    2012-12-21 08:23:46 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-21 08:23:46 —-A—- C:\Windows\system32\drivers\mbam.sys

    ======List of files/folders modified in the last 3 months======

    2013-03-20 12:18:16 —-D—- C:\Windows\Prefetch
    2013-03-20 12:18:16 —-AD—- C:\ProgramData\TEMP
    2013-03-20 12:18:04 —-RD—- C:\Program Files
    2013-03-20 12:15:32 —-D—- C:\Users\HP-G6\AppData\Roaming\Skype
    2013-03-20 12:14:51 —-D—- C:\Users\HP-G6\AppData\Roaming\Dropbox
    2013-03-20 12:12:58 —-D—- C:\Windows\SysWOW64
    2013-03-20 12:12:14 —-D—- C:\Windows
    2013-03-20 12:11:51 —-D—- C:\Windows\system32\config
    2013-03-20 12:11:51 —-D—- C:\Windows\System32
    2013-03-20 12:08:03 —-SHD—- C:\System Volume Information
    2013-03-20 12:07:17 —-D—- C:\Windows\debug
    2013-03-20 08:45:04 —-SHD—- C:\Windows\Installer
    2013-03-20 08:45:04 —-D—- C:\ProgramData
    2013-03-20 07:36:53 —-D—- C:\Windows\winsxs
    2013-03-20 07:35:49 —-D—- C:\Windows\system32\drivers
    2013-03-20 07:35:48 —-D—- C:\Windows\system32\DriverStore
    2013-03-19 23:03:50 —-RD—- C:\Program Files (x86)
    2013-03-19 18:59:19 —-D—- C:\Windows\inf
    2013-03-19 18:59:19 —-A—- C:\Windows\system32\PerfStringBackup.INI
    2013-03-19 18:10:36 —-D—- C:\Users\HP-G6\AppData\Roaming\FAHClient
    2013-03-19 17:45:35 —-D—- C:\Windows\system32\catroot2
    2013-03-19 17:45:35 —-D—- C:\Windows\system32\catroot
    2013-03-19 12:29:51 —-A—- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2013-03-19 09:27:33 —-SD—- C:\ProgramData\Microsoft
    2013-03-16 15:32:11 —-D—- C:\Users\HP-G6\AppData\Roaming\MediaMonkey
    2013-03-15 08:28:46 —-D—- C:\Windows\system32\Tasks
    2013-03-14 07:33:46 —-D—- C:\Windows\AppPatch
    2013-03-14 07:33:46 —-D—- C:\Program Files (x86)\Internet Explorer
    2013-03-14 07:33:45 —-D—- C:\Windows\SYSWOW64\migration
    2013-03-14 07:33:43 —-D—- C:\Windows\system32\migration
    2013-03-14 07:33:43 —-D—- C:\Program Files\Internet Explorer
    2013-03-14 07:33:36 —-D—- C:\Program Files\Microsoft Silverlight
    2013-03-14 07:33:35 —-D—- C:\Program Files (x86)\Microsoft Silverlight
    2013-03-13 22:27:33 —-D—- C:\ProgramData\Microsoft Help
    2013-03-13 22:25:56 —-A—- C:\Windows\system32\MRT.exe
    2013-03-12 17:19:56 —-D—- C:\Windows\system32\LogFiles
    2013-03-09 20:08:13 —-A—- C:\Windows\SYSWOW64
    pDeployJava1.dll
    2013-03-09 20:08:13 —-A—- C:\Windows\SYSWOW64\deployJava1.dll
    2013-03-06 13:04:31 —-D—- C:\Users\HP-G6\AppData\Roaming\vlc
    2013-03-03 21:46:14 —-D—- C:\Users\HP-G6\AppData\Roaming\dvdcss
    2013-02-28 07:11:47 —-D—- C:\Windows\SYSWOW64\pt-PT
    2013-02-28 07:11:47 —-D—- C:\Windows\SYSWOW64\pt-BR
    2013-02-28 07:11:47 —-D—- C:\Windows\SYSWOW64\it-IT
    2013-02-28 07:11:46 —-D—- C:\Windows\SYSWOW64\zh-HK
    2013-02-28 07:11:46 —-D—- C:\Windows\SYSWOW64\pl-PL
    2013-02-28 07:11:46 —-D—- C:\Windows\SYSWOW64\ko-KR
    2013-02-28 07:11:46 —-D—- C:\Windows\SYSWOW64\hu-HU
    2013-02-28 07:11:45 —-D—- C:\Windows\SYSWOW64\el-GR
    2013-02-28 07:11:44 —-D—- C:\Windows\SYSWOW64\zh-TW
    2013-02-28 07:11:44 —-D—- C:\Windows\SYSWOW64\tr-TR
    2013-02-28 07:11:44 —-D—- C:\Windows\SYSWOW64\sv-SE
    2013-02-28 07:11:44 —-D—- C:\Windows\SYSWOW64
    l-NL
    2013-02-28 07:11:44 —-D—- C:\Windows\SYSWOW64\fr-FR
    2013-02-28 07:11:44 —-D—- C:\Windows\SYSWOW64\fi-FI
    2013-02-28 07:11:44 —-D—- C:\Windows\SYSWOW64\es-ES
    2013-02-28 07:11:42 —-D—- C:\Windows\SYSWOW64\zh-CN
    2013-02-28 07:11:42 —-D—- C:\Windows\SYSWOW64\de-DE
    2013-02-28 07:11:42 —-D—- C:\Windows\SYSWOW64\cs-CZ
    2013-02-28 07:11:41 —-D—- C:\Windows\SYSWOW64\ru-RU
    2013-02-28 07:11:41 —-D—- C:\Windows\SYSWOW64
    b-NO
    2013-02-28 07:11:41 —-D—- C:\Windows\SYSWOW64\ja-JP
    2013-02-28 07:11:41 —-D—- C:\Windows\SYSWOW64\en-US
    2013-02-28 07:11:41 —-D—- C:\Windows\SYSWOW64\da-DK
    2013-02-28 07:11:38 —-D—- C:\Windows\system32\pt-BR
    2013-02-28 07:11:37 —-D—- C:\Windows\system32\pt-PT
    2013-02-28 07:11:37 —-D—- C:\Windows\system32\pl-PL
    2013-02-28 07:11:37 —-D—- C:\Windows\system32\ko-KR
    2013-02-28 07:11:37 —-D—- C:\Windows\system32\it-IT
    2013-02-28 07:11:37 —-D—- C:\Windows\system32\hu-HU
    2013-02-28 07:11:36 —-D—- C:\Windows\system32\zh-HK
    2013-02-28 07:11:36 —-D—- C:\Windows\system32
    l-NL
    2013-02-28 07:11:36 —-D—- C:\Windows\system32\el-GR
    2013-02-28 07:11:35 —-D—- C:\Windows\system32\fr-FR
    2013-02-28 07:11:35 —-D—- C:\Windows\system32\fi-FI
    2013-02-28 07:11:33 —-D—- C:\Windows\system32\tr-TR
    2013-02-28 07:11:33 —-D—- C:\Windows\system32\sv-SE
    2013-02-28 07:11:33 —-D—- C:\Windows\system32\es-ES
    2013-02-28 07:11:32 —-D—- C:\Windows\system32\zh-TW
    2013-02-28 07:11:32 —-D—- C:\Windows\system32\de-DE
    2013-02-28 07:11:31 —-D—- C:\Windows\system32\zh-CN
    2013-02-28 07:11:31 —-D—- C:\Windows\system32\ru-RU
    2013-02-28 07:11:31 —-D—- C:\Windows\system32\ja-JP
    2013-02-28 07:11:31 —-D—- C:\Windows\system32\cs-CZ
    2013-02-28 07:11:30 —-D—- C:\Windows\system32
    b-NO
    2013-02-28 07:11:30 —-D—- C:\Windows\system32\en-US
    2013-02-28 07:11:30 —-D—- C:\Windows\system32\da-DK
    2013-02-18 11:26:49 —-SD—- C:\Users\HP-G6\AppData\Roaming\Microsoft
    2013-02-14 10:36:59 —-D—- C:\Windows\system32\drivers\UMDF
    2013-02-14 09:05:20 —-RSD—- C:\Windows\assembly
    2013-02-14 09:05:20 —-D—- C:\Windows\Microsoft.NET
    2013-02-05 07:25:58 —-D—- C:\Users\HP-G6\AppData\Roaming\TeamViewer
    2013-02-04 20:12:55 —-D—- C:\Windows\Downloaded Program Files
    2013-02-03 17:11:32 —-D—- C:\Program Files (x86)\Google
    2013-01-31 13:42:18 —-D—- C:\Program Files (x86)\Internetbeveiliging
    2013-01-27 07:59:35 —-D—- C:\ProgramData\Skype
    2013-01-27 07:59:29 —-D—- C:\Program Files (x86)\Common Files
    2013-01-25 18:19:34 —-D—- C:\Windows\system32\NDF
    2013-01-20 17:15:55 —-RSD—- C:\Windows\Fonts
    2013-01-20 17:15:35 —-D—- C:\Program Files (x86)\TeamViewer
    2013-01-20 11:35:31 —-D—- C:\Windows\Tasks
    2013-01-06 08:28:29 —-D—- C:\Program Files\Common Files\Microsoft Shared
    2013-01-03 20:20:18 —-D—- C:\Windows\system32\drivers\etc
    2013-01-03 08:33:45 —-A—- C:\Windows\system.ini
    2013-01-03 08:31:56 —-D—- C:\Windows\SYSWOW64\drivers
    2012-12-30 12:01:48 —-D—- C:\ProgramData\Adobe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 fsbts;fsbts; C:\Windows\system32\Drivers\fsbts.sys [2012-11-21 56016]
    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
    R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
    R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2013-02-27 62744]
    R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2012-07-03 16920]
    R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-06-20 3678720]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2013-02-27 200760]
    R3 fsni;fsni; \??\C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Scanning\fsni64.sys [2012-11-22 78904]
    R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-10-22 5332896]
    R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2012-09-18 75064]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2012-09-18 61240]
    R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-13 62784]
    R3 pmkbdfltr;PenMount Keyboard Device Filter Driver; C:\Windows\system32\DRIVERS\pmkbdfltr.sys [2012-08-01 18832]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2012-10-26 343696]
    R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
    R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-10-18 44344]
    R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10305; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-08-19 542208]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 396848]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
    S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2012-08-10 551040]
    S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
    S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
    S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
    S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
    S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
    S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
    S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
    S3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2012-07-30 158720]
    S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
    S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
    S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2012-09-12 35112]
    S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
    S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
    S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
    S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
    R2 fshoster;F-Secure Dll Hoster; C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe [2012-10-19 183864]
    R2 FSORSPClient;F-Secure ORSP Client; C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe [2012-08-06 61176]
    R2 HP LaserJet Service;HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
    R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
    R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2011-11-11 126520]
    R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-08-19 323072]
    R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
    R3 FSMA;F-Secure Management Agent; C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE [2012-07-03 212688]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-20 116648]
    S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
    S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-10-22 277024]
    S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-20 116648]
    S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376]
    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2012-10-01 359224]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
    S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-08 115608]
    S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
    S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-11-21 1255736]
    S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]

    —————–EOF—————–
  • Hoi Anjo.

    Graag de drie logs in één keer posten.

    [b:9f0e4ba5cb]Stap •1•[/b:9f0e4ba5cb][/color:9f0e4ba5cb]
    [b:9f0e4ba5cb]Welk programma[/b:9f0e4ba5cb]: [b:9f0e4ba5cb]AdwCleaner[/b:9f0e4ba5cb][/color:9f0e4ba5cb]
    [b:9f0e4ba5cb]Waarvoor/waarom[/b:9f0e4ba5cb]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars.
    [b:9f0e4ba5cb]Moeilijkheidsgraad[/b:9f0e4ba5cb]: Geen.
    [b:9f0e4ba5cb]Downloadlokatie[/b:9f0e4ba5cb]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
    [b:9f0e4ba5cb]Download[/b:9f0e4ba5cb]: [b:9f0e4ba5cb]AdwCleaner by Xplode[/b:9f0e4ba5cb][/color:9f0e4ba5cb].

    [b:9f0e4ba5cb]Opmerkingen[/b:9f0e4ba5cb]:
    [list:9f0e4ba5cb]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
    [*:9f0e4ba5cb]Dat na opstarten van [b:9f0e4ba5cb]AdwCleaner[/b:9f0e4ba5cb] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:9f0e4ba5cb]
    [b:9f0e4ba5cb]AdwCleaner opstarten[/b:9f0e4ba5cb]:
    [list:9f0e4ba5cb][*:9f0e4ba5cb][b:9f0e4ba5cb]Windows 2000[/color:9f0e4ba5cb][/b:9f0e4ba5cb] en [b:9f0e4ba5cb]Windows XP[/b:9f0e4ba5cb][/color:9f0e4ba5cb]: dubbelklik op adwcleaner.exe.
    [*:9f0e4ba5cb][b:9f0e4ba5cb]Windows Vista[/b:9f0e4ba5cb][/color:9f0e4ba5cb], [b:9f0e4ba5cb]Windows 7[/b:9f0e4ba5cb][/color:9f0e4ba5cb] en [b:9f0e4ba5cb]Windows 8[/b:9f0e4ba5cb][/color:9f0e4ba5cb]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:9f0e4ba5cb]
    [b:9f0e4ba5cb]AdwCleaner is opgestart[/b:9f0e4ba5cb]:
    [list:9f0e4ba5cb][*:9f0e4ba5cb]Klik op de knop [b:9f0e4ba5cb]Verwijderen[/b:9f0e4ba5cb]
    [*:9f0e4ba5cb]Klik bij [b:9f0e4ba5cb]AdwCleaner – Afsluiting van de programma's[/b:9f0e4ba5cb] op [b:9f0e4ba5cb]OK[/b:9f0e4ba5cb]
    [*:9f0e4ba5cb]Klik bij [b:9f0e4ba5cb]AdwCleaner – Herstarten noodzakelijk[/b:9f0e4ba5cb] op [b:9f0e4ba5cb]OK[/b:9f0e4ba5cb][/list:u:9f0e4ba5cb]
    [b:9f0e4ba5cb]AdwCleaner logbestand[/b:9f0e4ba5cb]:
    [list:9f0e4ba5cb][*:9f0e4ba5cb]Nadat de PC opnieuw is opgestart, opent een logfile.
    [*:9f0e4ba5cb]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:9f0e4ba5cb]

    [b:9f0e4ba5cb]Stap •2•[/b:9f0e4ba5cb][/color:9f0e4ba5cb]
    [b:9f0e4ba5cb]Welk programma[/b:9f0e4ba5cb]: [b:9f0e4ba5cb]Junkware Removal Tool by Thisisu[/b:9f0e4ba5cb][/color:9f0e4ba5cb]
    [b:9f0e4ba5cb]Waarvoor/waarom[/b:9f0e4ba5cb]: Scanner om Windows o.a. te ontdoen van malafide toolbars.
    [b:9f0e4ba5cb]Moeilijkheidsgraad[/b:9f0e4ba5cb]: Geen.
    [b:9f0e4ba5cb]Downloadlokatie[/b:9f0e4ba5cb]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
    [b:9f0e4ba5cb]Download[/b:9f0e4ba5cb]: [b:9f0e4ba5cb]JRT.exe[/b:9f0e4ba5cb][/color:9f0e4ba5cb]
    .
    [b:9f0e4ba5cb]Opmerkingen[/b:9f0e4ba5cb]:
    [list:9f0e4ba5cb][*:9f0e4ba5cb]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
    [*:9f0e4ba5cb]Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.:
    [*:9f0e4ba5cb][b:9f0e4ba5cb]Hier[/color:9f0e4ba5cb][/b:9f0e4ba5cb] en [b:9f0e4ba5cb]hier[/color:9f0e4ba5cb][/b:9f0e4ba5cb] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
    [*:9f0e4ba5cb]Dat tijdens de scan van [b:9f0e4ba5cb]JRT.exe[/b:9f0e4ba5cb] tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.[/list:u:9f0e4ba5cb]
    [b:9f0e4ba5cb]Junkware Removal Tool by Thisisu opstarten[/b:9f0e4ba5cb]:
    [list:9f0e4ba5cb][*:9f0e4ba5cb][b:9f0e4ba5cb]Windows 2000[/color:9f0e4ba5cb][/b:9f0e4ba5cb] en [b:9f0e4ba5cb]Windows XP[/b:9f0e4ba5cb][/color:9f0e4ba5cb]: dubbelklik op [b:9f0e4ba5cb]JRT.exe[/b:9f0e4ba5cb].
    [*:9f0e4ba5cb][b:9f0e4ba5cb]Windows Vista[/b:9f0e4ba5cb][/color:9f0e4ba5cb], [b:9f0e4ba5cb]Windows 7[/b:9f0e4ba5cb][/color:9f0e4ba5cb] en [b:9f0e4ba5cb]Windows 8[/b:9f0e4ba5cb][/color:9f0e4ba5cb]: via rechtsklik op [b:9f0e4ba5cb]JRT.exe[/b:9f0e4ba5cb] en kies voor "Als Administrator uitvoeren".
    [*:9f0e4ba5cb][b:9f0e4ba5cb]JRT.exe[/b:9f0e4ba5cb] zal daarna Windows gaan scannen.
    [*:9f0e4ba5cb]Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig.
    [*:9f0e4ba5cb]Indien de scan voltooid is, zal een logje ([b:9f0e4ba5cb]JRT.txt[/b:9f0e4ba5cb]) op het bureaublad opgeslagen worden en automatisch openen.
    [*:9f0e4ba5cb]Post de inhoud van dit log in je volgende bericht.[/list:u:9f0e4ba5cb]

    [b:9f0e4ba5cb]Stap •3•[/b:9f0e4ba5cb][/color:9f0e4ba5cb]
    Download [b:9f0e4ba5cb]RogueKiller[/b:9f0e4ba5cb] naar je bureaublad.
    Sluit alle overige programma's.
    Start het programma.
    [b:9f0e4ba5cb]Windows Vista, Windows 7 en Windows 8 gebruikers -> rechtsklik uitvoeren als administrator[/b:9f0e4ba5cb][/color:9f0e4ba5cb]
    Wacht tot de 'Prescan' klaar is.
    Klik op [b:9f0e4ba5cb]scan[/b:9f0e4ba5cb]

    [img:9f0e4ba5cb]http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png[/img:9f0e4ba5cb]

    Wacht tot het einde van de scan.
    Een log wordt aangemaakt en geplaatst op het bureaublad.
    [b:9f0e4ba5cb]Doe verder nog niks maar plaats eerst de inhoud van dat log in jouw volgende bericht.[/color:9f0e4ba5cb][/b:9f0e4ba5cb]
  • komen ze
    # AdwCleaner v2.101 - Verslag gemaakt op 21/12/2012 om 11:44:21
    # Geactualiseerd op 16/12/2012 door Xplode
    # Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Gebruiker : HP-G6 - HP-G6-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\HP-G6\Desktop\adwcleaner.exe
    # Optie [Zoeken]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****


    ***** [Register] *****

    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    ***** [Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Mozilla Firefox v17.0.1 (nl)

    Profielnaam : default
    File : C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles\ykkzt56j.default\prefs.js

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[R1].txt - [883 octets] - [21/12/2012 11:44:21]

    ########## EOF - C:\AdwCleaner[R1].txt - [942 octets] ##########



    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com
    oguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestart vanuit : Normale modus
    Gebruiker : HP-G6 [Administrator rechten]
    Modus : Scan – Datum : 03/20/2013 19:00:16
    | ARK || FAK || MBR |

    ¤¤¤ Kwaadaardige processen : 2 ¤¤¤
    [SUSP PATH] cloud.exe – C:\Users\HP-G6\AppData\Local\CloudStation\bin\cloud.exe [7] -> BEEINDIGD [TermProc]
    [SUSP PATH] client-win.exe – C:\Users\HP-G6\AppData\Local\CloudStation\bin\client-win.exe [7] -> BEEINDIGD [TermProc]

    ¤¤¤ Register verwijzingen : 10 ¤¤¤
    [STARTUP][SUSP PATH] CloudStation.lnk @HP-G6 : C:\Users\HP-G6\AppData\Local\CloudStation\bin\cloud.exe [7] -> gevonden
    [HJPOL] HKCU\[…]\System : DisableTaskMgr (0) -> gevonden
    [HJPOL] HKCU\[…]\System : DisableRegistryTools (0) -> gevonden
    [HJPOL] HKLM\[…]\System : DisableRegistryTools (0) -> gevonden
    [HJPOL] HKLM\[…]\Wow6432Node\System : DisableRegistryTools (0) -> gevonden
    [HJ] HKLM\[…]\Wow6432Node\Security Center : AntiVirusDisableNotify (1) -> gevonden
    [HJ] HKLM\[…]\Wow6432Node\Security Center : FirewallDisableNotify (1) -> gevonden
    [HJ] HKLM\[…]\Wow6432Node\Security Center : UpdatesDisableNotify (1) -> gevonden
    [HJ DESK] HKLM\[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
    [HJ DESK] HKLM\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

    ¤¤¤ Speciale Files / Folders: ¤¤¤

    ¤¤¤ Driver : [Niet geladen] ¤¤¤

    ¤¤¤ HOSTS Bestand: ¤¤¤
    –> C:\Windows\system32\drivers\etc\hosts

    # AdwCleaner v2.115 - Verslag gemaakt op 20/03/2013 om 18:43:19
    # Geactualiseerd op 17/03/2013 door Xplode
    # Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Gebruiker : HP-G6 - HP-G6-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\HP-G6\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    Map Verwijdert : C:\Users\HP-G6\AppData\Local\PackageAware

    ***** [Register] *****

    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    ***** [Browsers] *****

    -\\ Internet Explorer v9.0.8112.16470

    [OK] Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Mozilla Firefox v19.0.2 (nl)

    File : C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\prefs.js

    Verwijdert : user_pref("browser.startup.homepage", "hxxps://www.google.nl/|hxxps://mail.google.com/mail/u/0/?tab=[…]

    -\\ Google Chrome v25.0.1364.172

    File : C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[R1].txt - [1010 octets] - [21/12/2012 11:44:21]
    AdwCleaner[S1].txt - [1227 octets] - [20/03/2013 18:43:19]

    ########## EOF - C:\AdwCleaner[S1].txt - [1287 octets] ##########


    ÿþ1

    ¤¤¤ MBR Controle: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++
    — User —
    [MBR] 281f01d71e220873b27f3c302b62f102
    [BSP] 6dce7330a698253921a19dce6f2ea58d : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
    1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 114938 Mo
    3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 235802624 | Size: 361801 Mo
    User = LL1 … OK!
    User = LL2 … OK!

    Gereed : << RKreport[1]_S_03202013_02d1900.txt >>
    RKreport[1]_S_03202013_02d1900.txt



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.7.2 (03.15.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by HP-G6 on wo 20-03-2013 at 18:48:42,52
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\HP-G6\AppData\Roaming\mozilla\firefox\profiles
    5fhd5my.default\minidumps [121 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on wo 20-03-2013 at 18:54:40,97
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • Voor x32 (x86) bit systems download [b:327e087591]Farbar Recovery Scan Tool[/b:327e087591] en zet deze op een usb stick.
    Voor x64 bit systems download [b:327e087591]Farbar Recovery Scan Tool x64[/b:327e087591] en zet deze op een usb stick.
    Steek deze in de geinfecteerde computer.

    Start [b:327e087591]Systeem Recovery Opties[/b:327e087591].

    [b:327e087591]Om bij de Recovery opties te komen via het bootmenu doe je het volgende:[/b:327e087591][/color:327e087591]
    [list:327e087591]
    [*:327e087591]Herstart de computer
    [*:327e087591]Zodra de BIOS is geladen tik dan herhaaldelijk op de [b:327e087591]F8[/b:327e087591] toets tot Advanced Boot Options tevoorschijn komt.
    [*:327e087591]Gebruik de pijltes toetsen en selecteer [b:327e087591]Repair your computer[/b:327e087591] (herstel je computer).
    [*:327e087591]Selecteer de juiste taal voor het toetsenbord, en klik op [b:327e087591]Next[/b:327e087591] (volgende).
    [*:327e087591]Selecteer welk besturingssysteem je wilt herstellen, en klik op [b:327e087591]Next[/b:327e087591] (volgende).
    [*:327e087591]Selecteer je gebruikers account en klik op [b:327e087591]Next[/b:327e087591] (volgende).[/list:u:327e087591]

    [b:327e087591]Om bij de Recovery opties te komen met behulp van de windows cd doe je het volgende:[/b:327e087591][/color:327e087591]
    [list:327e087591][*:327e087591]Plaats de installatie cd in de lade.
    [*:327e087591]Herstart de computer.
    [*:327e087591]Wanneer er in beeld komt 'press any key to start Windows from the installation disc.' druk dan op een willekeurige toets.
    [*:327e087591]In de BIOS moet ingesteld staan dat de computer als eerste gestart moet worden vanaf cd, gebeurd dit niet kijk dan de instellingen even na en verander dit. Hier kan je lezen hoe je dit moet doen: http://www.pcwebplus.nl/phpbb/viewtopic.php?f=173&t=3264
    [*:327e087591]Klik op [b:327e087591]Repair your computer[/b:327e087591] (herstel je computer).
    [*:327e087591]Selecteer de juiste taal voor het toetsenbord, en klik op [b:327e087591]next[/b:327e087591] (volgende).
    [*:327e087591]Selecteer welk besturingssysteem je wilt herstellen, en klik op [b:327e087591]Next[/b:327e087591] (volgende).
    [*:327e087591]Selecteer je gebruikers account en klik op [b:327e087591]Next[/b:327e087591] (volgende).[/list:u:327e087591]

    [b:327e087591]In het Recovery menu krijg je de volgende opties:[/b:327e087591][/color:327e087591][list:327e087591][list:327e087591]
    [b:327e087591]Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt[/b:327e087591][/list:u:327e087591]

    [img:327e087591]https://dl.dropbox.com/u/12541379/Images/System%20Recovery/System%20Recovery%20Options%203.png[/img:327e087591]

    [*:327e087591]Selecteer [b:327e087591]Command Prompt[/b:327e087591]
    [*:327e087591]In het commando scherm type je in [b:327e087591]notepad[/b:327e087591] en druk op [b:327e087591]Enter[/b:327e087591].
    [*:327e087591]Kladblok zal worden geopend, ga naar bestand en klik op [b:327e087591]Openen[/b:327e087591].
    [*:327e087591]Selecteer "Computer" en zoek je usb stick. Kijk aan welke schijf nummer deze is toegewezen bijvoorbeeld E: of F: en sluit het kladblok.
    [*:327e087591]In het commando scherm type je in [b:327e087591]e[/color:327e087591]:\frst.exe[/b:327e087591] (for x64 bit version type [b:327e087591]e[/color:327e087591]:\frst64[/b:327e087591]) en druk op [b:327e087591]Enter[/b:327e087591]
    [b:327e087591]Note:[/b:327e087591] Vervang hier de letter e[/color:327e087591] met het nummer waarnaar je usb stick is toegewezen.
    [*:327e087591]Het programmatje zal worden gestart.
    [*:327e087591]Als het programma is geopend klik [b:327e087591]Yes[/b:327e087591] (Ja) bij de disclaimer.
    [*:327e087591]Druk op de [b:327e087591]Scan[/b:327e087591] knop
    [*:327e087591]Het programma zal een log maken genaamd (FRST.txt). Deze zal op je usb stick worden gezet. Plaats dit logje in je volgende antwoord.[/list:u:327e087591]
  • Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 7 days old)
    Ran by SYSTEM at 20-03-2013 19:27:22
    Running from G:\
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: Dutch Standard
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\…\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\…\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
    HKLM\…\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [2419512 2012-11-04] (Logitech, Inc.)
    HKLM-x32\…\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE" /splash [310992 2012-07-03] (F-Secure Corporation)
    HKLM-x32\…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
    HKLM-x32\…\Run: [] [x]
    HKLM-x32\…\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [30264 2009-08-04] (Hewlett-Packard Company)
    HKLM-x32\…\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
    HKLM-x32\…\Run: [F-Secure Hoster (45123)] "C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe" -app -hosterid:1 [183864 2012-10-19] (F-Secure Corporation)
    HKLM-x32\…\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKU\HP-G6\…\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized
    egrun [18705664 2013-01-08] (Skype Technologies S.A.)
    HKU\HP-G6\…\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19357112 2013-03-07] (Google)
    HKU\HP-G6\…\Run: [GoogleChromeAutoLaunch_9AB5F54D94D79F19590B8088A1CE54B7] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" –no-startup-window [1274320 2013-03-11] (Google Inc.)
    HKU\HP-G6\…\Run: [VoipBuster] "C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized [19218240 2013-03-05] (VoipBuster)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.35.25 192.168.1.1
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Google Calendar Sync.lnk
    ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
    Startup: C:\Users\HP-G6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk
    ShortcutTarget: CloudStation.lnk -> (No File)
    Startup: C:\Users\HP-G6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ===================

    2 fshoster; "C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe" -hosterid:0 [183864 2012-10-19] (F-Secure Corporation)
    3 FSMA; "C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE" [212688 2012-07-03] (F-Secure Corporation)
    2 FSORSPClient; "C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe" [61176 2012-08-06] (F-Secure Corporation)
    2 TeamViewer8; "C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe" [3560288 2013-03-06] (TeamViewer GmbH)

    ==================== Drivers (Whitelisted) =====================

    3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-20] (Qualcomm Atheros Communications, Inc.)
    3 F-Secure Gatekeeper; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [200760 2013-02-27] ()
    1 F-Secure HIPS; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\HIPS\drivers\fshs.sys [62744 2013-02-27] (F-Secure Corporation)
    0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2012-11-21] ()
    0 fsbts; C:\Windows\SysWow64\Drivers\fsbts.sys [42672 2012-11-21] ()
    3 fsni; \??\C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Scanning\fsni64.sys [78904 2012-11-22] (F-Secure Corporation)
    1 fsvista; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [16920 2012-07-03] ()
    3 pmkbdfltr; C:\Windows\System32\Drivers\pmkbdfltr.sys [18832 2012-08-01] (PenMount)
    3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated)
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-03-20 19:15 - 2013-03-20 19:15 - 01466241 ____A (Farbar) C:\Users\HP-G6\Downloads\FRST64.exe
    2013-03-20 19:00 - 2013-03-20 19:00 - 00002468 ____A C:\Users\HP-G6\Desktop\RKreport[1]_S_03202013_02d1900.txt
    2013-03-20 18:59 - 2013-03-20 19:00 - 00000000 ____D C:\Users\HP-G6\Desktop\RK_Quarantine
    2013-03-20 18:54 - 2013-03-20 18:54 - 00000760 ____A C:\Users\HP-G6\Desktop\JRT.txt
    2013-03-20 18:48 - 2013-03-20 18:48 - 00000000 ____D C:\Windows\ERUNT
    2013-03-20 18:48 - 2013-03-20 18:48 - 00000000 ____D C:\JRT
    2013-03-20 18:43 - 2013-03-20 18:43 - 00001356 ____A C:\AdwCleaner[S1].txt
    2013-03-20 18:40 - 2013-03-20 18:40 - 00816128 ____A C:\Users\HP-G6\Downloads\RogueKiller.exe
    2013-03-20 18:40 - 2013-03-20 18:40 - 00816128 ____A C:\Users\HP-G6\Desktop\RogueKiller.exe
    2013-03-20 18:40 - 2013-03-20 18:39 - 00549920 ____A (Oleg N. Scherbakov) C:\Users\HP-G6\Desktop\JRT.exe
    2013-03-20 18:40 - 2013-03-20 18:37 - 00609993 ____A C:\Users\HP-G6\Desktop\adwcleaner.exe
    2013-03-20 18:39 - 2013-03-20 18:39 - 00549920 ____A (Oleg N. Scherbakov) C:\Users\HP-G6\Downloads\JRT.exe
    2013-03-20 18:37 - 2013-03-20 18:37 - 00609993 ____A C:\Users\HP-G6\Downloads\adwcleaner.exe
    2013-03-20 12:18 - 2013-03-20 12:18 - 00000000 ____D C:\rsit
    2013-03-20 12:18 - 2013-03-20 12:18 - 00000000 ____D C:\Program Files\trend micro
    2013-03-20 12:17 - 2013-03-20 12:17 - 00935175 ____A C:\Users\HP-G6\Downloads\RSITx64.exe
    2013-03-20 12:17 - 2013-03-20 12:17 - 00935175 ____A C:\Users\HP-G6\Desktop\RSITx64.exe
    2013-03-20 12:12 - 2013-03-20 18:44 - 00000112 ____A C:\Windows\setupact.log
    2013-03-20 12:12 - 2013-03-20 12:12 - 00000000 ____A C:\Windows\setuperr.log
    2013-03-20 12:11 - 2013-03-20 12:11 - 00004292 ____A C:\Windows\PFRO.log
    2013-03-20 08:53 - 2013-03-20 08:53 - 00000000 ____D C:\Windows\MiniDump
    2013-03-20 08:45 - 2013-03-20 08:45 - 00000970 ____A C:\Users\Public\Desktop\WinSysClean X4 (64-bit).lnk
    2013-03-20 08:45 - 2013-03-20 08:45 - 00000000 __HDC C:\ProgramData\{24C97889-562A-425F-91C7-463C1F97DC6D}
    2013-03-20 08:45 - 2013-03-20 08:45 - 00000000 ____D C:\Program Files\WinSysClean X4
    2013-03-20 08:41 - 2013-03-20 08:42 - 22673960 ____A (Ultimate Systems, Inc. ) C:\Users\HP-G6\Downloads\wsc_x4_v1410_full_setup.exe
    2013-03-20 08:24 - 2013-03-20 08:24 - 01406544 ____A C:\Users\HP-G6\Downloads\boot (2).zip
    2013-03-20 08:24 - 2013-03-20 08:24 - 01406544 ____A C:\Users\HP-G6\Downloads\boot (1).zip
    2013-03-20 08:23 - 2013-03-20 08:23 - 01406544 ____A C:\Users\HP-G6\Downloads\boot.zip
    2013-03-19 21:17 - 2013-03-19 21:17 - 00774592 ____A (Google Inc.) C:\Users\HP-G6\Downloads\googledrivesync.exe
    2013-03-19 17:48 - 2013-02-12 05:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
    2013-03-19 11:38 - 2013-03-19 11:38 - 22952544 ____A C:\Users\HP-G6\Downloads\Synology-CloudStation-Setup-2391.exe
    2013-03-19 09:24 - 2013-03-20 08:44 - 00000000 ____D C:\Program Files\WinSysClean X4 Trial
    2013-03-19 09:22 - 2013-03-19 09:23 - 22693088 ____A (Ultimate Systems, Inc. ) C:\Users\HP-G6\Downloads\wsc_x4_v1410_setup.exe
    2013-03-18 20:20 - 2013-03-18 20:20 - 00215552 ____A C:\Users\HP-G6\Downloads\ZwarteLijst2013.xls
    2013-03-16 20:46 - 2013-03-16 21:35 - 00000000 ____D C:\Users\HP-G6\AppData\Roaming\VoipBuster
    2013-03-16 20:46 - 2013-03-16 20:46 - 00000000 ____D C:\Program Files (x86)\VoipBuster.com
    2013-03-16 20:44 - 2013-03-16 20:44 - 06584720 ____A (Finarea S.A. Switzerland ) C:\Users\HP-G6\Downloads\setupVoipbuster.exe
    2013-03-14 12:20 - 2013-03-14 12:20 - 00004611 ____A C:\Users\HP-G6\Documents\rijneveld.odt
    2013-03-13 22:25 - 2013-03-13 22:25 - 00000000 ____D C:\Windows\PCHEALTH
    2013-03-13 22:23 - 2013-02-02 08:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-03-13 22:23 - 2013-02-02 07:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-03-13 22:23 - 2013-02-02 07:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-03-13 22:23 - 2013-02-02 07:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-03-13 22:23 - 2013-02-02 07:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-03-13 22:23 - 2013-02-02 07:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-03-13 22:23 - 2013-02-02 07:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-03-13 22:23 - 2013-02-02 07:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-03-13 22:23 - 2013-02-02 07:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-03-13 22:23 - 2013-02-02 07:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-03-13 22:23 - 2013-02-02 07:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-03-13 22:23 - 2013-02-02 07:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-03-13 22:23 - 2013-02-02 07:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-03-13 22:23 - 2013-02-02 07:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-03-13 22:23 - 2013-02-02 07:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-03-13 22:23 - 2013-02-02 07:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-03-13 22:23 - 2013-02-02 05:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-03-13 22:23 - 2013-02-02 04:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-03-13 22:23 - 2013-02-02 04:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-03-13 22:23 - 2013-02-02 04:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-03-13 22:23 - 2013-02-02 04:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-03-13 22:23 - 2013-02-02 04:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-03-13 22:23 - 2013-02-02 04:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-03-13 22:23 - 2013-02-02 04:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-03-13 22:23 - 2013-02-02 04:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-03-13 22:23 - 2013-02-02 04:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-03-13 22:23 - 2013-02-02 04:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-03-13 22:23 - 2013-02-02 04:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-03-13 22:23 - 2013-02-02 04:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-03-13 22:23 - 2013-02-02 04:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-03-13 22:23 - 2013-02-02 04:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-03-13 22:23 - 2013-02-02 04:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-03-09 20:08 - 2013-03-09 20:08 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2013-03-09 20:08 - 2013-03-09 20:08 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-03-09 20:08 - 2013-03-09 20:08 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-03-09 20:08 - 2013-03-09 20:08 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-03-09 20:08 - 2013-03-09 20:08 - 00000000 ____D C:\Program Files (x86)\Java
    2013-03-08 16:16 - 2013-03-08 16:16 - 05379304 ____A C:\Users\HP-G6\Downloads\LJP1100_P1560_P1600_FW_Update.exe
    2013-03-08 07:33 - 2013-03-08 07:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-03-04 10:21 - 2013-03-04 10:21 - 15868974 ____A C:\Users\HP-G6\Downloads\ca6.zip
    2013-03-02 10:17 - 2013-03-02 10:17 - 00000000 ____D C:\Users\HP-G6\Documents\Serie NL erotiek boeken in e-Pub formaat
    2013-02-28 22:00 - 2013-02-28 22:00 - 16636624 ____A (Bitdefender LLC) C:\Users\HP-G6\Downloads\BDRemoval_Trojan_Ransom_IcePol.exe
    2013-02-28 21:46 - 2013-02-28 21:46 - 90095616 ____A C:\Users\HP-G6\Downloads\avg_arl_cdi_all_120_120823a5411.iso
    2013-02-28 21:36 - 2013-02-28 21:36 - 02023116 ____A C:\Users\HP-G6\Downloads\winrar-x64-420nl.exe
    2013-02-28 21:36 - 2013-02-28 21:36 - 00000000 ____D C:\Users\HP-G6\AppData\Roaming\WinRAR
    2013-02-28 21:36 - 2013-02-28 21:36 - 00000000 ____D C:\Program Files\WinRAR
    2013-02-28 21:31 - 2013-02-28 21:31 - 96932124 ____A C:\Users\HP-G6\Downloads\avg_arl_ffi_all_120_120823a5411.rar
    2013-02-27 22:58 - 2013-01-13 22:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 22:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 22:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 22:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-02-27 22:58 - 2013-01-13 22:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-02-27 22:58 - 2013-01-13 22:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 22:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 22:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 22:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 21:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 21:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 21:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 21:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-02-27 22:58 - 2013-01-13 21:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2013-02-27 22:58 - 2013-01-13 21:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-02-27 22:58 - 2013-01-13 21:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 21:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 21:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 21:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-02-27 22:58 - 2013-01-13 21:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2013-02-27 22:58 - 2013-01-13 21:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2013-02-27 22:58 - 2013-01-13 21:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2013-02-27 22:58 - 2013-01-13 21:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2013-02-27 22:58 - 2013-01-13 21:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2013-02-27 22:58 - 2013-01-13 20:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2013-02-27 22:58 - 2013-01-13 20:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
    2013-02-27 22:58 - 2013-01-13 20:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2013-02-27 22:58 - 2013-01-13 20:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
    2013-02-27 22:58 - 2013-01-13 20:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2013-02-27 22:58 - 2013-01-13 20:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
    2013-02-27 22:58 - 2013-01-13 20:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
    2013-02-27 22:58 - 2013-01-13 20:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2013-02-27 22:58 - 2013-01-13 20:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2013-02-27 22:58 - 2013-01-13 20:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2013-02-27 22:58 - 2013-01-13 20:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
    2013-02-27 22:58 - 2013-01-13 20:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
    2013-02-27 22:58 - 2013-01-13 20:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
    2013-02-27 22:58 - 2013-01-13 20:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2013-02-27 22:58 - 2013-01-13 20:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
    2013-02-27 22:58 - 2013-01-13 20:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2013-02-27 22:58 - 2013-01-13 20:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
    2013-02-27 22:58 - 2013-01-13 20:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
    2013-02-27 22:58 - 2013-01-13 20:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
    2013-02-27 22:58 - 2013-01-13 20:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2013-02-27 22:58 - 2013-01-13 20:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2013-02-27 22:58 - 2013-01-13 20:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2013-02-27 22:58 - 2013-01-13 19:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2013-02-27 22:58 - 2013-01-13 19:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
    2013-02-27 22:58 - 2013-01-13 19:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
    2013-02-27 22:58 - 2013-01-13 18:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
    2013-02-27 22:58 - 2013-01-13 18:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
    2013-02-27 22:58 - 2013-01-04 07:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
    2013-02-27 22:58 - 2013-01-04 07:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2013-02-25 16:19 - 2013-02-25 16:19 - 00003319 ____A C:\Users\HP-G6\Documents\ActivationReport (25-02-13 - 16.18.59).html
    2013-02-25 16:08 - 2013-02-25 16:10 - 257891528 ____A C:\Users\HP-G6\Downloads\DKW18E13-Compleet.exe
    2013-02-20 17:26 - 2013-02-20 17:26 - 00000000 ____D C:\hyperterminal
    2013-02-20 17:25 - 2013-02-20 17:19 - 00177916 ____A C:\hyperterminal.zip
    2013-02-20 17:19 - 2013-02-20 17:19 - 00177916 ____A C:\Users\HP-G6\Downloads\hyperterminal.zip


    ==================== One Month Modified Files and Folders =======

    2013-03-20 19:27 - 2013-03-20 19:27 - 00000000 ____D C:\FRST
    2013-03-20 19:23 - 2012-11-21 12:24 - 01581969 ____A C:\Windows\WindowsUpdate.log
    2013-03-20 19:20 - 2011-04-12 14:00 - 00701564 ____A C:\Windows\System32\perfh013.dat
    2013-03-20 19:20 - 2011-04-12 14:00 - 00133564 ____A C:\Windows\System32\perfc013.dat
    2013-03-20 19:20 - 2009-07-14 06:13 - 01549262 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-03-20 19:19 - 2012-11-21 17:31 - 00000000 ____D C:\Users\HP-G6\AppData\Roaming\Skype
    2013-03-20 19:15 - 2013-03-20 19:15 - 01466241 ____A (Farbar) C:\Users\HP-G6\Downloads\FRST64.exe
    2013-03-20 19:14 - 2013-01-20 11:35 - 00001054 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-03-20 19:00 - 2013-03-20 19:00 - 00002468 ____A C:\Users\HP-G6\Desktop\RKreport[1]_S_03202013_02d1900.txt
    2013-03-20 19:00 - 2013-03-20 18:59 - 00000000 ____D C:\Users\HP-G6\Desktop\RK_Quarantine
    2013-03-20 18:54 - 2013-03-20 18:54 - 00000760 ____A C:\Users\HP-G6\Desktop\JRT.txt
    2013-03-20 18:52 - 2009-07-14 05:45 - 00020480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-03-20 18:52 - 2009-07-14 05:45 - 00020480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-03-20 18:48 - 2013-03-20 18:48 - 00000000 ____D C:\Windows\ERUNT
    2013-03-20 18:48 - 2013-03-20 18:48 - 00000000 ____D C:\JRT
    2013-03-20 18:47 - 2012-11-21 18:29 - 00000000 ____D C:\Users\HP-G6\AppData\Roaming\Dropbox
    2013-03-20 18:46 - 2013-02-06 13:12 - 00000000 ___RD C:\Users\HP-G6\CloudStation
    2013-03-20 18:46 - 2013-01-11 08:35 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-03-20 18:46 - 2012-11-21 18:31 - 00000000 ___RD C:\Users\HP-G6\Dropbox
    2013-03-20 18:45 - 2013-02-03 17:12 - 00000000 ___SD C:\Users\HP-G6\Google Drive
    2013-03-20 18:45 - 2013-01-20 11:35 - 00001050 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-03-20 18:44 - 2013-03-20 12:12 - 00000112 ____A C:\Windows\setupact.log
    2013-03-20 18:44 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-03-20 18:43 - 2013-03-20 18:43 - 00001356 ____A C:\AdwCleaner[S1].txt
    2013-03-20 18:40 - 2013-03-20 18:40 - 00816128 ____A C:\Users\HP-G6\Downloads\RogueKiller.exe
    2013-03-20 18:40 - 2013-03-20 18:40 - 00816128 ____A C:\Users\HP-G6\Desktop\RogueKiller.exe
    2013-03-20 18:39 - 2013-03-20 18:40 - 00549920 ____A (Oleg N. Scherbakov) C:\Users\HP-G6\Desktop\JRT.exe
    2013-03-20 18:39 - 2013-03-20 18:39 - 00549920 ____A (Oleg N. Scherbakov) C:\Users\HP-G6\Downloads\JRT.exe
    2013-03-20 18:37 - 2013-03-20 18:40 - 00609993 ____A C:\Users\HP-G6\Desktop\adwcleaner.exe
    2013-03-20 18:37 - 2013-03-20 18:37 - 00609993 ____A C:\Users\HP-G6\Downloads\adwcleaner.exe
    2013-03-20 12:18 - 2013-03-20 12:18 - 00000000 ____D C:\rsit
    2013-03-20 12:18 - 2013-03-20 12:18 - 00000000 ____D C:\Program Files\trend micro
    2013-03-20 12:17 - 2013-03-20 12:17 - 00935175 ____A C:\Users\HP-G6\Downloads\RSITx64.exe
    2013-03-20 12:17 - 2013-03-20 12:17 - 00935175 ____A C:\Users\HP-G6\Desktop\RSITx64.exe
    2013-03-20 12:12 - 2013-03-20 12:12 - 00000000 ____A C:\Windows\setuperr.log
    2013-03-20 12:11 - 2013-03-20 12:11 - 00004292 ____A C:\Windows\PFRO.log
    2013-03-20 12:11 - 2012-11-21 12:37 - 00000000 ____D C:\users\HP-G6
    2013-03-20 08:53 - 2013-03-20 08:53 - 00000000 ____D C:\Windows\MiniDump
    2013-03-20 08:45 - 2013-03-20 08:45 - 00000970 ____A C:\Users\Public\Desktop\WinSysClean X4 (64-bit).lnk
    2013-03-20 08:45 - 2013-03-20 08:45 - 00000000 __HDC C:\ProgramData\{24C97889-562A-425F-91C7-463C1F97DC6D}
    2013-03-20 08:45 - 2013-03-20 08:45 - 00000000 ____D C:\Program Files\WinSysClean X4
    2013-03-20 08:44 - 2013-03-19 09:24 - 00000000 ____D C:\Program Files\WinSysClean X4 Trial
    2013-03-20 08:42 - 2013-03-20 08:41 - 22673960 ____A (Ultimate Systems, Inc. ) C:\Users\HP-G6\Downloads\wsc_x4_v1410_full_setup.exe
    2013-03-20 08:24 - 2013-03-20 08:24 - 01406544 ____A C:\Users\HP-G6\Downloads\boot (2).zip
    2013-03-20 08:24 - 2013-03-20 08:24 - 01406544 ____A C:\Users\HP-G6\Downloads\boot (1).zip
    2013-03-20 08:23 - 2013-03-20 08:23 - 01406544 ____A C:\Users\HP-G6\Downloads\boot.zip
    2013-03-19 21:17 - 2013-03-19 21:17 - 00774592 ____A (Google Inc.) C:\Users\HP-G6\Downloads\googledrivesync.exe
    2013-03-19 18:10 - 2012-12-05 12:49 - 00000000 ____D C:\Users\HP-G6\AppData\Roaming\FAHClient
    2013-03-19 12:30 - 2012-11-21 13:31 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2013-03-19 12:29 - 2012-12-11 13:23 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2013-03-19 11:39 - 2013-02-06 13:07 - 00000000 ____D C:\Users\HP-G6\AppData\Local\CloudStation
    2013-03-19 11:38 - 2013-03-19 11:38 - 22952544 ____A C:\Users\HP-G6\Downloads\Synology-CloudStation-Setup-2391.exe
    2013-03-19 09:23 - 2013-03-19 09:22 - 22693088 ____A (Ultimate Systems, Inc. ) C:\Users\HP-G6\Downloads\wsc_x4_v1410_setup.exe
    2013-03-18 20:20 - 2013-03-18 20:20 - 00215552 ____A C:\Users\HP-G6\Downloads\ZwarteLijst2013.xls
    2013-03-16 21:35 - 2013-03-16 20:46 - 00000000 ____D C:\Users\HP-G6\AppData\Roaming\VoipBuster
    2013-03-16 20:46 - 2013-03-16 20:46 - 00000000 ____D C:\Program Files (x86)\VoipBuster.com
    2013-03-16 20:44 - 2013-03-16 20:44 - 06584720 ____A (Finarea S.A. Switzerland ) C:\Users\HP-G6\Downloads\setupVoipbuster.exe
    2013-03-16 15:32 - 2012-11-21 17:42 - 00000000 ____D C:\Users\HP-G6\AppData\Roaming\MediaMonkey
    2013-03-14 12:20 - 2013-03-14 12:20 - 00004611 ____A C:\Users\HP-G6\Documents\rijneveld.odt
    2013-03-14 07:33 - 2012-11-21 16:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-03-14 07:33 - 2012-11-21 16:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-03-13 22:27 - 2012-11-21 15:44 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-03-13 22:25 - 2013-03-13 22:25 - 00000000 ____D C:\Windows\PCHEALTH
    2013-03-13 22:25 - 2012-11-21 14:37 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-03-13 11:46 - 2013-01-03 21:14 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-03-13 11:46 - 2013-01-03 21:14 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-03-09 20:08 - 2013-03-09 20:08 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2013-03-09 20:08 - 2013-03-09 20:08 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-03-09 20:08 - 2013-03-09 20:08 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-03-09 20:08 - 2013-03-09 20:08 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-03-09 20:08 - 2013-03-09 20:08 - 00000000 ____D C:\Program Files (x86)\Java
    2013-03-09 20:08 - 2012-11-21 15:56 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64
    pDeployJava1.dll
    2013-03-09 20:08 - 2012-11-21 15:56 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2013-03-09 06:09 - 2013-02-14 17:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-03-08 16:19 - 2012-11-26 10:18 - 00033189 ____A C:\HPFWUpdate.log
    2013-03-08 16:16 - 2013-03-08 16:16 - 05379304 ____A C:\Users\HP-G6\Downloads\LJP1100_P1560_P1600_FW_Update.exe
    2013-03-08 07:33 - 2013-03-08 07:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-03-06 22:18 - 2012-11-21 12:37 - 00000000 ____D C:\Users\HP-G6\AppData\Local\VirtualStore
    2013-03-06 13:04 - 2012-11-21 21:33 - 00000000 ____D C:\Users\HP-G6\AppData\Roaming\vlc
    2013-03-04 10:21 - 2013-03-04 10:21 - 15868974 ____A C:\Users\HP-G6\Downloads\ca6.zip
    2013-03-03 21:46 - 2012-12-17 18:32 - 00000000 ____D C:\Users\HP-G6\AppData\Roaming\dvdcss
    2013-03-02 10:17 - 2013-03-02 10:17 - 00000000 ____D C:\Users\HP-G6\Documents\Serie NL erotiek boeken in e-Pub formaat
    2013-02-28 22:00 - 2013-02-28 22:00 - 16636624 ____A (Bitdefender LLC) C:\Users\HP-G6\Downloads\BDRemoval_Trojan_Ransom_IcePol.exe
    2013-02-28 21:46 - 2013-02-28 21:46 - 90095616 ____A C:\Users\HP-G6\Downloads\avg_arl_cdi_all_120_120823a5411.iso
    2013-02-28 21:36 - 2013-02-28 21:36 - 02023116 ____A C:\Users\HP-G6\Downloads\winrar-x64-420nl.exe
    2013-02-28 21:36 - 2013-02-28 21:36 - 00000000 ____D C:\Users\HP-G6\AppData\Roaming\WinRAR
    2013-02-28 21:36 - 2013-02-28 21:36 - 00000000 ____D C:\Program Files\WinRAR
    2013-02-28 21:31 - 2013-02-28 21:31 - 96932124 ____A C:\Users\HP-G6\Downloads\avg_arl_ffi_all_120_120823a5411.rar
    2013-02-28 07:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
    2013-02-28 07:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
    2013-02-28 07:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\zh-HK
    2013-02-28 07:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\tr-TR
    2013-02-25 16:19 - 2013-02-25 16:19 - 00003319 ____A C:\Users\HP-G6\Documents\ActivationReport (25-02-13 - 16.18.59).html
    2013-02-25 16:10 - 2013-02-25 16:08 - 257891528 ____A C:\Users\HP-G6\Downloads\DKW18E13-Compleet.exe
    2013-02-20 17:26 - 2013-02-20 17:26 - 00000000 ____D C:\hyperterminal
    2013-02-20 17:19 - 2013-02-20 17:25 - 00177916 ____A C:\hyperterminal.zip
    2013-02-20 17:19 - 2013-02-20 17:19 - 00177916 ____A C:\Users\HP-G6\Downloads\hyperterminal.zip

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\…\.exe: exefile => OK
    HKLM\…\exefile\DefaultIcon: %1 => OK
    HKLM\…\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-03-19 23:04:43
    Restore point made on: 2013-03-20 08:45:39
    Restore point made on: 2013-03-20 12:08:03

    ==================== Memory info ===========================

    Percentage of memory in use: 15%
    Total physical RAM: 4043.86 MB
    Available physical RAM: 3419.15 MB
    Total Pagefile: 4042.06 MB
    Available Pagefile: 3407.18 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:112.24 GB) (Free:72.69 GB) NTFS
    2 Drive d: (Data) (Fixed) (Total:353.32 GB) (Free:323.92 GB) NTFS
    3 Drive e: (GSP1RMCULXFRER_NL_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
    4 Drive f: () (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive g: (Lexar) (Removable) (Total:29.23 GB) (Free:29.23 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Schfnr. Status Grootte Vrij Dyn GPT
    ——– ————- ——- ——- — —
    Schf 0 Online 465 GB 1024 KB *
    Schf 1 Online 29 GB 0 B


    Partitions of Disk 0:
    ===============

    Schijf-id: E80A1CA6

    Partitie ### Type Grootte Offset
    ————- —————- ——- ——-
    Partitie 1 Dynamische gegev 992 KB 31 KB
    Partitie 2 Dynamische gegev 199 MB 1024 KB
    Partitie 3 Dynamische gegev 112 GB 200 MB
    Partitie 4 Dynamische gegev 353 GB 112 GB

    ==================================================================================

    Disk: 0
    Partitie 1
    Type : 42
    Verborgen: Ja
    Actief : Nee

    Er is geen volume aan deze partitie gekoppeld.

    =========================================================

    Disk: 0
    Partitie 2
    Type : 42
    Verborgen: Ja
    Actief : Ja

    Volume ### Ltr Label FS Type Grootte Status Info
    ———- — ———– —– ———- ——- ——— ——–
    * volume 2 F NTFS Eenvoudig 199 MB In orde

    =========================================================

    Disk: 0
    Partitie 3
    Type : 42
    Verborgen: Ja
    Actief : Nee

    Volume ### Ltr Label FS Type Grootte Status Info
    ———- — ———– —– ———- ——- ——— ——–
    * volume 1 C NTFS Eenvoudig 112 GB In orde

    =========================================================

    Disk: 0
    Partitie 4
    Type : 42
    Verborgen: Ja
    Actief : Nee

    Volume ### Ltr Label FS Type Grootte Status Info
    ———- — ———– —– ———- ——- ——— ——–
    * volume 0 D Data NTFS Eenvoudig 353 GB In orde

    =========================================================

    Partitions of Disk 1:
    ===============

    Schijf-id: C3072E18

    Partitie ### Type Grootte Offset
    ————- —————- ——- ——-
    Partitie 1 Primair 29 GB 1416 KB

    ==================================================================================

    Disk: 1
    Partitie 1
    Type : 0C
    Verborgen: Nee
    Actief : Ja

    Volume ### Ltr Label FS Type Grootte Status Info
    ———- — ———– —– ———- ——- ——— ——–
    * volume 4 G Lexar FAT32 Verwisselb 29 GB In orde

    =========================================================
    ============================== MBR Partition Table ==================

    ==============================
    Partitions of Disk 0:
    ===============
    Disk ID: E80A1CA6

    Partition 1:
    =========
    Hex: 00010100422020003F000000C1070000
    Active: NO
    Type: 42
    Size: 993 KB

    Partition 2:
    =========
    Hex: 80202100427E25190008000000380600
    Active: YES
    Type: 42
    Size: 199 MB

    Partition 3:
    =========
    Hex: 007E261942FEFFFF0040060000D0070E
    Active: NO
    Type: 42
    Size: 112 GB

    Partition 4:
    =========
    Hex: 00FEFFFF42FEFFFF00100E0E30482A2C
    Active: NO
    Type: 42
    Size: 353 GB

    ==============================
    Partitions of Disk 1:
    ===============
    Disk ID: C3072E18

    Partition 1:
    =========
    Hex: 800101000CFFEDB6100B0000F0F4A703
    Active: YES
    Type: 0C
    Size: 29 GB


    Last Boot: 2012-12-05 09:02

    ==================== End Of Log =============================
  • Het log ziet er prima uit.

    [b:f89d68e181]Welk programma[/b:f89d68e181]: [b:f89d68e181]ComboFix[/b:f89d68e181][/color:f89d68e181]
    [b:f89d68e181]Waarvoor/waarom[/b:f89d68e181]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
    [b:f89d68e181]Moeilijkheidsgraad[/b:f89d68e181]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:f89d68e181]Downloadlokatie[/b:f89d68e181]: Dit programma absoluut naar het bureaublad downloaden!
    [b:f89d68e181]Download ComboFix via één van deze locaties[/b:f89d68e181]:
    [list:f89d68e181][*:f89d68e181][b:f89d68e181]Bleepingcomputer[/b:f89d68e181]
    [*:f89d68e181][b:f89d68e181]ForoSpyware[/b:f89d68e181]
    [*:f89d68e181][b:f89d68e181]Geekstogo[/b:f89d68e181][/list:u:f89d68e181]
    [b:f89d68e181]Hier[/color:f89d68e181][/b:f89d68e181] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
    [b:f89d68e181]Hier[/color:f89d68e181][/b:f89d68e181] en [b:f89d68e181]hier[/color:f89d68e181][/b:f89d68e181] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:f89d68e181]Opmerkingen[/b:f89d68e181]:
    [list:f89d68e181][*:f89d68e181] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:f89d68e181]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:f89d68e181]
    [b:f89d68e181]ComboFix opstarten[/b:f89d68e181]:
    [list:f89d68e181][*:f89d68e181][b:f89d68e181]Windows 2000[/color:f89d68e181][/b:f89d68e181] en [b:f89d68e181]Windows XP[/b:f89d68e181][/color:f89d68e181]: dubbelklik op ComboFix.exe.
    [*:f89d68e181][b:f89d68e181]Windows Vista[/b:f89d68e181][/color:f89d68e181] en [b:f89d68e181]Windows 7[/b:f89d68e181][/color:f89d68e181]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:f89d68e181]
    [b:f89d68e181]ComboFix is opgestart[/b:f89d68e181]:
    [list:f89d68e181][*:f89d68e181]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:f89d68e181]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:f89d68e181]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:f89d68e181]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:f89d68e181]Post de inhoud van dit logbestand in je volgende bericht.
    [*:f89d68e181]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:f89d68e181]
    [b:f89d68e181]Belangrijke opmerking[/b:f89d68e181]:
    [list:f89d68e181][*:f89d68e181][b:f89d68e181]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:f89d68e181][/b:f89d68e181]
    [*:f89d68e181][b:f89d68e181]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:f89d68e181][/b:f89d68e181]
    [*:f89d68e181][b:f89d68e181]Start dan de computer opnieuw op.[/color:f89d68e181][/b:f89d68e181][/list:u:f89d68e181]
  • ComboFix 13-03-20.02 - HP-G6 20-03-2013 20:04:44.3.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.4044.2339 [GMT 1:00]
    Gestart vanuit: c:\users\HP-G6\Desktop\ComboFix.exe
    AV: Basis *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    SP: Basis *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\_ctypes.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\_elementtree.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\_hashlib.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\_socket.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\_ssl.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\pyexpat.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\pysqlite2._sqlite.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\python27.dll
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\pythoncom27.dll
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\PyWinTypes27.dll
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\select.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\unicodedata.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\win32api.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\win32com.shell.shell.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\win32crypt.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\win32event.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\win32file.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\win32inet.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\win32pdh.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\win32process.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\win32profile.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\win32security.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\win32ts.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\windows._cacheinvalidation.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wx._controls_.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wx._core_.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wx._gdi_.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wx._html2.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wx._misc_.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wx._windows_.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wx._wizard.pyd
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wxbase294u_net_vc90.dll
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wxbase294u_vc90.dll
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wxmsw294u_adv_vc90.dll
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wxmsw294u_core_vc90.dll
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wxmsw294u_html_vc90.dll
    c:\users\HP-G6\AppData\Local\Temp\_MEI34202\wxmsw294u_webview_vc90.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-02-20 to 2013-03-20 ))))))))))))))))))))))))))))))
    .
    .
    2013-03-20 19:08 . 2013-03-20 19:08 ——– d—–w- c:\users\Public\AppData\Local\temp
    2013-03-20 19:08 . 2013-03-20 19:08 ——– d—–w- c:\users\Default\AppData\Local\temp
    2013-03-20 18:27 . 2013-03-20 18:27 ——– d—–w- C:\FRST
    2013-03-20 17:48 . 2013-03-20 17:48 ——– d—–w- c:\windows\ERUNT
    2013-03-20 17:48 . 2013-03-20 17:48 ——– d—–w- C:\JRT
    2013-03-20 11:18 . 2013-03-20 11:18 ——– d—–w- C:\rsit
    2013-03-20 11:18 . 2013-03-20 11:18 ——– d—–w- c:\program files\trend micro
    2013-03-20 07:45 . 2013-03-20 07:45 ——– dc-h–w- c:\programdata\{24C97889-562A-425F-91C7-463C1F97DC6D}
    2013-03-20 07:45 . 2013-03-20 07:45 ——– d—–w- c:\program files\WinSysClean X4
    2013-03-19 16:48 . 2013-02-12 04:12 19968 —-a-w- c:\windows\system32\drivers\usb8023.sys
    2013-03-19 08:30 . 2013-03-19 08:30 ——– d—–w- C:\WindowsDebug
    2013-03-19 08:24 . 2013-03-20 07:44 ——– d—–w- c:\program files\WinSysClean X4 Trial
    2013-03-16 19:46 . 2013-03-16 20:35 ——– d—–w- c:\users\HP-G6\AppData\Roaming\VoipBuster
    2013-03-16 19:46 . 2013-03-16 19:46 ——– d—–w- c:\program files (x86)\VoipBuster.com
    2013-03-16 19:45 . 2013-03-16 19:45 ——– d—–w- c:\users\HP-G6\AppData\Local\Programs
    2013-03-13 21:25 . 2013-03-13 21:25 ——– d—–w- c:\windows\PCHEALTH
    2013-03-09 19:08 . 2013-03-09 19:08 95648 —-a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-09 19:08 . 2013-03-09 19:08 ——– d—–w- c:\program files (x86)\Java
    2013-02-28 20:36 . 2013-02-28 20:36 ——– d—–w- c:\program files\WinRAR
    2013-02-20 16:26 . 2013-02-20 16:26 ——– d—–w- C:\hyperterminal
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-13 21:25 . 2012-11-21 13:37 72013344 —-a-w- c:\windows\system32\MRT.exe
    2013-03-13 10:46 . 2013-01-03 20:14 73432 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-13 10:46 . 2013-01-03 20:14 693976 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-09 19:08 . 2012-11-21 14:56 782240 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2013-03-09 19:08 . 2012-11-21 14:56 861088 —-a-w- c:\windows\SysWow64
    pDeployJava1.dll
    2013-02-20 16:19 . 2013-02-20 16:25 177916 —-a-w- C:\hyperterminal.zip
    2013-02-12 05:45 . 2013-03-13 17:32 135168 —-a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45 . 2013-03-13 17:32 308736 —-a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45 . 2013-03-13 17:32 350208 —-a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45 . 2013-03-13 17:32 111104 —-a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48 . 2013-03-13 17:32 474112 —-a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48 . 2013-03-13 17:32 2176512 —-a-w- c:\windows\apppatch\AcGenral.dll
    2013-01-05 05:53 . 2013-02-13 18:11 5553512 —-a-w- c:\windows\system32
    toskrnl.exe
    2013-01-05 05:00 . 2013-02-13 18:11 3967848 —-a-w- c:\windows\SysWow64
    tkrnlpa.exe
    2013-01-05 05:00 . 2013-02-13 18:11 3913064 —-a-w- c:\windows\SysWow64
    toskrnl.exe
    2013-01-04 05:46 . 2013-02-13 18:10 215040 —-a-w- c:\windows\system32\winsrv.dll
    2013-01-04 04:51 . 2013-02-13 18:10 5120 —-a-w- c:\windows\SysWow64\wow32.dll
    2013-01-04 04:43 . 2013-02-13 18:10 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2013-01-04 03:26 . 2013-02-13 18:10 3153408 —-a-w- c:\windows\system32\win32k.sys
    2013-01-04 02:47 . 2013-02-13 18:10 25600 —-a-w- c:\windows\SysWow64\setup16.exe
    2013-01-04 02:47 . 2013-02-13 18:10 7680 —-a-w- c:\windows\SysWow64\instnm.exe
    2013-01-04 02:47 . 2013-02-13 18:10 2048 —-a-w- c:\windows\SysWow64\user.exe
    2013-01-04 02:47 . 2013-02-13 18:10 14336 —-a-w- c:\windows\SysWow64
    tvdm64.dll
    2013-01-03 06:00 . 2013-02-13 18:10 1913192 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2013-01-03 06:00 . 2013-02-13 18:10 288088 —-a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-11-21 16:23 220632 —-a-w- c:\users\HP-G6\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-11-21 16:23 220632 —-a-w- c:\users\HP-G6\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-11-21 16:23 220632 —-a-w- c:\users\HP-G6\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\HP-G6\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\HP-G6\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\HP-G6\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
    "GoogleChromeAutoLaunch_9AB5F54D94D79F19590B8088A1CE54B7"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-03-11 1274320]
    "VoipBuster"="c:\program files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe" [2013-03-05 19218240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "F-Secure Manager"="c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE" [2012-07-03 310992]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "F-Secure Hoster (45123)"="c:\program files (x86)\Internetbeveiliging\fshoster32.exe" [2012-10-19 183864]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\users\HP-G6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CloudStation.lnk - c:\users\HP-G6\AppData\Local\CloudStation\bin\cloud.exe [2013-3-1 2996096]
    Dropbox.lnk - c:\users\HP-G6\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-08-10 551040]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2012-09-12 35112]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-21 1255736]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-11-21 56016]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2013-02-27 62744]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2012-07-03 16920]
    S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\Internetbeveiliging\fshoster32.exe [2012-10-19 183864]
    S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe [2012-08-06 61176]
    S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
    S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-11-11 126520]
    S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2013-02-27 200760]
    S3 fsni;fsni;c:\program files (x86)\Internetbeveiliging\apps\CCF_Scanning\fsni64.sys [2012-11-22 78904]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160]
    S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys [2012-08-01 18832]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-10-26 343696]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
    S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-10-17 44344]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-14 17:14 1629648 —-a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-03 10:46]
    .
    2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-20 10:35]
    .
    2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-20 10:35]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-11-21 16:23 244696 —-a-w- c:\users\HP-G6\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-11-21 16:23 244696 —-a-w- c:\users\HP-G6\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-11-21 16:23 244696 —-a-w- c:\users\HP-G6\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01UnsuppModule]
    @="{AEB16659-2125-4ADA-A4AB-45EE21E86469}"
    [HKEY_CLASSES_ROOT\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}]
    2013-03-01 04:35 2327552 —-a-w- c:\users\HP-G6\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02SyncingModule]
    @="{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}"
    [HKEY_CLASSES_ROOT\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}]
    2013-03-01 04:35 2327552 —-a-w- c:\users\HP-G6\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03SyncedModule]
    @="{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}"
    [HKEY_CLASSES_ROOT\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}]
    2013-03-01 04:35 2327552 —-a-w- c:\users\HP-G6\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\HP-G6\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\HP-G6\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\HP-G6\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\HP-G6\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2013-03-07 15:31 776144 —-a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-03-07 15:31 776144 —-a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2013-03-07 15:31 776144 —-a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2013-03-07 15:31 776144 —-a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-22 171040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-22 399392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-22 441888]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-19 1664000]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.nl/
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mWindow Title =
    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 192.168.1.1
    FF - ProfilePath - c:\users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]
    "ImagePath"="\"c:\program files (x86)\Internetbeveiliging\fshoster32.exe\" -hosterid:0"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]
    @Denied: ) (Everyone)
    "AgentIdentifier"="91d071f7-f030-4c43-8c8c-12067195cdc9"
    "AuthorizationCode"="unM30L7ZwjzS07-8DzmUXvoeLcqL7rkNM7Y4pU1hlpfcALailsDgXw"
    "45123_AgentIdentifier"="91d071f7-f030-4c43-8c8c-12067195cdc9"
    "45123_AuthorizationCode"="unM30L7ZwjzS07-8DzmUXvoeLcqL7rkNM7Y4pU1hlpfcALailsDgXw"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
    c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
    c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\fssm32.exe
    c:\program files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
    c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
    c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-03-20 20:14:28 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-03-20 19:14
    .
    Pre-Run: 77.941.338.112 bytes beschikbaar
    Post-Run: 77.654.052.864 bytes beschikbaar
    .
    - - End Of File - - E4783D7256883BF13B22FE2063DC8D31
  • We kijken nogmaals diep:

    Download de [b:66410821cd]32 of 64 bit versie van HitmanPro[/color:66410821cd][/b:66410821cd] naar het bureaublad.
    [b:66410821cd]Klik hier[/b:66410821cd] voor een uitgebreide handleiding van HitmanPro.

    [list:66410821cd]
    [*:66410821cd] Houd de linker [b:66410821cd]CTRL toets[/b:66410821cd] ingedrukt en dubbelklik op "[b:66410821cd]HitmanPro36.exe[/b:66410821cd]" om de "[b:66410821cd]Force Breach[/b:66410821cd]" te starten en klik op "[b:66410821cd]volgende[/b:66410821cd]" als HitmanPro de processen heeft geblokkeerd.
    [*:66410821cd] Vink de optie "[b:66410821cd]Ik accepteer de voorwaarden van de gebruikersovereenkomst aan[/b:66410821cd]" en klik op "[b:66410821cd]Volgende[/b:66410821cd]"
    [*:66410821cd] Klik in het setup scherm nu nogmaals op "[b:66410821cd]Volgende[/b:66410821cd]", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
    [*:66410821cd] Als de scan klaar is klik je op [b:66410821cd]"volgende"[/b:66410821cd]
    [*:66410821cd] Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
    [*:66410821cd] [i:66410821cd]Note:[/color:66410821cd][/i:66410821cd] indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
    [*:66410821cd] Als het verwijderen gereed is klik je onderin het scherm op "[b:66410821cd]Save log[/b:66410821cd]" of "[b:66410821cd]Logbestand opslaan[/b:66410821cd]" en sla deze op bijvoorbeeld het bureaublad op.
    Post dit logje.
    [*:66410821cd] Klik nu op de knop "[b:66410821cd]Herstarten[/b:66410821cd]".[/list:u:66410821cd]
  • Is dat een andere versie als in RSIT??
    Anyhow, ctrl +klik werkte niet, dubbelklik wel
    [code:1:c28e619c5b]
    HitmanPro 3.7.2.190
    www.hitmanpro.com

    Computer name . . . . : HP-G6-PC
    Windows . . . . . . . : 6.1.1.7601.X64/4
    User name . . . . . . : HP-G6-PC\HP-G6
    UAC . . . . . . . . . : Enabled
    License . . . . . . . : Free

    Scan date . . . . . . : 2013-03-20 20:57:28
    Scan mode . . . . . . : Normal
    Scan duration . . . . : 2m 45s
    Disk access mode . . : Direct disk access (SRB)
    Cloud . . . . . . . . : Internet
    Reboot . . . . . . . : No

    Threats . . . . . . . : 0
    Traces . . . . . . . : 113

    Objects scanned . . . : 1.176.923
    Files scanned . . . . : 12.773
    Remnants scanned . . : 191.363 files / 972.787 keys

    Cookies _____________________________________________________________________

    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yachtfocus.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:adverteerdirect.nl
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluemango.solution.weborama.fr
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmednl.solution.weborama.fr
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:conrad.122.2o7.net
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftwindows.112.2o7.net
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:ouderensexdating.nl
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:paypal.112.2o7.net
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:secret-sexdate.nl
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:ssp-csync.smartadserver.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:trackalyzer.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.ouderensexdating.nl
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.secret-sexdate.nl
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
    C:\Users\HP-G6\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
    C:\Users\HP-G6\AppData\Roaming\Microsoft\Windows\Cookies\EM78RAUX.txt
    C:\Users\HP-G6\AppData\Roaming\Microsoft\Windows\Cookies\YD4PAXMX.txt
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:2o7.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:ad.360yield.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:ad.yieldmanager.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:ad.zanox.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:ads.creative-serving.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:ads.p161.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:ads.pubmatic.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:adtech.de
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:adtechus.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:adverteerdirect.nl
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:advertising.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:amazonmerchants.122.2o7.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:apmebf.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:at.atwola.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:atdmt.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:bluemango.solution.weborama.fr
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:bs.serving-sys.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:burstnet.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:c.atdmt.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:casalemedia.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:collective-media.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:conrad.122.2o7.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:doubleclick.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:eas.apm.emediate.eu
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:fastclick.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:h.atdmt.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:in.getclicky.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:invitemedia.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:kontera.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:media6degrees.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:mediaplex.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:nl.sitestat.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:ohra.adservinginternational.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:oracle.112.2o7.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:ouderensexdating.nl
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:questionmarket.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:revsci.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:ru4.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:secret-sexdate.nl
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:serving-sys.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:smartadserver.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:specificclick.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:stat.onestat.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:statcounter.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:stats.paypal.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:stats.snacktools.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:statse.webtrendslive.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:tpgpost.122.2o7.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:track.adform.net
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:track.hubrus.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:tribalfusion.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:ww251.smartadserver.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:www.etracker.de
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:www.googleadservices.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:www.ouderensexdating.nl
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:www.secret-sexdate.nl
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:www4.smartadserver.com
    C:\Users\HP-G6\AppData\Roaming\Mozilla\Firefox\Profiles
    5fhd5my.default\cookies.sqlite:xiti.com


    [/code:1:c28e619c5b]
  • Nee, HitmanPro is een ondemandscanner.

    Enkel cookies zijn gevonden - dat zegt mij iets over jouw WinSysClean!

    Kijk hier hoe je het tool configureert: http://www.nationaalcomputerforum.nl/showthread.php?t=99605

    Welliswaar betreft betreft dat de versie X2, maar dat doet er niet toe.

    En laat me weten hoe het inmiddels gaat!
  • Nou toen ik jou daarnet wilde antwoorden had ik een freeze, maar na opstarten lijkt t wel soepel te lopen.

    Die instellingen van WSC4 heb ik bewust zo gedaan, wilde mn geschiedeniss niet kwijt, zal nog even kijken naar cookies verwijderen.
    Auslogics zou ze er ook uit moeten vissen, vreemd dat dat ook niet gebeurd is.

    FF is in elk geval weer wat sneeler als voorheen, ook starten bepallde websites nu rapper op.
  • Ik wijs je hierbij op een speciale Microsoft scanner:

    [b:21fe0fdcc0]Welk programma[/b:21fe0fdcc0]: [b:21fe0fdcc0]Microsoft Safety Scanner (msert)[/b:21fe0fdcc0][/color:21fe0fdcc0]
    [b:21fe0fdcc0]Waarvoor/waarom[/b:21fe0fdcc0]: specialistische scanner van Microsoft om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:21fe0fdcc0]Moeilijkheidsgraad[/b:21fe0fdcc0]: geen.
    Dowload: [b:21fe0fdcc0]Microsoft Safety Scanner (msert)[/b:21fe0fdcc0][/color:21fe0fdcc0].

    [b:21fe0fdcc0]Opmerking[/b:21fe0fdcc0][/color:21fe0fdcc0]:
    [list:21fe0fdcc0][*:21fe0fdcc0][b:21fe0fdcc0] Microsoft Safety Scanner verloopt 10 dagen nadat het is gedownload.[/b:21fe0fdcc0][/color:21fe0fdcc0]
    [*:21fe0fdcc0][b:21fe0fdcc0]Indien u opnieuw een scan wilt uitvoeren met de nieuwste definities ter voorkoming van schadelijke software,
    downloadt u Microsoft Safety Scanner opnieuw en voert u het opnieuw uit.[/b:21fe0fdcc0][/list:u:21fe0fdcc0]

    [b:21fe0fdcc0]Microsoft Safety Scanner opstarten[/b:21fe0fdcc0][/color:21fe0fdcc0]:
    [list:21fe0fdcc0][*:21fe0fdcc0][b:21fe0fdcc0]Windows 2000[/b:21fe0fdcc0][/color:21fe0fdcc0] en [b:21fe0fdcc0]Windows XP[/b:21fe0fdcc0][/color:21fe0fdcc0]: start Microsoft's Safety Scanner middels dubbelklikken.
    [*:21fe0fdcc0][b:21fe0fdcc0]Windows Vista[/b:21fe0fdcc0][/color:21fe0fdcc0], [b:21fe0fdcc0]Windows 7[/b:21fe0fdcc0][/color:21fe0fdcc0] en [b:21fe0fdcc0]Windows 8[/b:21fe0fdcc0][/color:21fe0fdcc0]: start Microsoft's Safety Scanner middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/list:u:21fe0fdcc0]
    Zet vervolgens een vinkje bij "Ik accepteer de voorwaarden van de bovenstaande gebruiksovereenkomst".

    [b:21fe0fdcc0]Scannen[/b:21fe0fdcc0][/color:21fe0fdcc0]:
    [list:21fe0fdcc0][*:21fe0fdcc0]Na het opstarten van [b:21fe0fdcc0]Microsoft Safety Scanner (msert)[/b:21fe0fdcc0][/color:21fe0fdcc0], klik je op de knop "[b:21fe0fdcc0]Volgende[/b:21fe0fdcc0]", vervolgens kies je voor '[b:21fe0fdcc0]Aangepaste Scan[/b:21fe0fdcc0]'.
    [*:21fe0fdcc0]Navigeer vervolgens naar [b:21fe0fdcc0]C:\Windows[/b:21fe0fdcc0][/color:21fe0fdcc0] en selekteer deze map.
    [*:21fe0fdcc0]Het scannen duurt wel even, dus wees geduldig.[/list:u:21fe0fdcc0]

    Laat maar weten of het tool nog wat gevonden heeft!
  • Gaat niet
    "geen geldige win32 toepassing
    Twee maal gedownload ook de 64 bits versie
    op buroblad, start niet op niet met dubbeklik noch als Admin uitvoeren….
  • Dat klinkt niet goed!

    Download [b:94d58bffa4]Windows Repair All in One[/color:94d58bffa4][/b:94d58bffa4].

    [b:94d58bffa4]Lees deze lange handleiding A.U.B. helemaal door voordat u begint.[/b:94d58bffa4][/color:94d58bffa4]
    [b:94d58bffa4]Notabene:[/color:94d58bffa4] sluit voordat Windows Repair All in One[/color:94d58bffa4] de fix gaat doen, eerst alle[/color:94d58bffa4] andere openstaande vensters![/b:94d58bffa4]

    [list:94d58bffa4]
    [*:94d58bffa4] Dubbelklik op "[b:94d58bffa4]tweaking.com_windows_repair_aio_setup.exe[/color:94d58bffa4][/b:94d58bffa4]" om de installatie daarvan te starten.
    [*:94d58bffa4] [b:94d58bffa4]Windows Vista, 7 & 8[/b:94d58bffa4][/color:94d58bffa4]: rechtsklik op de setup.exe en dan kiezen voor Als Administrator uitvoeren.
    [*:94d58bffa4] Klik in het scherm dat verschijnt op "[b:94d58bffa4]Next[/b:94d58bffa4]" om het programma op de computer te installeren.
    [*:94d58bffa4] Volg de verder instructies van de installatie op, wanneer de installatie gereed is klikt u op "[b:94d58bffa4]Next[/b:94d58bffa4]" en daarna op "[b:94d58bffa4]Finish[/b:94d58bffa4]"
    [*:94d58bffa4] Hierna wordt het programma automatisch opgestart.
    [*:94d58bffa4] Indien wordt aangegeven, dat er een [b:94d58bffa4]update[/b:94d58bffa4] beschikbaar is, klikt u op [b:94d58bffa4]JA[/b:94d58bffa4] om hier mee akkoord te gaan.
    [list:94d58bffa4]
    [*:94d58bffa4] Indien u niet beschikt over een werkende internetverbinding, dan kiest u de optie "[b:94d58bffa4]NEE[/b:94d58bffa4]".[/list:u:94d58bffa4]
    [*:94d58bffa4] In het scherm wat nu verschijnt klik u op "[b:94d58bffa4]Next[/b:94d58bffa4]" zoals op de onderstaande afbeelding.
    [img:94d58bffa4]http://www.imgdumper.nl/uploads6/50e858705fe93/50e858705e33a-WRAIO-b.png[/img:94d58bffa4]
    [*:94d58bffa4] Klik in het vervolg scherm / tabblad [b:94d58bffa4]Step1[/b:94d58bffa4] wederom op "[b:94d58bffa4]Next[/b:94d58bffa4]"
    [*:94d58bffa4] Klik in het volgende scherm [b:94d58bffa4]Step2[/b:94d58bffa4] wederom op "[b:94d58bffa4]Next[/b:94d58bffa4]"
    [*:94d58bffa4] Bij het volgende scherm [b:94d58bffa4]Step3[/b:94d58bffa4] klikt u op "[b:94d58bffa4]Do it[/b:94d58bffa4]" om de System File Checker uit te voeren zoals u kunt zien op de onderstaande afbeelding.
    [img:94d58bffa4]http://www.imgdumper.nl/uploads6/50e859733bd22/50e859733a1c7-WRAIO-c.png[/img:94d58bffa4]
    [*:94d58bffa4] Er zal nu automatisch een CMD / DOS achtig scherm openen, druk hier op een toets om door te gaan.
    [img:94d58bffa4]http://www.imgdumper.nl/uploads6/50e859d3a0b45/50e859d39eff0-WRAIO-d.png[/img:94d58bffa4]
    [*:94d58bffa4] Als deze scan gereed is klikt u wederom op "[b:94d58bffa4]Next[/b:94d58bffa4]"
    [*:94d58bffa4] Klik in het volgende scherm [b:94d58bffa4]Step4[/b:94d58bffa4] wederom op "[b:94d58bffa4]Next[/b:94d58bffa4]"
    [*:94d58bffa4] Klik hierna onder het tabblad [b:94d58bffa4]Start repairs[/b:94d58bffa4] op de knop [b:94d58bffa4]Start[/b:94d58bffa4] zoals op de onderstaande afbeelding.
    [img:94d58bffa4]http://www.imgdumper.nl/uploads6/50e85bad2cdb8/50e85bad2ae7c-WRAIO-e.png[/img:94d58bffa4]
    [*:94d58bffa4] Er zal nu een melding verschijnen met de mededeling om een herstelpunt en register back-up aan te maken, klik hier op [b:94d58bffa4]JA[/b:94d58bffa4].
    [img:94d58bffa4]http://www.imgdumper.nl/uploads6/50e85c0027382/50e85c00267cc-WRAIO-f.png[/img:94d58bffa4]
    [*:94d58bffa4] Hierna verschijnt het volgende scherm.
    [img:94d58bffa4]http://www.imgdumper.nl/uploads6/50e85c55ebef8/50e85c55e8459-WRAIO-g.png[/img:94d58bffa4]
    [*:94d58bffa4] Voer nu verder niets uit op de computer, laat het programma zijn werk doen.
    [*:94d58bffa4] Als het bovenstaande scherm is gesloten druk dan nogmaals op [b:94d58bffa4]Start[/b:94d58bffa4].
    [*:94d58bffa4] Standaard staan nu alle items aangevinkt, laat deze zo staan en klik op de knop [b:94d58bffa4]start[/b:94d58bffa4] zoals u kunt zien op de onderstaande afbeelding.
    [img:94d58bffa4]http://www.imgdumper.nl/uploads6/50e85d423523e/50e85d4231b8f-WRAIO-h.png[/img:94d58bffa4]
    [*:94d58bffa4] Laat het programma nu zijn werk doen en doe verder niets op het systeem, er zullen nu van allerlei CMD schermen verschijnen klik deze dan ook nooit weg.
    [*:94d58bffa4] Ik het rode kader op de onderstaande afbeelding ziet u de voorgang van de tool.
    [img:94d58bffa4]http://www.imgdumper.nl/uploads6/50e85f3bddd01/50e85f3bd67d4-WRAIO-i.png[/img:94d58bffa4]
    [*:94d58bffa4] Als het erop lijkt alsof de tool niets meer doet, laat het systeem dan nog steeds met rust en wacht af tot het volgende scherm verschijnt.
    [*:94d58bffa4] Wanneer in een volgende scherm daarom gevraagd wordt, klikt u op "[b:94d58bffa4]JA[/b:94d58bffa4]"
    [img:94d58bffa4]http://www.imgdumper.nl/uploads6/50e8621861f05/50e862186134e-WRAIO-j.png[/img:94d58bffa4]
    [*:94d58bffa4] De computer wordt nu vanzelf na 30 seconden opnieuw opgestart.[/list:u:94d58bffa4]
  • Ben ermee bezig ben bij stap tabblad 4, laat PC zijn gang gaan en meld me morgen weer.

    EDIT niet alle opties worden standaard aangevinkt, zal t handmatig doen.
  • Nou dat programma heeft een tijd staan kauwen, en na een reboot vanmorgen duurde t kunnen starten van "mijn computer" via desktopicoon verdomde lang.
    MSERT wil nog steeds niet starten, geen win32 toepassing…
    Kan geen log vinden, maakt tweaking.com…. een log?
  • Niet dat ik weet, maar kijk in C:\ of daar iets te vinden is.

    En doe onderstaande:

    ga naar [b:b17b3ad89c]Start[/b:b17b3ad89c] en typ in de zoekregel [b:b17b3ad89c]cmd[/color:b17b3ad89c][/b:b17b3ad89c] - bovenaan in het startmenu zie je nu de betreffende snelkoppeling.
    Klik deze snelkoppeling met rechts aan en kies voor [b:b17b3ad89c]Als administrator uitvoeren[/color:b17b3ad89c][/b:b17b3ad89c].

    In het zwarte venster typ je nu [b:b17b3ad89c]sfc /scannow[/color:b17b3ad89c][/b:b17b3ad89c] gevolgd door indrukken van de Entertoets.
    Denk wel aan de spatie na 'sfc'.
    In het zwarte venster zie je vervolgens de voortgang van de scan.
    SFC (SystemFileChecker) houdt in dat systeembestanden gecontroleerd worden op juist funktioneren, zo nodig volgt reparatie.
    Let goed op de laatste meldingen in het venster: indien aangegeven wordt, dat herstel afhankelijk is van opnieuw opstarten, doe dit dan.

    Is de scan klaar en hoeft er niet gerebooted te worden, typ je [b:b17b3ad89c]Exit[/color:b17b3ad89c][/b:b17b3ad89c] gevolgd door indrukken van de Entertoets.
    [b:b17b3ad89c]Laat wel weten wat het resultaat van de scan is[/b:b17b3ad89c][/color:b17b3ad89c].
  • sfc gaf geen resultaten maar in dosbox kon ik niets meer typen, dus gewoon venster gesloten en lappie opnieuw geboot

    Van andere progsel geen log.

    Net speedtest gedaan 46 mb down en 6 up, ping 10ms.
    Maar mn browsers blijven toch af en toe haperen.

    Als jij geen nieuwe ideeën hebt zal ik binnenkort maar eens een fresh install doen, probleem is dan mn andere software, die hangt aan een hardware sleutel die verandert wordt bij een nieuw OS…leuk :evil:
  • Ik denk ook dat dit de beste oplossing voor je is.
    Gebruik je daarvoor een echte Windows 7 installatie-dvd of moet je het doen met een recovery?
  • Nee heb overal officiële dingen van.
    Van mn Ultimate weliswaar een upgrade versie, maar heb ook de ISO's van Home Premium met een bijbehorende key ( op deze laptop geplakt) .
    Kan ook wel voor laag prijsje een win8 kopen, maar dan ben ik bang dta mn navigatieprogramma's t niet meer doen en ik lees vrij weinig goeds over de opvolger van ME en Vista 8)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.