Mededeling

Collapse
No announcement yet.

Firefox startpagina WebSearch, duidelijk adware aanwezig

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Firefox startpagina WebSearch, duidelijk adware aanwezig

    Beste Nucia vrijwilliger,

    Op mijn laptop zit duidelijk adware. Heb namelijk popups gekregen en de hoofdpagina van firefox is veranderd in WebSearch. Verder is mijn laptop ook trager.

    Alvast bedankt!!
    Hier de 3 logs:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.09.02.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    D.E. Huw :: DEHUW-HP [standaardgebruiker]

    2-9-2013 18:39:06
    mbam-log-2013-09-02 (18-39-06).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 235231
    Verstreken tijd: 2 minuut/minuten, 18 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 12
    HKCR\CLSID\{98FE2DA9-4B08-8ACA-497B-4C8E3E77AF97} (PUP.Optional.MultiPlug.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98FE2DA9-4B08-8ACA-497B-4C8E3E77AF97} (PUP.Optional.MultiPlug.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98FE2DA9-4B08-8ACA-497B-4C8E3E77AF97} (PUP.Optional.MultiPlug.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{BE1FD184-6231-BA52-63B0-541BDDCF3D22} (PUP.Optional.MultiPlug.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE1FD184-6231-BA52-63B0-541BDDCF3D22} (PUP.Optional.MultiPlug.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BE1FD184-6231-BA52-63B0-541BDDCF3D22} (PUP.Optional.MultiPlug.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE6D76E9-CB41-440C-7E27-9B3802831E76} (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BD66792-AFFC-D718-463F-454D2D57C784} (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Optional.SearchNewTab) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Optional.SearchNewTab) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} (PUP.Optional.SearchNewTab) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 2
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Slecht: (c:\progra~2\websea~1\sprote~1.dll) Goed: () -> Succesvol in quarantaine geplaatst en gerepareerd.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Slecht: (c:\progra~2\savesh~1\sprote~1.dll) Goed: () -> Succesvol in quarantaine geplaatst en gerepareerd.

    Mappen gedetecteerd: 11
    C:\Users\D.E. Huw\AppData\Roaming\WebCake (PUP.WebCake) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\AppData\Roaming\WebCake\dat (PUP.WebCake) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\AppData\Roaming\WebCake\dat\update (PUP.WebCake) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\WebCake (PUP.WebCake) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\SearchNewTab (PUP.Optional.SearchNewTab) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\SearchNewTab\data (PUP.Optional.SearchNewTab) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 31
    C:\Program Files (x86)\WebSearch\sprotector.dll (PUP.Optional.SProtect.A) -> Zal worden verwijderd tijdens het herstarten.
    C:\Program Files (x86)\SaveShare\sprotector.dll (PUP.Optional.SProtect.A) -> Zal worden verwijderd tijdens het herstarten.
    C:\ProgramData\SearchNewTab\Gp0RkP.dll (PUP.Optional.MultiPlug.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\savoeenshareo a\ZMQ.dll (PUP.Optional.MultiPlug.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\InstallMate\{BC327009-F46A-4212-A0F9-BC4867D152FF}\Setup.exe (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\InstallMate\{BC327009-F46A-4212-A0F9-BC4867D152FF}\TsuDll.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\InstallMate\{EFC11348-197C-40BA-A251-515E342231BE}\Setup.exe (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\InstallMate\{EFC11348-197C-40BA-A251-515E342231BE}\TsuDll.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\AppData\Local\Temp\4xW7G7Kb.exe.part (PUP.Optional.Installex) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\AppData\Local\Temp\doO9ZT1x.exe.part (PUP.Optional.Installrex) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\AppData\Local\Temp\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\Downloads\DTLite4454-0315.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\Downloads\Matlab_Windows_2012a _ www.mshihan.blogspot.com .rar.exe (PUP.Optional.Installrex) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\Downloads\SpyHunter 4.1 Full Serial Key Free Download.exe (PUP.Optional.Installrex) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\Downloads\veetle-0.9.18.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\Local Settings\Temporary Internet Files\Content.IE5\26QSYTOI\JgJ7PaQv7[1].exe (PUP.Optional.MultiPlug.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\Local Settings\Temporary Internet Files\Content.IE5\26QSYTOI\search_defender_166[1].exe (PUP.Optional.SProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\Local Settings\Temporary Internet Files\Content.IE5\26QSYTOI\search_defender_alternate_166[1].exe (PUP.Optional.SProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\Local Settings\Temporary Internet Files\Content.IE5\77NQRFIY\ezdownloader[1].exe (PUP.Optional.EZDownloader.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\Local Settings\Temporary Internet Files\Content.IE5\VZAPOGQS\agent_setup[1].exe (PUP.Optional.BetterSoft.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\Local Settings\Temporary Internet Files\Content.IE5\VZAPOGQS\EcW[1].exe (PUP.Optional.MultiPlug.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\Local Settings\Temporary Internet Files\Content.IE5\VZAPOGQS\sWbJKL[1].exe (PUP.Optional.MultiPlug.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\Local Settings\Temporary Internet Files\Content.IE5\VZAPOGQS\_X5[1].exe (PUP.Adware.MultiPlug) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\D.E. Huw\AppData\Roaming\WebCake\PlugIns.cache (PUP.WebCake) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\WebCake\WebCakeLayers.crx (PUP.WebCake) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\SearchNewTab\Gp0RkP.tlb (PUP.Optional.SearchNewTab) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\SearchNewTab\K2c16Yf.exe (PUP.Optional.SearchNewTab) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\SearchNewTab\settings.ini (PUP.Optional.SearchNewTab) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\SearchNewTab\data\SearchNewTab.dat (PUP.Optional.SearchNewTab) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)



    DSS


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2
    Run by D.E. Huw at 18:49:38 on 2013-09-02
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8140.4939 [GMT 2:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Users\D.E. Huw\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\splwow64.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://websearch.searchiseasy.info/?pid=821&r=2013/09/02&hid=8485014585532956450&lg=EN&cc=NL&unqvl=33
    mWinlogon: Userinit = userinit.exe,
    BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.5.4.11.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [Google Update] "C:\Users\D.E. Huw\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    uRun: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\DEBCBF~1.HUW\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\D.E. Huw\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: &D&ownload &met BitComet - D:\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload alles met BitComet - D:\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - D:\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{34B31F54-A984-4AAF-B74E-EFA67119F659} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{34B31F54-A984-4AAF-B74E-EFA67119F659}\14256573531393834383446444 : DHCPNameServer = 192.168.2.254
    TCP: Interfaces\{34B31F54-A984-4AAF-B74E-EFA67119F659}\4586F6D637F6E6340363131354 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{34B31F54-A984-4AAF-B74E-EFA67119F659}\960586F6E656026716E602241637020556C647 : DHCPNameServer = 62.133.126.28 62.133.126.29
    TCP: Interfaces\{34B31F54-A984-4AAF-B74E-EFA67119F659}\A597F507279667164756F58575B4333385 : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{6E45E765-8A7A-4F93-BE96-F4B93729B12E} : NameServer = 130.115.15.2 130.115.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~2\websea~1\sprote~1.dll
    SSODL: WebCheck - <orphaned>
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\4bq8foki.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchiseasy.info/?pid=821&r=2013/09/02&hid=8485014585532956450&lg=EN&cc=NL&unqvl=33&l=1&q=
    FF - prefs.js: browser.search.selectedEngine - WebSearch
    FF - prefs.js: browser.startup.homepage - hxxp://websearch.searchiseasy.info/?pid=821&r=2013/09/02&hid=8485014585532956450&lg=EN&cc=NL&unqvl=33
    FF - prefs.js: keyword.URL - hxxp://websearch.searchiseasy.info/?pid=821&r=2013/09/02&hid=8485014585532956450&lg=EN&cc=NL&unqvl=33&l=1&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\D.E. Huw\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-09-02 17:50; [email protected]; C:\Users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\4bq8foki.default\extensions\[email protected]
    FF - ExtSQL: 2013-09-02 17:50; [email protected]; C:\Users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\4bq8foki.default\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-11 283200]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-22 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-22 203776]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-1-26 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-22 13336]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-2 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-2 701512]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-22 2656280]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-6-14 1098296]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-22 317440]
    R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-10-22 12228128]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-2 25928]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-10-22 333928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-22 428136]
    S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/22 10:02:36;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;D:\BitComet\tools\BitCometService.exe -service --> D:\BitComet\tools\BitCometService.exe -service [?]
    S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-1-24 58128]
    S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-1-24 274944]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-11-7 102368]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-1-24 59904]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-2-4 340240]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-11-7 203104]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-24 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-09-02 16:37:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-09-02 16:14:09 -------- d-----w- C:\Program Files\Enigma Software Group
    2013-09-02 16:13:55 -------- d-----w- C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
    2013-09-02 16:13:54 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2013-09-02 15:50:55 -------- d-----w- C:\ProgramData\SummerSoft
    2013-09-02 15:50:22 -------- d-----w- C:\Program Files (x86)\WebSearch
    2013-09-02 15:50:11 -------- d-----w- C:\Program Files (x86)\SaveShare
    2013-09-02 15:50:04 -------- d-----w- C:\ProgramData\savoeenshareo a
    2013-09-02 15:49:07 -------- d-----w- C:\ProgramData\InstallMate
    2013-09-02 11:27:08 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{C817F25E-5313-4B55-8BF8-E28C5CA6422B}
    2013-09-01 15:30:13 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{08633528-9EED-4E43-BE5C-FEBAA5AC042F}
    2013-08-31 16:54:28 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{DCD03A44-3121-4F25-B937-0E0BE59F08AB}
    2013-08-30 14:12:02 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4349B11-B1BC-424F-9AA3-083614633FCD}\mpengine.dll
    2013-08-29 10:55:37 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{63995A10-8B6A-4B67-8F7D-4EB1FA03DA31}
    2013-08-28 16:22:37 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{20C46682-80BE-458B-AA26-C8AB9A18B504}
    2013-08-27 19:33:01 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{7697FE5E-7164-4E66-ACF6-01053BB92F78}
    2013-08-27 06:49:06 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{E0E594D5-15BA-4434-A2F1-6F494FBD6E68}
    2013-08-26 18:31:14 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{CB5FD059-8161-411C-A23C-2478A1BC79F1}
    2013-08-26 04:56:50 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{A4C5929E-94AA-4EFE-9315-E742DFB452E6}
    2013-08-25 16:02:35 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{DF0F19A3-0BC1-4DFC-80E7-461D6BBCF01A}
    2013-08-24 13:48:55 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{9EE2895F-78BB-49AE-8D91-12C393FE8736}
    2013-08-23 14:24:31 -------- d-----w- C:\HP_TOOLS_mountHPSF
    2013-08-14 05:39:46 1472512 ----a-w- C:\Windows\System32\crypt32.dll
    2013-08-14 04:55:03 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{65B93AE3-00FE-4308-B2BE-887672480A88}
    2013-08-13 09:03:51 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{8C322398-1CC1-44E6-8FD6-18714858C7FD}
    2013-08-12 07:06:58 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{A3D29E3A-E820-43F4-B955-4C3FA793C5AB}
    2013-08-11 19:06:24 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{1B743109-4053-4365-8617-544B63B1082A}
    2013-08-10 03:26:39 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{94FA342B-BADC-4038-B417-B92A107A1350}
    2013-08-09 08:21:54 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{A4AD1402-525D-4B2C-98A8-C846DAA39DDE}
    2013-08-08 06:48:23 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{D8B05060-9B6F-40DA-8BAC-618A9F9B1B57}
    2013-08-06 15:24:33 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{C3BF6912-C54A-457B-B65D-4DE9486234DC}
    2013-08-06 03:21:49 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{116D711B-D378-44C1-A477-B6A023A3D1DD}
    2013-08-05 05:17:32 -------- d-----w- C:\Users\D.E. Huw\AppData\Local\{4EB4F955-340E-4867-89FA-9B4CBD1D387D}
    .
    ==================== Find3M ====================
    .
    2013-08-23 14:23:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-23 14:23:45 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-07-02 08:14:28 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-02 08:14:28 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-07-02 08:14:28 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 18:49:50,34 ===============



    Gmer

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-09-02 18:59:12
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.4PC1 149,05GB
    Running: ne5tndj9.exe; Driver: C:\Users\DEBCBF~1.HUW\AppData\Local\Temp\kgtiapog.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076521465 2 bytes [52, 76]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765214bb 2 bytes [52, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076521465 2 bytes [52, 76]
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765214bb 2 bytes [52, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3480] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000073bd1b41 2 bytes [BD, 73]
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3480] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000073bd1be8 2 bytes [BD, 73]
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3480] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000073bd1c20 2 bytes [BD, 73]
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3480] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000073bd1cd2 2 bytes [BD, 73]
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3480] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000073bd1cf2 2 bytes [BD, 73]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076521465 2 bytes [52, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765214bb 2 bytes [52, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3548] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007794000c 1 byte [C3]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3548] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779cf8ea 5 bytes JMP 000000017797d5c1
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076521465 2 bytes [52, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765214bb 2 bytes [52, 76]
    .text ... * 2
    .text C:\Users\D.E. Huw\AppData\Roaming\Dropbox\bin\Dropbox.exe[4172] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076521465 2 bytes [52, 76]
    .text C:\Users\D.E. Huw\AppData\Roaming\Dropbox\bin\Dropbox.exe[4172] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000765214bb 2 bytes [52, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076521465 2 bytes [52, 76]
    .text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765214bb 2 bytes [52, 76]
    .text ... * 2
    ? C:\Windows\system32\mssprxy.dll [4592] entry point in ".rdata" section 000000006ec871e6
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076521465 2 bytes [52, 76]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765214bb 2 bytes [52, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076521465 2 bytes [52, 76]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765214bb 2 bytes [52, 76]
    .text ... * 2
    .text C:\Program Files (x86)\iTunes\iTunes.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076521465 2 bytes [52, 76]
    .text C:\Program Files (x86)\iTunes\iTunes.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765214bb 2 bytes [52, 76]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1976:3580] 000007fefc012a7c
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1976:5852] 000007fef119d618
    Thread C:\Windows\System32\svchost.exe [3084:3348] 000007fee8249688

    ---- EOF - GMER 2.1 ----

  • #2
    Download Zoek.zip naar het bureaublad.
    1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
    2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

    • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
    • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
      Code:
      emptyclsid;
      firefoxlook; 
      Chromelook; 
      autoclean; 
      iedefaults; 
      filesrcm;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Bedankt voor de reactie.
      Ik was vergeten te melden dat elke keer wanneer ik afsluit, ik elke keer de zelfde twee windows update krijg. Het duurt vrij lang om af te sluiten. Ik weet echter niet of dit gerelateerd is aan dit probleem.

      Hier de log:


      Zoek.exe Version 4.0.0.4 Updated 31-08-2013
      Tool run by D.E. Huw on ma 02-09-2013 at 22:03:01,08.
      Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
      Running in: Normal Mode Internet Access Detected
      Launched: C:\Users\D.E. Huw\Documents\Nucia\zoek.exe [Script inserted]

      ==== System Restore Info ======================

      2-9-2013 22:03:28 Zoek.exe System Restore Point Created Succesfully.

      ==== Deleting CLSID Registry Keys ======================

      HKEY_USERS\S-1-5-21-1180847874-3649552514-4221465238-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully
      HKEY_USERS\S-1-5-21-1180847874-3649552514-4221465238-1001\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully
      HKEY_USERS\S-1-5-21-1180847874-3649552514-4221465238-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
      HKEY_USERS\S-1-5-21-1180847874-3649552514-4221465238-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CB1BF530-AA37-4BAC-BD23-8C722FE0DB49} deleted successfully
      HKEY_USERS\S-1-5-21-1180847874-3649552514-4221465238-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
      HKEY_USERS\S-1-5-21-1180847874-3649552514-4221465238-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
      HKEY_USERS\S-1-5-21-1180847874-3649552514-4221465238-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
      HKEY_USERS\S-1-5-21-1180847874-3649552514-4221465238-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully
      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

      ==== Deleting CLSID Registry Values ======================

      HKEY_USERS\S-1-5-21-1180847874-3649552514-4221465238-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
      HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ {E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully

      ==== Deleting Services ======================


      ==== FireFox Fix ======================

      ProfilePath: C:\Users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\077p7xkq.default-1369935421380

      prefs.js not found
      user.js not found
      ---- Lines [email protected] removed from prefs.js ----


      ---- Lines [email protected] modified from prefs.js ----


      ---- Lines WebSearch removed from prefs.js ----


      ---- Lines WebSearch modified from prefs.js ----


      ---- Lines babylon removed from prefs.js ----


      ---- Lines babylon modified from prefs.js ----


      ---- Lines SweetIM removed from prefs.js ----


      ---- Lines SweetIM modified from prefs.js ----


      ---- FireFox user.js and prefs.js backups ----


      ProfilePath: C:\Users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\4bq8foki.default

      user.js not found
      ---- Lines [email protected] removed from prefs.js ----

      user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.3.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\D.E. Huw\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4bq8foki.default\\\\extensions\\\\{d1 0d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\"},\"[email protected]\":{\"version\":\"5.10\",\"type\":\"extension\",\"descript or\":\"C:\\\\Users\\\\D.E. Huw\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4bq8foki.default\\\\extensions\\\\mjs [email protected]\"},\"[email protected]\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\D.E. Huw\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4bq8foki.default\\\\extensions\\\\[email protected]\"}}");

      ---- Lines [email protected] modified from prefs.js ----

      user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1377268734602,\"rdfTime\":1377268734586}}},{\"name\":\"app-profile\",\"addons\":{\"[email protected]\":{\"descriptor\":\"C:\\\\Users\\\\D.E. Huw\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4bq8foki.default\\\\extensions\\\\[email protected]\",\"mtime\":1378137056481,\"rdfTime\":1378137029609},\"[email protected]\":{\"descriptor\" :\"C:\\\\Users\\\\D.E. Huw\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4bq8foki.default\\\\extensions\\\\mjs [email protected]\",\"mtime\":1378137056441,\"rdfTime\":1346601004540},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\D.E. Huw\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4bq8foki.default\\\\extensions\\\\{d1 0d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1375289345480}}}]");

      ---- Lines WebSearch removed from prefs.js ----

      user_pref("browser.search.defaultenginename", "WebSearch");
      user_pref("browser.search.defaultenginename,S", "WebSearch");
      user_pref("browser.search.defaulturl", "http://websearch.searchiseasy.info/?pid=821&r=2013/09/02&hid=8485014585532956450&lg=EN&cc=NL&unqvl=33&l=1&q=");
      user_pref("browser.search.order.1", "WebSearch");
      user_pref("browser.search.order.1,S", "WebSearch");
      user_pref("browser.search.selectedEngine", "WebSearch");
      user_pref("browser.search.selectedEngine,S", "WebSearch");
      user_pref("browser.startup.homepage", "http://websearch.searchiseasy.info/?pid=821&r=2013/09/02&hid=8485014585532956450&lg=EN&cc=NL&unqvl=33");
      user_pref("keyword.URL", "http://websearch.searchiseasy.info/?pid=821&r=2013/09/02&hid=8485014585532956450&lg=EN&cc=NL&unqvl=33&l=1&q=");

      ---- Lines WebSearch modified from prefs.js ----


      ---- Lines babylon removed from prefs.js ----

      user_pref("extensions.BabylonToolbar.prtkDS", 0);
      user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

      ---- Lines babylon modified from prefs.js ----


      ---- Lines SweetIM removed from prefs.js ----

      user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
      user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
      user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
      user_pref("sweetim.toolbar.previous.keyword.URL", "");
      user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
      user_pref("sweetim.toolbar.searchguard.enable", "");
      user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
      user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

      ---- Lines SweetIM modified from prefs.js ----


      ---- FireFox user.js and prefs.js backups ----

      prefs_02-09-2013_2206_.backup

      ==== Deleting Files \ Folders ======================

      "C:\Users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\4bq8foki.default\searchplugins\WebSearch.xml" deleted
      "C:\Users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\4bq8foki.default\searchplugins\WebSearch.xml" deleted
      "C:\Programdata\Windows" deleted
      "C:\ProgramData\savoeenshareo a" deleted
      "C:\Program Files (x86)\SaveShare" deleted
      "C:\Program Files (x86)\1ClickDownload" deleted
      "C:\Program Files (x86)\WebSearch" deleted
      "C:\ProgramData\InstallMate" deleted
      "C:\Users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\4bq8foki.default\extensions\[email protected]" deleted

      ==== Files Recently Created / Modified ======================

      ====== C:\Windows ====
      ====== C:\Users\DEBCBF~1.HUW\AppData\Local\Temp ====
      2013-09-02 16:14:11 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Users\DEBCBF~1.HUW\AppData\Local\Temp\ESGScanner.sys
      2013-09-02 16:03:43 9FF765D961D3C51E709781AA4061C5BB 46974032 ----a-w- C:\Users\DEBCBF~1.HUW\AppData\Local\Temp\SHSetup.exe
      ====== C:\Windows\SysWOW64 =====
      2013-08-20 17:58:47 C5EEAA837E52F7B4763D5678CEDB9FF4 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
      2013-08-20 17:58:47 9C89AF1C0D74AEB51025F4B7A1A27A6E 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
      2013-08-20 17:58:47 87246CCD0088A7C7DE9ECAEC346DBB68 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll
      2013-08-20 17:58:46 E500CEACB8FA2114C76FE39005F79C2D 231936 ----a-w- C:\Windows\SysWOW64\url.dll
      2013-08-20 17:58:46 CA8860800EF5E387D0D4CC27F64E8011 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
      2013-08-20 17:58:46 6839F14A2507D9273BD13565DD880377 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
      2013-08-20 17:58:46 3711B49D8CF265A24CD82FB3BCFFB1D5 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
      2013-08-20 17:58:45 F3F218BAE79C4C104DFC44D8D530FD7C 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
      2013-08-20 17:58:45 E8B57171FBDC576F4ECBB075179C308B 1104384 ----a-w- C:\Windows\SysWOW64\urlmon.dll
      2013-08-20 17:58:45 E5085AC9642756F6467F0A28B85477E2 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
      2013-08-20 17:58:45 127359736B0A2093249F20B3B0395BBE 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
      2013-08-20 17:58:45 079C80C13024923DCF3DCCB4D8357637 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll
      2013-08-20 17:58:44 C4C06D8FDF02BD36497BD91825BB4C17 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll
      2013-08-20 17:58:44 7161E761E81356C8EF6383CB1AE41B8D 12334080 ----a-w- C:\Windows\SysWOW64\mshtml.dll
      2013-08-20 17:58:44 0A725B5A547DE3B4C0E7A0F6F6E972A5 65536 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
      2013-08-20 17:58:42 22BEE919EE9E20F6DA460F0EB5F37B03 9738752 ----a-w- C:\Windows\SysWOW64\ieframe.dll
      ====== C:\Windows\SysWOW64\drivers =====
      ====== C:\Windows\Sysnative =====
      2013-08-20 17:58:47 60109B1F6734770F27446BD7BF056F56 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
      2013-08-20 17:58:47 137A8EDEA806845F7042BE80A501BEF2 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
      2013-08-20 17:58:46 CA87556BBA37D1B4F67C331186618673 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
      2013-08-20 17:58:46 BBD3F2A134249E0752A7FCC815204EE8 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
      2013-08-20 17:58:46 7FE0D30B96E5DBE51F285B9AC6028453 237056 ----a-w- C:\Windows\Sysnative\url.dll
      2013-08-20 17:58:46 4DC3BA4DAD1737AE700A62CF0D058E4F 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
      2013-08-20 17:58:45 CCADB1BFF9BD1966496A9C786E9B02C4 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
      2013-08-20 17:58:45 B641368D3216D322EB8C1D6E433CD223 1346560 ----a-w- C:\Windows\Sysnative\urlmon.dll
      2013-08-20 17:58:45 A2B1F95AD5458E27F002449C76B0C46F 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll
      2013-08-20 17:58:45 87753A2B2D08E8750C5CC62FCFD515E8 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll
      2013-08-20 17:58:45 82D66A2EBCD2F24EAFDE1F2447C09915 86016 ----a-w- C:\Windows\Sysnative\jsproxy.dll
      2013-08-20 17:58:45 67F087197309C807412CC8C70BA10766 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll
      2013-08-20 17:58:44 57DDFF8D8DDE2F369335C678422BB71A 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
      2013-08-20 17:58:44 3D85AC4E844FC488C139DF829AC6270D 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll
      2013-08-20 17:58:43 7D9371E3C8CF927D0A2A1D9E1161C324 17830400 ----a-w- C:\Windows\Sysnative\mshtml.dll
      2013-08-20 17:58:42 114BD6A60D8D5BCCDFA826ADEBA48D04 10926080 ----a-w- C:\Windows\Sysnative\ieframe.dll
      ====== C:\Windows\Sysnative\drivers =====
      2013-09-02 16:37:28 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
      2013-08-14 05:39:37 DB74544B75566C974815E79A62433F29 1910208 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
      2013-08-14 05:39:37 4CE278FC9671BA81A138D70823FCAA09 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
      ====== C:\Windows\Tasks ======
      ====== C:\Windows\Temp ======
      ======= C:\Program Files =====
      2013-09-02 16:14:09 -------- d-----w- C:\Program Files\Enigma Software Group
      ======= C:\Program Files (x86) =====
      2013-09-02 16:13:54 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
      ======= C: =====
      2013-09-02 16:14:32 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
      ====== C:\Users\D.E. Huw\AppData\Roaming ======
      2013-09-02 16:14:10 -------- d-----w- C:\users\D.E. Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
      ====== C:\Users\D.E. Huw ======
      2013-09-02 16:49:51 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\D.E. Huw\Desktop\ne5tndj9.exe
      2013-09-02 16:48:30 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\D.E. Huw\Desktop\dds.com
      2013-09-02 16:40:43 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\D.E. Huw\Downloads\Defogger.exe
      2013-09-02 16:34:57 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\D.E. Huw\Downloads\mbam-setup-1.75.0.1300.exe
      2013-09-02 16:03:35 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\D.E. Huw\Downloads\SpyHunter-Installer.exe
      2013-09-02 15:50:55 -------- d-----w- C:\ProgramData\SummerSoft

      ====== C: exe-files ==
      2013-09-02 16:49:51 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\D.E. Huw\Desktop\ne5tndj9.exe
      2013-09-02 16:41:13 25D473D7805261C752DA738B13E35816 185271 ----a-w- C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP\WiseCustomCalla31.exe
      2013-09-02 16:40:43 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\D.E. Huw\Downloads\Defogger.exe
      2013-09-02 16:36:56 57E626878D667E65127D1725279B0965 12384 ----atw- C:\Users\D.E. Huw\AppData\Local\Temp\{BC327009-F46A-4212-A0F9-BC4867D152FF}\x86\regsvr32.exe
      2013-09-02 16:36:56 157FE300857E06020BCB38A04D5B3B75 12896 ----atw- C:\Users\D.E. Huw\AppData\Local\Temp\{BC327009-F46A-4212-A0F9-BC4867D152FF}\x64\regsvr32.exe
      2013-09-02 16:34:57 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\D.E. Huw\Downloads\mbam-setup-1.75.0.1300.exe
      2013-09-02 16:31:08 8C4CA11C7FC4B47FDD51B6EF5DF8F642 16384 ----a-w- C:\Users\D.E. Huw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26QSYTOI\OptimizerPro[1].exe
      2013-09-02 16:13:55 EDB10586A061A621BBA2CB32E5E3220B 190429 ----a-w- C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP\WiseCustomCalla37.exe
      2013-09-02 16:03:43 9FF765D961D3C51E709781AA4061C5BB 46974032 ----a-w- C:\Users\D.E. Huw\AppData\Local\Temp\SHSetup.exe
      2013-09-02 16:03:35 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\D.E. Huw\Downloads\SpyHunter-Installer.exe
      2013-09-02 15:50:55 57E626878D667E65127D1725279B0965 12384 ----atw- C:\Users\D.E. Huw\AppData\Local\Temp\{EFC11348-197C-40BA-A251-515E342231BE}\x86\regsvr32.exe
      2013-09-02 15:50:55 157FE300857E06020BCB38A04D5B3B75 12896 ----atw- C:\Users\D.E. Huw\AppData\Local\Temp\{EFC11348-197C-40BA-A251-515E342231BE}\x64\regsvr32.exe
      2013-09-01 15:57:41 F36154F2BEB4B535E6F0752C82625D01 7912288 ----a-w- C:\Users\D.E. Huw\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.62\29.0.1547.62_28.0.1500.95_chrome_updater.exe
      === C: other files ==
      2013-09-02 16:48:30 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\D.E. Huw\Desktop\dds.com
      2013-09-02 16:37:28 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2013-09-02 16:14:32 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
      2013-09-02 16:14:11 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Users\D.E. Huw\AppData\Local\Temp\ESGScanner.sys
      2013-08-28 20:28:43 6DE5748145263028207BD7E9730E16ED 50416 ----a-w- C:\Users\D.E. Huw\Downloads\star-trek-into-darkness_english-777624.zip

      ==== Firefox Extensions ======================

      ProfilePath: C:\Users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\4bq8foki.default
      - SearchNewTab - %ProfilePath%\extensions\[email protected]
      - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

      AppDir: C:\Program Files (x86)\Mozilla Firefox
      - TrueSuite Website Logon - %AppDir%\extensions\[email protected]
      - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

      ==== Firefox Plugins ======================

      Profilepath: C:\Users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\077p7xkq.default-1369935421380
      99B4B884FE9A878B4822F7F326C90CE1 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll - Shockwave Flash

      Profilepath: C:\Users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\4bq8foki.default
      0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
      101700E93EB905992B518256CB441829 - C:\Users\D.E. Huw\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
      D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
      66640A55AEFF3819C94E0A8D40D7E0AD - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director
      99B4B884FE9A878B4822F7F326C90CE1 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll - Shockwave Flash
      15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


      ==== Deleting Files \ Folders ======================

      "C:\Users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\4bq8foki.default\extensions\[email protected]" deleted

      ==== Chrome Look ======================

      HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
      dfaldikcoaplhepekpbngkepfcoiihef - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[22-08-2011 05:50]

      YouTube - D.E. Huw - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      Google Search - D.E. Huw - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      Website Logon - D.E. Huw - Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef
      SearchNewTab - D.E. Huw - Default\Extensions\fhmleehfdcchiimnkkiokimjdmdfenih
      savoeenshareo a - D.E. Huw - Default\Extensions\pgbaleemibdfiojgebmdpmegpbidkaej
      Gmail - D.E. Huw - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

      ==== Chrome Fix ======================

      C:\Users\D.E. Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbaleemibdfiojgebmdpmegpbidkaej deleted successfully

      ==== Set IE to Default ======================

      Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.google.com/"
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://websearch.searchiseasy.info/?pid=821&r=2013/09/02&hid=8485014585532956450&lg=EN&cc=NL&unqvl=33"
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
      "Start Page"="http://websearch.searchiseasy.info/?pid=821&r=2013/09/02&hid=8485014585532956450&lg=EN&cc=NL&unqvl=33"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}] not found

      New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.google.com/"
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
      "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

      ==== All HKCU SearchScopes ======================

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"
      {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"
      {d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}"

      ==== Empty IE Cache ======================

      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\D.E. Huw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
      C:\Users\D.E. Huw\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\D.E. Huw\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\D.E. Huw\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\D.E. Huw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

      ==== Empty FireFox Cache ======================

      C:\users\D.E. Huw\AppData\Local\Mozilla\Firefox\Profiles\077p7xkq.default-1369935421380\Cache emptied successfully
      C:\users\D.E. Huw\AppData\Local\Mozilla\Firefox\Profiles\4bq8foki.default\Cache emptied successfully

      ==== Empty Chrome Cache ======================

      C:\users\D.E. Huw\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

      ==== Empty All Flash Cache ======================

      Flash Cache Emptied Successfully

      ==== Empty All Java Cache ======================

      Java Cache cleared successfully

      ==== After Reboot ======================

      ==== Empty Temp Folders ======================

      C:\Windows\Temp successfully emptied
      C:\Users\DEBCBF~1.HUW\AppData\Local\Temp successfully emptied

      ==== Empty Recycle Bin ======================

      C:\$RECYCLE.BIN successfully emptied

      ==== Deleting Files / Folders ======================

      "C:\Users\D.E. Huw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

      ==== EOF on ma 02-09-2013 at 22:09:19,96 ======================

      Comment


      • #4
        Download ComboFix van één van deze locaties:

        Link 1
        Link 2


        * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

        >>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.






        1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

        * (hier of hier

        2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
        3. Dubbelklik op "Combofix.exe" om de tool te starten.
        4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

        * Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

        5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          ComboFix 13-09-04.04 - D.E. Huw 04-09-2013 21:27:28.1.8 - x64
          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8140.4670 [GMT 2:00]
          Gestart vanuit: c:\users\D.E. Huw\Desktop\ComboFix.exe
          SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          .
          .
          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          c:\programdata\Roaming
          c:\users\D.E. Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhmleehfdcchiimnkkiokimjdmdfenih
          c:\users\D.E. Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhmleehfdcchiimnkkiokimjdmdfenih\1.0\background.html
          c:\users\D.E. Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhmleehfdcchiimnkkiokimjdmdfenih\1.0\content.js
          c:\users\D.E. Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhmleehfdcchiimnkkiokimjdmdfenih\1.0\iWobQyY.js
          c:\users\D.E. Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhmleehfdcchiimnkkiokimjdmdfenih\1.0\lsdb.js
          c:\users\D.E. Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhmleehfdcchiimnkkiokimjdmdfenih\1.0\manifest.json
          c:\users\D.E. Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhmleehfdcchiimnkkiokimjdmdfenih\1.0\newtab.html
          c:\users\D.E. Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhmleehfdcchiimnkkiokimjdmdfenih\1.0\sqlite.js
          c:\users\D.E. Huw\Documents\~WRL1082.tmp
          .
          .
          (((((((((((((((((((( Bestanden Gemaakt van 2013-08-04 to 2013-09-04 ))))))))))))))))))))))))))))))
          .
          .
          2013-09-04 19:30 . 2013-09-04 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
          2013-09-04 19:30 . 2013-09-04 19:30 -------- d-----w- c:\users\DEBCBF~1~HUW\AppData\Local\temp
          2013-09-04 00:16 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DF9C283-1A05-43C9-8B71-0AC0F4E6B6A6}\mpengine.dll
          2013-09-02 20:08 . 2013-09-04 19:30 -------- d-----w- c:\users\D.E. Huw\AppData\Local\Temp
          2013-09-02 20:08 . 2013-09-02 20:02 24064 ----a-w- c:\windows\zoek-delete.exe
          2013-09-02 16:37 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
          2013-09-02 16:14 . 2013-09-02 16:14 -------- d-----w- c:\program files\Enigma Software Group
          2013-09-02 16:13 . 2013-09-02 16:41 -------- d-----w- c:\windows\86CA3695A4124BAE92B649A60C2AC663.TMP
          2013-09-02 16:13 . 2013-09-02 16:13 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
          2013-09-02 15:50 . 2013-09-02 15:50 -------- d-----w- c:\programdata\SummerSoft
          2013-08-23 14:24 . 2013-08-23 14:24 -------- d-----w- C:\HP_TOOLS_mountHPSF
          2013-08-14 05:39 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
          .
          .
          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2013-08-23 14:23 . 2012-06-19 21:37 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
          2013-08-23 14:23 . 2011-11-28 00:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
          2013-07-09 04:45 . 2013-08-14 05:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
          2013-07-02 08:14 . 2013-07-02 08:14 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
          2013-07-02 08:14 . 2012-06-18 14:51 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
          2013-07-02 08:14 . 2011-09-03 17:06 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
          .
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
          REGEDIT4
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
          @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
          [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
          2013-05-25 00:36 130736 ----a-w- c:\users\D.E. Huw\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
          @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
          [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
          2013-05-25 00:36 130736 ----a-w- c:\users\D.E. Huw\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
          @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
          [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
          2013-05-25 00:36 130736 ----a-w- c:\users\D.E. Huw\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
          .
          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-19 4786048]
          "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]
          "KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
          "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
          "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
          "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384]
          "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
          "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
          "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
          "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
          "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
          "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
          "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
          "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992]
          "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
          "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
          "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
          "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
          "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
          "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
          .
          c:\users\D.E. Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
          Dropbox.lnk - c:\users\D.E. Huw\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "ConsentPromptBehaviorAdmin"= 5 (0x5)
          "ConsentPromptBehaviorUser"= 3 (0x3)
          "EnableUIADesktopToggle"= 0 (0x0)
          "HideFastUserSwitching"= 0 (0x0)
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
          "EnableShellExecuteHooks"= 1 (0x1)
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
          "LoadAppInit_DLLs"=1 (0x1)
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
          @=""
          .
          R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
          R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
          R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/22 10:02;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
          R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
          R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
          R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;d:\bitcomet\tools\BitCometService.exe;d:\bitcomet\tools\BitCometService.exe [x]
          R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
          R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
          R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
          R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
          R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
          R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
          R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFlt Coex.sys [x]
          R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
          R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
          R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
          R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
          R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNX T6.SYS [x]
          R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
          R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
          R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\dr ivers\TsUsbGD.sys [x]
          R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
          R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
          R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
          S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
          S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
          S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
          S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
          S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
          S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
          S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
          S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
          S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
          S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
          S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
          S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
          S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
          S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
          S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
          S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
          S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
          S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
          S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
          S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
          S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
          S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
          S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
          S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
          S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
          .
          .
          --- Andere Services/Drivers In Geheugen ---
          .
          *Deregistered* - CLKMDRV10_38F51D56
          .
          Inhoud van de 'Gedeelde Taken' map
          .
          2013-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
          - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 14:23]
          .
          2013-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1180847874-3649552514-4221465238-1001Core.job
          - c:\users\D.E. Huw\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-30 21:24]
          .
          2013-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1180847874-3649552514-4221465238-1001UA.job
          - c:\users\D.E. Huw\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-30 21:24]
          .
          2013-09-02 c:\windows\Tasks\HPCeeScheduleForD.E. Huw.job
          - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
          .
          .
          --------- X64 Entries -----------
          .
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
          @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
          [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
          2013-05-25 00:36 164016 ----a-w- c:\users\D.E. Huw\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
          @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
          [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
          2013-05-25 00:36 164016 ----a-w- c:\users\D.E. Huw\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
          @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
          [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
          2013-05-25 00:36 164016 ----a-w- c:\users\D.E. Huw\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
          @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
          [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
          2013-05-25 00:36 164016 ----a-w- c:\users\D.E. Huw\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
          "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
          "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
          "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
          "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]
          "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
          .
          ------- Bijkomende Scan -------
          .
          uStart Page = hxxp://www.google.com/
          uLocal Page = c:\windows\system32\blank.htm
          mLocal Page = c:\windows\SysWOW64\blank.htm
          uInternet Settings,ProxyOverride = *.local
          IE: &D&ownload &met BitComet - d:\bitcomet\BitComet.exe/AddLink.htm
          IE: &D&ownload alles met BitComet - d:\bitcomet\BitComet.exe/AddAllLink.htm
          IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
          TCP: Interfaces\{6E45E765-8A7A-4F93-BE96-F4B93729B12E}: NameServer = 130.115.15.2 130.115.1.1
          FF - ProfilePath - c:\users\D.E. Huw\AppData\Roaming\Mozilla\Firefox\Profiles\4bq8foki.default\
          .
          - - - - ORPHANS VERWIJDERD - - - -
          .
          Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
          Wow6432Node-HKLM-Run-<NO NAME> - (no file)
          HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
          AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
          AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe
          AddRemove-SP_703c874a - c:\program files (x86)\SaveShare\uninstall.exe
          AddRemove-{62D82EC1-0D3A-DF54-8E3E-07E1337A5311} - c:\programdata\savoeenshareo a\Vvev.exe
          AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
          .
          .
          .
          --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
          .
          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="FlashBroker"
          "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
          "Enabled"=dword:00000001
          .
          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
          @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="IFlashBroker5"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
          @="{00020424-0000-0000-C000-000000000046}"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          "Version"="1.0"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="FlashBroker"
          "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
          "Enabled"=dword:00000001
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
          @Denied: (A 2) (Everyone)
          @="Shockwave Flash Object"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
          "ThreadingModel"="Apartment"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
          @="0"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
          @="ShockwaveFlash.ShockwaveFlash.11"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
          @="1.0"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
          @="ShockwaveFlash.ShockwaveFlash"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
          @Denied: (A 2) (Everyone)
          @="Macromedia Flash Factory Object"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
          "ThreadingModel"="Apartment"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
          @="FlashFactory.FlashFactory.1"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
          @="1.0"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
          @="FlashFactory.FlashFactory"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="IFlashBroker5"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
          @="{00020424-0000-0000-C000-000000000046}"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          "Version"="1.0"
          .
          [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          "BlindDial"=dword:00000000
          .
          [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          "BlindDial"=dword:00000000
          .
          [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
          @Denied: (Full) (Everyone)
          .
          Voltooingstijd: 2013-09-04 21:31:53
          ComboFix-quarantined-files.txt 2013-09-04 19:31
          .
          Pre-Run: 53.245.018.112 bytes beschikbaar
          Post-Run: 53.134.970.880 bytes beschikbaar
          .
          - - End Of File - - 72C89E317639F5D15E29250952DD6461

          Comment


          • #6
            Mooi zo, gaat het al beter nu?

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              sorry voor de late reactie. Had een tijde mijn laptop niet bij me. Alles ziet er goed uit. Behalve dan dat ik altijd twee windows updates moet uitvoeren als ik afsluit. Kan dit komen door de virussen en/of aanpassingen die gemaakt zijn?

              Comment


              • #8
                Download de Emsisoft Emergency Kit naar het bureaublad.
                Klik hier voor de complete / uitgebreide handleiding van de Emsisoft Emergency Kit.
                • Dubbelklik op "EmsisoftEmergencyKit.exe", wanneer u een melding krijgt van het gebruikersaccountbeheer staat u dit toe.
                • Klik vervolgens op de knop "Accept & Extract" en de bestanden worden nu automatisch uitgepakt naar de systeemschijf "C:\EEK".
                • Wanneer het uitpakken gereed is wordt er een snelkoppeling op het bureaublad aangemaakt en zal de Emsisoft Emergency Kit vanzelf openen.
                • Klik nu op de optie "Emergency Kit Scanner" en wanneer u de melding "Wilt u nu updaten?" krijgt klikt u op "Ja".
                • Wanneer de update gereed is klikt u in het linker menu op de optie "Computer Scannen".
                • Kies vervolgens de optie "Diep", deze scan kan geruime tijd in beslag nemen en gebruik bij voorkeur de computer niet voor andere bezigheden tijdens de scan.
                • Wanneer de scan gereed is zorg dat alle items staan aangevinkt en klik op de knop "Quarantaine".
                • Klik vervolgens op de knop "Rapport bekijken" en plaats de inhoud van dit bestand in uw volgende bericht. (Het logbestand is teven terug te vinden op de systeemschijf (C:\EEK\Run\Reports) met de naam a2scan_130711-154142.txt

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Emsisoft Emergency Kit - Versie 4.0
                  Laatste Update: 12-9-2013 2:23:09
                  Gebruikersaccount: DEHuw-HP\D.E. Huw

                  Scaninstellingen:

                  Scanmodus: Diepe scan
                  Objecten: Rootkits, Geheugen, Sporen, C:\, D:\, E:\

                  Detecteer PUPs: Aan
                  Scan archieven: Aan
                  ADS Scan: Aan
                  Bestandsextensiefilter: Uit
                  Geavanceerde cache: Aan
                  Directe schijftoegang: Uit

                  Scan gestart: 12-9-2013 2:23:42
                  C:\Program Files (x86)\EViews7\EV7 Crack Win7.exe Ontdekt: Backdoor.Generic.701098 (B)
                  D:\Downloads\EViews7\Crack\EV7 Crack Win7.exe Ontdekt: Backdoor.Generic.701098 (B)
                  D:\Downloads\EViews7\Crack\EV7 Crack XP.exe Ontdekt: Backdoor.Generic.701098 (B)

                  Gescand: 512301
                  Gevonden: 3

                  Scan geëindigd: 12-9-2013 2:52:54
                  Scantijd: 0:29:12

                  C:\Program Files (x86)\EViews7\EV7 Crack Win7.exe In quarantaine geplaatst Backdoor.Generic.701098 (B)
                  D:\Downloads\EViews7\Crack\EV7 Crack Win7.exe In quarantaine geplaatst Backdoor.Generic.701098 (B)
                  D:\Downloads\EViews7\Crack\EV7 Crack XP.exe In quarantaine geplaatst Backdoor.Generic.701098 (B)

                  In quarantaine geplaatst 3

                  Comment


                  • #10
                    Zo te zien gebruik je cracks en dat is doorgaans vragen om moeilijkheden. Anyway, hoe gaat het nu?

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      Het is nu wel goed denk ik. En inderdaad heb een aantal cracks... Ik moet mijn gedrag maar flink aanpassen.
                      En hartstikke bedankt voor de hulp!

                      Comment


                      • #12
                        Download Delfix by Xplode naar het bureaublad.

                        Dubbelklik op Delfix.exe om de tool te starten.
                        Zet nu vinkjes voor de volgende items:
                        • Activate UAC
                        • Remove disinfection tools
                        • Create registry backup
                        • Purge System Restore
                        • Reset system settings

                        Klik nu op "Run" en wacht geduldig tot de tool gereed is.
                        Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

                        Windows 10 opstarten in Veilige Modus

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X