Mededeling

Collapse
No announcement yet.

zidanaho2

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • zidanaho2

    Hoi,

    een laptop van een collega.
    langzaam en diverse besmettingen via mailwarebytes verwijderd.
    hieronder diverse logs.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.11.06.08

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Gebruiker :: GEBRUIK-OJO8BGS [administrator]

    6-11-2013 19:35:30
    mbam-log-2013-11-06 (19-35-30).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 264290
    Verstreken tijd: 18 minuut/minuten, 8 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 14
    HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\b (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 2
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://search.babylon.com/?affID=115...0000225f12ab02 -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 2
    C:\Users\Gebruiker\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Thomas\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 8
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.4.9\BabylonToolbarsrv.exe (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.4.9\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\$Recycle.Bin\S-1-5-21-1454455844-2458062499-2177527646-1003\$R83B96B.exe (PUP.Optional.RegCleanerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\$Recycle.Bin\S-1-5-21-1454455844-2458062499-2177527646-1003\$RH2NBZ8.exe (PUP.Optional.Vittalia) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Thomas\AppData\Local\Temp\instloffer.exe (PUP.Optional.VIT.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Thomas\Downloads\microsoft-excel-2010.exe (PUP.Optional.Freemium.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Gebruiker\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Thomas\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16514
    Run by Gebruiker at 20:23:12 on 2013-11-06
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.1913.1067 [GMT 1:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
    C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG2014\avgidsagent.exe
    C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\AVG\AVG2014\avgnsx.exe
    C:\Program Files\AVG\AVG2014\avgemcx.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\AVG\AVG2014\avgui.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    uSearch Page = hxxp://www.google.nl
    uDefault_Page_URL = www.google.nl
    dURLSearchHooks: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dll
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [DataCardMonitor] c:\program files\t-mobile\t-mobile internet manager\DataCardMonitor.exe
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoResolveTrack = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{BC9A0797-5980-4C90-B2DF-748CE25E4D63} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{BC9A0797-5980-4C90-B2DF-748CE25E4D63}\D4F62696C6560284F6473707F6470203934313 : DHCPNameServer = 10.0.0.2 10.0.0.3
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 145720]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 223032]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 27448]
    R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-9-2 209208]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22840]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 176952]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-12-21 37664]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-6-25 1015984]
    R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files\common files\avg secure search\vtoolbarupdater\17.0.12\ToolbarUpdater.exe [2013-10-2 1734680]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-12-16 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-8 14848]
    S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
    S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-11-8 24064]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-8 49664]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-8 27136]
    S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2012-11-7 1343400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2013-11-06 19:07:14 -------- d-----w- c:\windows\system32\appmgmt
    2013-11-06 18:34:47 -------- d-----w- c:\users\gebruiker\appdata\roaming\Malwarebytes
    2013-11-06 18:34:30 -------- d-----w- c:\programdata\Malwarebytes
    2013-11-06 18:34:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-11-06 18:34:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-11-06 18:33:44 -------- d-----w- c:\users\gebruiker\appdata\local\Programs
    2013-11-06 18:29:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-11-06 18:29:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-11-06 18:13:48 -------- d-----w- c:\program files\CCleaner
    2013-11-06 17:48:29 -------- d-----w- c:\users\gebruiker\appdata\local\VirtualStore
    2013-10-28 17:57:52 -------- d-----w- c:\windows\system32\MRT
    2013-10-27 17:58:16 530432 ----a-w- c:\windows\system32\comctl32.dll
    2013-10-27 17:58:12 492544 ----a-w- c:\windows\system32\win32spl.dll
    2013-10-27 17:58:08 205824 ----a-w- c:\windows\system32\WebClnt.dll
    2013-10-27 17:58:07 81920 ----a-w- c:\windows\system32\davclnt.dll
    2013-10-27 17:58:05 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2013-10-27 17:57:54 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-10-27 17:57:43 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
    2013-10-27 17:57:41 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
    2013-10-27 17:57:31 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-10-27 17:57:28 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-10-27 17:57:28 231424 ----a-w- c:\windows\system32\mswsock.dll
    2013-10-27 17:57:03 652800 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-10-27 17:56:59 175104 ----a-w- c:\windows\system32\wintrust.dll
    2013-10-27 17:56:59 1166848 ----a-w- c:\windows\system32\crypt32.dll
    2013-10-27 17:56:58 140288 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-10-27 17:56:58 103936 ----a-w- c:\windows\system32\cryptnet.dll
    2013-10-27 17:56:41 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-10-27 17:56:26 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2013-10-27 17:56:24 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-10-27 17:56:24 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-10-27 17:54:26 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-10-27 17:53:55 903168 ----a-w- c:\windows\system32\certutil.exe
    2013-10-27 17:53:51 43008 ----a-w- c:\windows\system32\certenc.dll
    2013-10-27 17:52:40 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-10-27 17:52:36 509440 ----a-w- c:\windows\system32\qedit.dll
    2013-10-27 17:52:32 1505280 ----a-w- c:\windows\system32\d3d11.dll
    2013-10-27 17:51:34 2348544 ----a-w- c:\windows\system32\win32k.sys
    2013-10-27 17:51:31 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
    2013-10-27 17:51:30 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
    2013-10-27 17:51:30 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
    2013-10-27 17:51:29 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
    2013-10-27 17:50:38 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
    2013-10-27 17:50:35 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2013-10-27 17:50:34 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
    2013-10-27 17:50:10 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-10-27 17:49:33 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
    2013-10-27 17:49:32 392704 ----a-w- c:\program files\windows defender\MpClient.dll
    2013-10-27 17:49:32 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
    2013-10-27 17:49:28 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-10-27 17:49:24 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
    2013-10-27 17:49:14 47104 ----a-w- c:\windows\system32\appinfo.dll
    2013-10-27 17:49:14 1796096 ----a-w- c:\windows\system32\authui.dll
    2013-10-27 17:49:14 101720 ----a-w- c:\windows\system32\consent.exe
    2013-10-14 16:44:27 -------- d-----w- c:\users\gebruiker\appdata\roaming\AVG2014
    2013-10-14 16:39:50 -------- d-----w- c:\programdata\AVG2014
    2013-10-14 16:37:46 -------- d-----w- c:\users\gebruiker\appdata\local\Avg2014
    .
    ==================== Find3M ====================
    .
    2013-10-29 18:30:15 249856 ----a-w- c:\windows\system32\uxtheme.dll
    2013-10-29 18:29:14 37376 ----a-w- c:\windows\system32\themeservice.dll
    2013-10-02 11:40:17 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-09-25 18:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
    2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-09-10 20:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2013-09-08 20:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-09-02 08:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-09-02 08:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-09-02 08:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-09-02 08:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
    2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
    2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
    2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
    .
    ============= FINISH: 20:28:30,01 ===============


    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-11-06 21:12:43
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 149,05GB
    Running: niv223cy.exe; Driver: C:\Users\GEBRUI~1\AppData\Local\Temp\kxairaog.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x9056D690]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x9056D7B0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x9056D010]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x9056D490]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x9056D2D0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x9056D3B0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x9056D110]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x9056D1F0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x9056D590]

    ---- Kernel code sections - GMER 2.1 ----

    .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C399A5 1 Byte [06]
    .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C59512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntoskrnl.exe!KeRemoveQueueEx + 161F 82C60C14 8 Bytes [90, D6, 56, 90, B0, D7, 56, ...] {NOP ; SALC ; PUSH ESI; NOP ; MOV AL, 0xd7; PUSH ESI; NOP }
    .text ntoskrnl.exe!KeRemoveQueueEx + 1667 82C60C5C 4 Bytes [10, D0, 56, 90] {ADC AL, DL; PUSH ESI; NOP }
    .text ntoskrnl.exe!KeRemoveQueueEx + 1687 82C60C7C 4 Bytes [90, D4, 56, 90] {NOP ; AAM 0x56; NOP }
    .text ntoskrnl.exe!KeRemoveQueueEx + 1927 82C60F1C 8 Bytes [D0, D2, 56, 90, B0, D3, 56, ...] {RCL DL, 0x1; PUSH ESI; NOP ; MOV AL, 0xd3; PUSH ESI; NOP }
    .text ntoskrnl.exe!KeRemoveQueueEx + 1937 82C60F2C 8 Bytes [10, D1, 56, 90, F0, D1, 56, ...] {ADC CL, DL; PUSH ESI; NOP ; RCL DWORD [ESI-0x70], 0x1}
    .text ...
    ? C:\Users\GEBRUI~1\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven pad niet vinden. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] kernel32.dll!CreateThread 753EDCB2 5 Bytes JMP 6CBF75E3 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!EnableWindow 75D98D02 5 Bytes JMP 6CC39ED4 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!GetAsyncKeyState 75D9A256 5 Bytes JMP 6CBDDEDD C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!CallNextHookEx 75D9ABE1 5 Bytes JMP 6CC57FF1 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!UnhookWindowsHookEx 75D9ADF9 5 Bytes JMP 6CC7ED14 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!DefWindowProcA 75D9BB1C 7 Bytes JMP 6CBF980D C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!CreateWindowExA 75D9BF40 5 Bytes JMP 6CC03643 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!SetWindowsHookExW 75D9E30C 5 Bytes JMP 6CC325CC C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!CreateWindowExW 75D9EC7C 5 Bytes JMP 6CC603DF C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!GetKeyState 75DA2B4D 5 Bytes JMP 6CBDDDB3 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!IsDialogMessageW 75DA4104 5 Bytes JMP 6CD89C4A C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!DefWindowProcW 75DA507D 7 Bytes JMP 6CC58054 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!CreateDialogParamA 75DB1F42 5 Bytes JMP 6CD894B8 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!IsDialogMessage 75DB2019 5 Bytes JMP 6CD89C22 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!DialogBoxParamW 75DB3B9B 5 Bytes JMP 6CB9189B C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!CreateDialogIndirectParamA 75DB721D 5 Bytes JMP 6CD89528 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!CreateDialogIndirectParamW 75DBEA10 5 Bytes JMP 6CD89560 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!DialogBoxIndirectParamW 75DC3B7F 5 Bytes JMP 6CD89186 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!EndDialog 75DC3BA3 5 Bytes JMP 6CD89EF6 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!CreateDialogParamW 75DC5630 5 Bytes JMP 6CD894F0 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!SetKeyboardState 75DC695A 5 Bytes JMP 6CD8A511 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!SendInput 75DC7019 5 Bytes JMP 6CD8A4B9 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!SetCursorPos 75DDC1B0 5 Bytes JMP 6CD8A592 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!DialogBoxParamA 75DDCF42 5 Bytes JMP 6CD89121 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!DialogBoxIndirectParamA 75DDD274 5 Bytes JMP 6CD891EB C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!MessageBoxIndirectA 75DEE869 5 Bytes JMP 6CD890A8 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!MessageBoxIndirectW 75DEE963 5 Bytes JMP 6CD8902F C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!MessageBoxExA 75DEE9C9 5 Bytes JMP 6CD88FCB C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!MessageBoxExW 75DEE9ED 5 Bytes JMP 6CD88F67 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] USER32.dll!keybd_event 75DEEC3B 5 Bytes JMP 6CD8A476 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] SHELL32.dll!RealDriveType + 173D 760AFE30 4 Bytes [CF, 01, 57, 71] {IRET ; ADD [EDI+0x71], EDX}
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] SHELL32.dll!RealDriveType + 1745 760AFE38 8 Bytes [E0, 61, 56, 71, 79, F7, 56, ...] {LOOPNZ 0x63; PUSH ESI; JNO 0x7e; NOT DWORD [ESI+0x71]}
    .text C:\Program Files\Internet Explorer\iexplore.exe[1532] ole32.dll!OleLoadFromStream 76D86143 5 Bytes JMP 6CD89954 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!EnableWindow 75D98D02 5 Bytes JMP 6CC39ED4 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxParamW 75DB3B9B 5 Bytes JMP 6CB9189B C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxIndirectParamW 75DC3B7F 5 Bytes JMP 6CD89186 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxParamA 75DDCF42 5 Bytes JMP 6CD89121 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxIndirectParamA 75DDD274 5 Bytes JMP 6CD891EB C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxIndirectA 75DEE869 5 Bytes JMP 6CD890A8 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxIndirectW 75DEE963 5 Bytes JMP 6CD8902F C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxExA 75DEE9C9 5 Bytes JMP 6CD88FCB C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxExW 75DEE9ED 5 Bytes JMP 6CD88F67 C:\Windows\system32\IEFRAME.dll

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73CE24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CC562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CC56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73CE2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CD85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CD4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CD5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CD51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73CD6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CD8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CD8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CD90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CDE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73CD4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys

    ---- Threads - GMER 2.1 ----

    Thread System [4:3452] AED43F2E

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\[email protected] 127.0.0.1
    Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\[email protected] 127.0.0.1

    ---- EOF - GMER 2.1 ----

  • #2
    Download Zoek.zip naar het bureaublad.
    1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
    2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

    • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
    • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
      Code:
      emptyclsid;
      emptyfolderscheck;delete
      firefoxlook; 
      Chromelook; 
      autoclean; 
      iedefaults; 
      filesrcm;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Zoek.exe Version 4.0.0.5 Updated 05-November-2013
      Tool run by Gebruiker on do 07-11-2013 at 19:46:09,96.
      Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
      Running in: Normal Mode Internet Access Detected
      Launched: C:\Users\Gebruiker\Desktop\zoek\zoek.exe [Script inserted]

      ==== Older Logs ======================

      C:\zoek-results2013-11-07-183033.log 34158 bytes

      ==== Empty Folders Check ======================

      C:\Users\Gebruiker\AppData\Local\VirtualStore deleted successfully

      ==== Deleting CLSID Registry Keys ======================


      ==== Deleting CLSID Registry Values ======================


      ==== Deleting Services ======================


      ==== Files Recently Created / Modified ======================

      ====== C:\Windows ====
      ====== C:\Users\GEBRUI~1\AppData\Local\Temp ====
      ====== C:\Windows\system32 =====
      2013-11-07 18:31:02 5B2E4E90C04FB9AE9F2C5E99FF59B283 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll
      2013-11-06 20:28:02 58A43D9DFFF91C1457EC47BDCF969B59 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
      2013-11-06 20:28:02 4417377CEDABD9BD161FA7EDEDA175D4 745472 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2013-11-06 20:28:02 0402BFC25AB49E02256BC24E32829773 185344 ----a-w- C:\Windows\System32\elshyph.dll
      2013-11-06 20:28:01 E4FEB264B47360B7296AEA4E052F88D8 1767936 ----a-w- C:\Windows\System32\wininet.dll
      2013-11-06 20:28:01 DC7DB5BC0E2D135103730E08FE1C540D 39424 ----a-w- C:\Windows\System32\jsproxy.dll
      2013-11-06 20:28:01 C225E5307D8D4982A1687F2702C37C78 158720 ----a-w- C:\Windows\System32\msls31.dll
      2013-11-06 20:28:01 87E71F2A83681F41B796CA685818EF2D 163840 ----a-w- C:\Windows\System32\msrating.dll
      2013-11-06 20:28:01 61DC3F2BE3093FE22CD717260946D7AD 1141248 ----a-w- C:\Windows\System32\urlmon.dll
      2013-11-06 20:28:01 122B216B091D06F672CC8D331128FB06 2048512 ----a-w- C:\Windows\System32\iertutil.dll
      2013-11-06 20:28:00 AF0332E09DDBE0172237D1958A7DADB8 79872 ----a-w- C:\Windows\System32\mshtmled.dll
      2013-11-06 20:28:00 883C0D3A22CE87A3203CD5518EBB5758 493056 ----a-w- C:\Windows\System32\msfeeds.dll
      2013-11-06 20:28:00 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\System32\wextract.exe
      2013-11-06 20:28:00 338520304B99471BD0ED121954FE7863 82432 ----a-w- C:\Windows\System32\inseng.dll
      2013-11-06 20:28:00 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\System32\iexpress.exe
      2013-11-06 20:27:59 E02C01EB0ED522327AFF3BE5CBCF6017 690688 ----a-w- C:\Windows\System32\jscript.dll
      2013-11-06 20:27:59 A7221924181C8EB92B64C5A2D888BEA5 14335488 ----a-w- C:\Windows\System32\mshtml.dll
      2013-11-06 20:27:59 96E0F0BED5D9EBABB899D8CA83C36A7E 523264 ----a-w- C:\Windows\System32\vbscript.dll
      2013-11-06 20:27:59 81C4D657D37C3A5418B54BFECE821B84 57344 ----a-w- C:\Windows\System32\pngfilt.dll
      2013-11-06 20:27:59 80B47F0F45C3EBF41C30E0BA367D25D3 125440 ----a-w- C:\Windows\System32\occache.dll
      2013-11-06 20:27:59 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\System32\mshta.exe
      2013-11-06 20:27:59 351B1A5B8A02A59DD29D122B0D231FA6 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
      2013-11-06 20:27:59 25C762C80F0AB1AAACE2ED42D14A4808 137216 ----a-w- C:\Windows\System32\ieUnatt.exe
      2013-11-06 20:27:58 B96C13B5C85AC4240FE95DE115945D59 38400 ----a-w- C:\Windows\System32\imgutil.dll
      2013-11-06 20:27:58 8A45166CD9874463AB76B552C9C2D3AD 110592 ----a-w- C:\Windows\System32\IEAdvpack.dll
      2013-11-06 20:27:58 828B4A41BE891A7AEC07E693422B4A3A 117248 ----a-w- C:\Windows\System32\iepeers.dll
      2013-11-06 20:27:58 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\System32\msfeedssync.exe
      2013-11-06 20:27:58 2D7A29C35D0894481A69FA3AC45F18F0 41984 ----a-w- C:\Windows\System32\msfeedsbs.dll
      2013-11-06 20:27:57 A7E8E3A9F92D9B0D495F636A1D282883 48640 ----a-w- C:\Windows\System32\mshtmler.dll
      2013-11-06 20:27:57 6E9013E3D112E26A42EC057CAE990649 109056 ----a-w- C:\Windows\System32\iesysprep.dll
      2013-11-06 20:27:57 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
      2013-11-06 20:27:57 5E775F0C365F01A8A7382BBEFC4A53A5 391168 ----a-w- C:\Windows\System32\ieui.dll
      2013-11-06 20:27:57 5A847E98EAF032928E67EE52DE08952D 2876928 ----a-w- C:\Windows\System32\jscript9.dll
      2013-11-06 20:27:56 8F5EAAF76A6811332A8C67DB0D4C395F 13761024 ----a-w- C:\Windows\System32\ieframe.dll
      2013-11-06 20:27:56 414A3D9AAE072CDEFE0B64C2EBEE18D2 61952 ----a-w- C:\Windows\System32\tdc.ocx
      2013-11-06 20:27:55 E8433E4E65BDFB35DE5C2BFF745F1386 42496 ----a-w- C:\Windows\System32\ie4uinit.exe
      2013-11-06 20:27:55 DEFB55D4FF094673DF31FA89A8A8A2F0 226816 ----a-w- C:\Windows\System32\dxtrans.dll
      2013-11-06 20:27:55 C68FBBF01E86CB6CF0B797748FBD6C1A 357888 ----a-w- C:\Windows\System32\dxtmsft.dll
      2013-11-06 20:27:55 BE8F3297A0BC3D3E3B66D9A45F64F0B9 61440 ----a-w- C:\Windows\System32\iesetup.dll
      2013-11-06 20:27:55 932571EFF79B93F94E84ADF4989A277F 69120 ----a-w- C:\Windows\System32\icardie.dll
      2013-11-06 20:27:55 8C3D32A4A46326031309A43C52539D7F 1400416 ----a-w- C:\Windows\System32\ieapfltr.dat
      2013-11-06 20:27:55 556F70EDECE99CCD64C7D8897F3264F4 33280 ----a-w- C:\Windows\System32\iernonce.dll
      2013-11-06 20:27:55 4A47CAEA8D3B82DE439A79771ECED4B1 361984 ----a-w- C:\Windows\System32\html.iec
      2013-11-06 20:27:55 1FF56AC32B38A94C3C88497BD6E00C96 25185 ----a-w- C:\Windows\System32\ieuinit.inf
      2013-11-06 20:27:55 0F44172A5B34E8F208CD0F209EDD4A73 629248 ----a-w- C:\Windows\System32\ieapfltr.dll
      2013-11-06 20:27:54 E14A07B768EC49D382CABCE2F078D576 232960 ----a-w- C:\Windows\System32\url.dll
      2013-11-06 20:27:54 C28A634CF127DA67D566B5E14D0A0170 719360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
      2013-11-06 20:27:54 9D9AC6CE9A9D951AC40DE91CD6F0A620 1441280 ----a-w- C:\Windows\System32\inetcpl.cpl
      2013-11-06 20:27:54 404FAD93ABFBD86D1AAAB47D5DFA6505 242200 ----a-w- C:\Windows\System32\iedkcs32.dll
      2013-11-06 20:27:53 F0D4AE074D9BC0741DC6E91C741F2F8C 23040 ----a-w- C:\Windows\System32\licmgr10.dll
      2013-11-06 20:27:53 9DF7A7C74D8632CB5EBD37E3A374825E 204800 ----a-w- C:\Windows\System32\webcheck.dll
      2013-11-06 18:29:13 671BF94AEBB06EBA93354853D577EFFB 692616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
      2013-11-06 18:29:12 46978DB392281618885EDD80EDB34137 71048 ----a-w- C:\Windows\System32\FlashPlayerCPLApp.cpl
      2013-11-06 18:01:55 6951562DC4625EEFC6EACD52AD165866 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      2013-11-06 18:01:55 589CBC4989F750E1DA35625AB481CF43 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
      2013-11-06 18:01:55 3BE0D923AA45A4DBE091C2D84F0B4FE7 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
      2013-11-06 18:01:55 007863E45F25AA47A4C30D0930BBFD85 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      2013-11-06 18:01:54 C7A730AFB80B11F93EFC81B1D6F920D7 364544 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
      2013-11-06 18:01:54 6A7B5A3EFCCDB53DA41CF6838056990F 1158144 ----a-w- C:\Windows\System32\XpsPrint.dll
      2013-11-06 18:01:54 6A13B4F3B3F575F1E24B877B9359AABA 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
      2013-11-06 18:01:54 60F4AEFA103D421EA4A40E31409B4756 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
      2013-11-06 18:01:54 600A65F922CCDCBB2D11467914241556 2284544 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
      2013-11-06 18:01:54 49ACA548B2423F1C67898E6AC719A9A6 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
      2013-11-06 18:01:54 2E33DFD10F28F86C3FC40EE123CC3904 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
      2013-11-06 18:01:54 1C60E09CA1C3A045BC4D367F67C915B7 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
      2013-11-06 18:01:53 FB3F036EF6A467F7AF46C821FF5D198D 220160 ----a-w- C:\Windows\System32\d3d10core.dll
      2013-11-06 18:01:53 E12C4928B32ACE04610259647F072635 906240 ----a-w- C:\Windows\System32\FntCache.dll
      2013-11-06 18:01:53 545F1BAAADD0BF1F4FE4586293FCA07D 417792 ----a-w- C:\Windows\System32\WMPhoto.dll
      2013-11-06 18:01:53 4277F5164DE9B7C665BB928B9145BEE0 1247744 ----a-w- C:\Windows\System32\DWrite.dll
      2013-11-06 18:01:52 D4212AB475A3B25EC4DF574536C3EDC5 249856 ----a-w- C:\Windows\System32\d3d10_1core.dll
      2013-11-06 18:01:52 8504944851DF6175CC489A8F3328459E 1080832 ----a-w- C:\Windows\System32\d3d10.dll
      2013-11-06 18:01:52 62A6EB5771580CAE445804389F3F7432 207872 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
      2013-11-06 18:01:52 3C1936A12C62254F914A01BBC6A8DC69 161792 ----a-w- C:\Windows\System32\d3d10_1.dll
      2013-11-06 18:01:51 D4F264FE23F8953D840904418220C15E 293376 ----a-w- C:\Windows\System32\dxgi.dll
      2013-11-06 18:01:51 B3170CCC779B682C3341873EA60CF084 1988096 ----a-w- C:\Windows\System32\d3d10warp.dll
      2013-11-06 18:01:51 9FF8F684BACF326082E5562F7C104A79 3419136 ----a-w- C:\Windows\System32\d2d1.dll
      2013-11-06 18:01:51 8B285BDAB7735FDFB18E6F7122923B77 187392 ----a-w- C:\Windows\System32\UIAnimation.dll
      2013-11-06 18:01:51 4FF3EC04CD47DD62181894B71B004E40 604160 ----a-w- C:\Windows\System32\d3d10level9.dll
      2013-10-27 17:58:16 75F5E1FE8D55CF8E577E0EC5F2290D3F 530432 ----a-w- C:\Windows\System32\comctl32.dll
      2013-10-27 17:58:12 FC415B303B1ECF80B5F130A1F7203D02 492544 ----a-w- C:\Windows\System32\win32spl.dll
      2013-10-27 17:58:08 75E8EBD7040CE238684333F97014762A 205824 ----a-w- C:\Windows\System32\WebClnt.dll
      2013-10-27 17:58:07 EAF4712B706936C0B10D3B5319B37E81 81920 ----a-w- C:\Windows\System32\davclnt.dll
      2013-10-27 17:57:28 E94C583CDE2348950155F2AF2876F34D 231424 ----a-w- C:\Windows\System32\mswsock.dll
      2013-10-27 17:57:03 5A043BDA3BFADD5B4C16F3BDE5EC4312 652800 ----a-w- C:\Windows\System32\rpcrt4.dll
      2013-10-27 17:56:59 AE8EB083B050E17A7D6EB5E28AECDDD6 1166848 ----a-w- C:\Windows\System32\crypt32.dll
      2013-10-27 17:56:59 68EAAEDF0365168B804E8728368FA946 175104 ----a-w- C:\Windows\System32\wintrust.dll
      2013-10-27 17:56:58 7CA1BECEA5DE2643ADDAD32670E7A4C9 140288 ----a-w- C:\Windows\System32\cryptsvc.dll
      2013-10-27 17:56:58 7B851A8018B1EA00A69707A390004884 103936 ----a-w- C:\Windows\System32\cryptnet.dll
      2013-10-27 17:55:49 F632602316001D517F4EF3B53B9A6C33 26112 ----a-w- C:\Windows\System32\lpk.dll
      2013-10-27 17:55:49 8CC4638FA7B5B921B9080CF962582C0B 70656 ----a-w- C:\Windows\System32\fontsub.dll
      2013-10-27 17:55:49 7D27E63B54DB093BB0D9E95F81094D75 34304 ----a-w- C:\Windows\System32\atmlib.dll
      2013-10-27 17:55:49 5C6B44F9CAAC475B7B9EBBC29CB7F065 295424 ----a-w- C:\Windows\System32\atmfd.dll
      2013-10-27 17:55:49 2342EC9254F4C60CA98441BD65C89E12 10240 ----a-w- C:\Windows\System32\dciman32.dll
      2013-10-27 17:55:47 DA8AAF7E56F698608A89542131F74818 40960 ----a-w- C:\Windows\System32\wwanprotdim.dll
      2013-10-27 17:55:47 3C5E51C05BE9B56EAFF4E388C3AB25E4 186368 ----a-w- C:\Windows\System32\wwansvc.dll
      2013-10-27 17:55:42 45FBAFFA68CBC29AC2563985CEE72B9C 24576 ----a-w- C:\Windows\System32\cryptdlg.dll
      2013-10-27 17:55:12 482C8CD985C727C7C78A5E9B320947F0 3969472 ----a-w- C:\Windows\System32\ntkrnlpa.exe
      2013-10-27 17:55:11 813A7F5A2D6D366EB3FFB643B851BCE5 3914176 ----a-w- C:\Windows\System32\ntoskrnl.exe
      2013-10-27 17:55:10 E0B8C6B1EA1EF94747E966E9093FB968 1289096 ----a-w- C:\Windows\System32\ntdll.dll
      2013-10-27 17:55:10 401D25136E26B237D77DA1BF1198B3BD 619520 ----a-w- C:\Windows\System32\tdh.dll
      2013-10-27 17:55:09 DE91DCC7BC55E940979097E98F743205 69632 ----a-w- C:\Windows\System32\smss.exe
      2013-10-27 17:55:09 D67472125471784DE7147946EDA25FEB 640512 ----a-w- C:\Windows\System32\advapi32.dll
      2013-10-27 17:55:09 23AB7E36551C6BA5370EF7F05142F0EB 38912 ----a-w- C:\Windows\System32\csrsrv.dll
      2013-10-27 17:55:04 2A01B40C8334A8124001CFAC256FCA83 102608 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
      2013-10-27 17:54:23 6933E2AFF444A7A95D5C67E98449163E 868352 ----a-w- C:\Windows\System32\kernel32.dll
      2013-10-27 17:54:22 51BB04243DF6196C06E125898127E397 169984 ----a-w- C:\Windows\System32\winsrv.dll
      2013-10-27 17:54:22 2DE16A63F71D10B42ACE01E759078600 271360 ----a-w- C:\Windows\System32\conhost.exe
      2013-10-27 17:54:22 1E65CF7B26D02750544EFDD73C8118FA 293376 ----a-w- C:\Windows\System32\KernelBase.dll
      2013-10-27 17:54:11 E2ED66FAF894F545EB083AC5F5763854 434688 ----a-w- C:\Windows\System32\scavengeui.dll
      2013-10-27 17:53:55 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\System32\certutil.exe
      2013-10-27 17:53:51 CC917AC4D3F8756FF13174980B474791 43008 ----a-w- C:\Windows\System32\certenc.dll
      2013-10-27 17:52:40 0805487A6036A9F9C4E7AF7FEF835529 1620992 ----a-w- C:\Windows\System32\WMVDECOD.DLL
      2013-10-27 17:52:36 674EB817CF6E43B7DF3EC26E06E98D98 509440 ----a-w- C:\Windows\System32\qedit.dll
      2013-10-27 17:52:32 6DE66FE7C526637E74CD066461C7C871 1505280 ----a-w- C:\Windows\System32\d3d11.dll
      2013-10-27 17:51:34 445C354D772DFEBF46F73078C8C2C797 2348544 ----a-w- C:\Windows\System32\win32k.sys
      2013-10-27 17:51:17 E02781D4871844DCD30DF1D69A650F78 12872704 ----a-w- C:\Windows\System32\shell32.dll
      2013-10-27 17:51:16 2C4A87CA8C00E98EFDCFA2E8EC9A3503 180224 ----a-w- C:\Windows\System32\shdocvw.dll
      2013-10-27 17:50:10 D5E18BA95F9E7D787D25EF07AC68603E 2048 ----a-w- C:\Windows\System32\tzres.dll
      2013-10-27 17:49:14 EACFDF31921F51C097629F1F3C9129B4 47104 ----a-w- C:\Windows\System32\appinfo.dll
      2013-10-27 17:49:14 E904178851A6A44BFA97E064EF779E9D 1796096 ----a-w- C:\Windows\System32\authui.dll
      2013-10-27 17:49:14 B0BC447C758FF055D53FC6831FDB0344 101720 ----a-w- C:\Windows\System32\consent.exe
      ====== C:\Windows\system32\drivers =====
      2013-11-06 18:34:26 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2013-10-27 17:58:05 21F4B24ACFC79A483515BD986DD9043F 115712 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
      2013-10-27 17:57:54 5E43D2B0EE64123D4880DFA6626DEFDE 1211752 ----a-w- C:\Windows\System32\drivers\ntfs.sys
      2013-10-27 17:57:43 50ABE682EBE752EAF62B18790D6D491C 55808 ----a-w- C:\Windows\System32\drivers\hidclass.sys
      2013-10-27 17:57:41 F1B27299F547D452EDAEF01FC187CB91 25728 ----a-w- C:\Windows\System32\drivers\hidparse.sys
      2013-10-27 17:57:31 CA59F7C570AF70BC174F477CFE2D9EE3 1294272 ----a-w- C:\Windows\System32\drivers\tcpip.sys
      2013-10-27 17:57:28 F81BB7E487EDCEAB630A7EE66CF23913 338944 ----a-w- C:\Windows\System32\drivers\afd.sys
      2013-10-27 17:56:41 FE8A57C8E04EDD3AA8ADD8F3C8F65297 15872 ----a-w- C:\Windows\System32\drivers\usb8023.sys
      2013-10-27 17:56:26 E306A24D9694C724FA2491278BF50FDB 196328 ----a-w- C:\Windows\System32\drivers\fvevol.sys
      2013-10-27 17:56:24 E405328A0E38BF823E2361C413283F6D 218984 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
      2013-10-27 17:56:24 71BC35067CABC02C9453AEAA42B2E43E 729024 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
      2013-10-27 17:54:26 AAB149EE616952BB84308C28E75ED20D 187752 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
      2013-10-27 17:50:38 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys
      2013-10-27 17:50:35 DE014425522610BEDCA3821BB8C0F1D5 146816 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
      2013-10-27 17:50:34 2352AB5F9F8F097BF9D41D5A4718A041 86016 ----a-w- C:\Windows\System32\drivers\usbcir.sys
      2013-10-27 17:49:28 25944D2CC49E0A6C581D02A74B7D6645 527064 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
      2013-10-27 17:49:24 B37B08F2E5EEB1A37E448E09BACE1101 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
      ====== C:\Windows\Tasks ======
      2013-11-06 18:29:22 B98F7C25506A2284D8B43987F82FB3D8 3878 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater
      2013-11-06 18:29:21 774B0877A013C57BBD846EE13420EBE6 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
      ====== C:\Windows\Temp ======
      ======= C:\Program Files =====
      ======= C: =====
      ====== C:\Users\Gebruiker\AppData\Roaming ======
      2013-11-07 18:30:33 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Temp
      2013-11-06 18:33:44 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Programs
      2013-10-29 19:49:25 -------- d-----w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Roaming\WinRAR
      2013-10-15 16:01:19 -------- d-----w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Local\Google
      2013-10-14 17:47:33 -------- d-----w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Roaming\AVG2014
      2013-10-14 17:47:30 -------- d-----w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Local\Avg2014
      2013-10-14 17:46:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
      2013-10-14 17:46:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
      2013-10-14 17:46:37 -------- d-----w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Roaming\Identities
      2013-10-14 17:46:13 -------- d-s---w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Locallow\Microsoft
      2013-10-14 17:45:52 692453B0E252F9E052B76335B207617B 58016 ----a-w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Local\GDIPFONTCACHEV1.DAT
      2013-10-14 17:45:51 -------- d-s---w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Roaming\Microsoft
      2013-10-14 17:45:51 -------- d-----w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Roaming\TuneUp Software
      2013-10-14 17:45:51 -------- d-----w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Roaming\Media Center Programs
      2013-10-14 17:45:51 -------- d-----w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Roaming\Adobe
      2013-10-14 17:45:51 -------- d-----w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Local\Temp
      2013-10-14 17:45:51 -------- d-----w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Local\Microsoft
      2013-10-14 17:45:51 -------- d-----w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Local\Adobe
      2013-10-14 17:45:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
      2013-10-14 17:45:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
      2013-10-14 16:44:27 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\AVG2014
      2013-10-14 16:43:23 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2014
      2013-10-14 16:39:40 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014
      2013-10-14 16:37:46 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Avg2014
      2013-10-11 13:46:51 BB20B79C0C1B3819A4FCBB289F7ED424 57560 ----a-w- C:\Users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT
      2013-10-11 13:46:50 -------- d-s---w- C:\Users\TEMP\AppData\Roaming\Microsoft
      2013-10-11 13:46:50 -------- d-----w- C:\Users\TEMP\AppData\Roaming\TuneUp Software
      2013-10-11 13:46:50 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Media Center Programs
      2013-10-11 13:46:50 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Adobe
      2013-10-11 13:46:50 -------- d-----w- C:\Users\TEMP\AppData\Local\Temp
      2013-10-11 13:46:50 -------- d-----w- C:\Users\TEMP\AppData\Local\Microsoft
      2013-10-11 13:46:50 -------- d-----w- C:\Users\TEMP\AppData\Local\Adobe
      2013-10-11 13:46:50 -------- d-----r- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
      2013-10-11 13:46:50 -------- d-----r- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
      ====== C:\Users\Gebruiker ======
      2013-11-06 19:17:43 F7C5B5C74D69EEA3549E3C6A8FD859B0 20 ----a-w- C:\Users\Gebruiker\defogger_reenable
      2013-11-06 19:16:57 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Gebruiker\Desktop\niv223cy.exe
      2013-11-06 19:15:31 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Gebruiker\Desktop\dds.com
      2013-11-06 19:14:37 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Gebruiker\Desktop\Defogger.exe
      2013-10-14 17:46:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\Searches
      2013-10-14 17:46:31 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\Contacts
      2013-10-14 17:45:52 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\thomas.GEBRUIK-OJO8BGS\ntuser.ini
      2013-10-14 17:45:51 -------- d--h--w- C:\Users\thomas.GEBRUIK-OJO8BGS\AppData
      2013-10-14 17:45:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\Videos
      2013-10-14 17:45:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\Saved Games
      2013-10-14 17:45:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\Pictures
      2013-10-14 17:45:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\Music
      2013-10-14 17:45:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\Links
      2013-10-14 17:45:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\Favorites
      2013-10-14 17:45:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\Downloads
      2013-10-14 17:45:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\Documents
      2013-10-14 17:45:51 -------- d-----r- C:\Users\thomas.GEBRUIK-OJO8BGS\Desktop
      2013-10-14 16:39:50 -------- d-----w- C:\ProgramData\AVG2014
      2013-10-11 13:46:50 -------- d--h--w- C:\Users\TEMP\AppData
      2013-10-11 13:46:50 -------- d-----w- C:\Users\TEMP\Saved Games
      2013-10-11 13:46:50 -------- d-----r- C:\Users\TEMP\Videos
      2013-10-11 13:46:50 -------- d-----r- C:\Users\TEMP\Pictures
      2013-10-11 13:46:50 -------- d-----r- C:\Users\TEMP\Music
      2013-10-11 13:46:50 -------- d-----r- C:\Users\TEMP\Links
      2013-10-11 13:46:50 -------- d-----r- C:\Users\TEMP\Favorites
      2013-10-11 13:46:50 -------- d-----r- C:\Users\TEMP\Downloads
      2013-10-11 13:46:50 -------- d-----r- C:\Users\TEMP\Documents
      2013-10-11 13:46:50 -------- d-----r- C:\Users\TEMP\Desktop

      ====== C: exe-files ==
      2013-11-06 20:28:02 D6B7DDB68436F13C3CAE2B92524F1FEC 770648 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
      2013-11-06 20:28:02 58A43D9DFFF91C1457EC47BDCF969B59 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
      2013-11-06 20:28:02 4417377CEDABD9BD161FA7EDEDA175D4 745472 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2013-11-06 20:28:00 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\System32\wextract.exe
      2013-11-06 20:28:00 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\System32\iexpress.exe
      2013-11-06 20:27:59 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\System32\mshta.exe
      2013-11-06 20:27:59 25C762C80F0AB1AAACE2ED42D14A4808 137216 ----a-w- C:\Windows\System32\ieUnatt.exe
      2013-11-06 20:27:58 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\System32\msfeedssync.exe
      2013-11-06 20:27:58 15CCEAC53648FF7C17AE98923BCD3D75 24576 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe
      2013-11-06 20:27:57 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
      2013-11-06 20:27:56 F627F4D4223F3F7D104294575E9E6F9D 327680 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe
      2013-11-06 20:27:56 3090B888E263E56744F8BFEF3A36D67D 467456 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
      2013-11-06 20:27:55 E8433E4E65BDFB35DE5C2BFF745F1386 42496 ----a-w- C:\Windows\System32\ie4uinit.exe
      2013-11-06 20:27:55 5397E32E882C0148CEC13D9EACFB7157 222208 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
      2013-11-06 19:16:57 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Gebruiker\Desktop\niv223cy.exe
      2013-11-06 19:14:37 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Gebruiker\Desktop\Defogger.exe
      2013-11-06 18:29:13 671BF94AEBB06EBA93354853D577EFFB 692616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
      === C: other files ==
      2013-11-06 19:15:31 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Gebruiker\Desktop\dds.com
      2013-11-06 18:34:26 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

      ==== Chrome Look ======================

      Google Drive - Gebruiker - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
      YouTube - Gebruiker - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      Google Search - Gebruiker - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      Chrome In-App Payments service - Gebruiker - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
      Gmail - Gebruiker - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
      Google Drive - Thomas - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
      YouTube - Thomas - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      Google Search - Thomas - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      Allin1Convert - Thomas - Default\Extensions\lniglpecbgbfolkebonniloipefchbbh
      Chrome In-App Payments service - Thomas - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
      Gmail - Thomas - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
      Google Docs - thomas.GEBRUIK-OJO8BGS - Default\Extensions\aohghmighlieiainnegkcijnfilokake
      Google Drive - thomas.GEBRUIK-OJO8BGS - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
      YouTube - thomas.GEBRUIK-OJO8BGS - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      Google Search - thomas.GEBRUIK-OJO8BGS - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      Chrome In-App Payments service - thomas.GEBRUIK-OJO8BGS - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
      Gmail - thomas.GEBRUIK-OJO8BGS - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

      ==== Set IE to Default ======================

      Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.google.nl/"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      No DefaultScope Set For HKCU

      New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.google.nl/"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

      ==== All HKCU SearchScopes ======================

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
      {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"

      ==== Empty IE Cache ======================

      C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
      C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
      C:\Users\Thomas\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
      C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

      ==== Empty FireFox Cache ======================

      No FireFox Profiles found

      ==== Empty Chrome Cache ======================

      C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
      C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
      C:\Users\thomas.GEBRUIK-OJO8BGS\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

      ==== Empty All Flash Cache ======================

      Flash Cache Emptied Successfully

      ==== Empty All Java Cache ======================

      No Java Cache Found

      ==== After Reboot ======================

      ==== Empty Temp Folders ======================

      C:\Windows\Temp successfully emptied
      C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

      ==== Empty Recycle Bin ======================

      C:\$RECYCLE.BIN successfully emptied

      ==== EOF on do 07-11-2013 at 20:07:59,10 ======================

      Comment


      • #4
        Ik zie verder geen rare dingen ?

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Oké
          dan moet ik de traagheid ergens anders gaan zoeken.
          Bedankt in iedergeval voor de prettige hulp.

          Comment


          • #6
            Graag gedaan hoor.

            Windows 10 opstarten in Veilige Modus

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X