Fout opgetreden tijdens het starten van C/:Users.beheerder/appData.Roaming/newnext.me

Hallo,ik krijg sinds deze middag toen ik laptop opstartte deze melding.....Er is een fout opgetreden tijdens het startten van C/:Users.beheerder/appData.Roaming/newnext.me /engine .dll

Hoe kan ik dit weer oplossen


Laptop draait op win7 64 bit


thx Hans
 

Zer0Day

Niet meer actief
Dag Hans,

newnext.me is malware. Daarom heb ik je topic verplaatst naar deze forumsectie. ;)


Download
RSIT van de onderstaande locaties en sla deze op het bureablad op.
Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

Dubbelklik op RSIT.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  • Plaats de inhoud hiervan in het volgende bericht.
 
@Zeroday,

hier is de logfile.....

Logfile of random's system information tool 1.09 (written by random/random)
Run by beheerder at 2014-02-07 21:23:05
WIN_7 Service Pack 1
System drive C: has 410 GB (89%) free of 463 GB
Total RAM: 3957 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:23:09, on 7/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\beheerder.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Object moved
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = vandaag.be (24,7)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Object moved
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Object moved
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Object moved
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Object moved
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: GrabRez - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - (no file)
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\beheerder\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKUS\S-1-5-21-383548449-1752747047-1464757094-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-383548449-1752747047-1464757094-1000\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\beheerder\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l (User '?')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Emsisoft Anti-Malware 8.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS64.exe
O23 - Service: Encrypting File System (EFS) (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WMI Performance Adapter (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8645 bytes

======Listing Processes======


======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize 4.job
C:\Windows\tasks\GlaryOneClickOptimizer 4.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-383548449-1752747047-1464757094-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-383548449-1752747047-1464757094-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\99ypf554.default-1391506838280

prefs.js - "browser.startup.homepage" - "http://www.vandaag.be/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.44 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/MycameraPlugin]
"Description"=Canon MycameraPlugin
"Path"=C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.44 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll


C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\99ypf554.default-1391506838280\extensions\
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
{1018e4d6-728f-4b20-ad56-37578a4de76b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-15 553384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-23 1390368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-15 210856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-16 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-23 1143168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-16 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e1420d09-acc8-4efd-9965-e7ae3c5b977c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-23 1390368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-23 1143168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-09-18 1842472]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-12-01 13662936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"NextLive"=C:\Windows\SysWOW64\rundll32.exe [2009-07-14 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe [2013-04-21 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\beheerder\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [2008-07-09 46368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
C:\Program Files (x86)\Samsung\Kies\Kies.exe [2013-12-11 1564528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2013-12-11 311152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [2008-07-09 29984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-12-01 13662936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2014-01-06 6563608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2012-03-27 1686528]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"=C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [2009-09-02 315478]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-01-23 3767096]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-02-07 19:59:02 ----D---- C:\rsit
2014-02-07 19:59:02 ----D---- C:\Program Files\trend micro
2014-02-07 19:48:41 ----D---- C:\Program Files (x86)\Vodafone
2014-02-07 15:56:47 ----D---- C:\Program Files\Unlocker
2014-02-07 14:46:21 ----D---- C:\Program Files (x86)\1-abc
2014-02-07 13:36:47 ----D---- C:\Users\beheerder\AppData\Roaming\newnext.me
2014-02-07 13:29:16 ----D---- C:\Users\beheerder\AppData\Roaming\WinRAR
2014-02-05 16:51:51 ----D---- C:\Users\beheerder\AppData\Roaming\Philipp Winterberg
2014-02-04 19:30:37 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-01-31 22:14:28 ----D---- C:\Users\beheerder\AppData\Roaming\LibreOffice
2014-01-31 22:13:04 ----D---- C:\Program Files (x86)\LibreOffice 4
2014-01-30 20:20:15 ----D---- C:\ProgramData\Supereasy
2014-01-28 16:31:48 ----A---- C:\Windows\SYSWOW64\msvcr100.dll
2014-01-28 16:31:48 ----A---- C:\Windows\SYSWOW64\msvcp100.dll
2014-01-26 14:20:04 ----D---- C:\Users\beheerder\AppData\Roaming\uTorrent
2014-01-26 12:45:17 ----D---- C:\Users\beheerder\AppData\Roaming\aliasworlds
2014-01-26 12:45:17 ----D---- C:\ProgramData\aliasworlds
2014-01-25 10:00:11 ----D---- C:\Users\beheerder\AppData\Roaming\Wise Registry Cleaner
2014-01-25 09:59:59 ----D---- C:\Program Files (x86)\Wise
2014-01-24 16:22:53 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-23 17:30:02 ----RD---- C:\Program Files (x86)\Skype
2014-01-23 17:03:38 ----D---- C:\Users\beheerder\AppData\Roaming\Unity
2014-01-23 12:11:29 ----A---- C:\Windows\system32\drivers\BootDefragDriver.sys
2014-01-22 16:11:00 ----A---- C:\Windows\system32\SmartDefragBootTime.exe
2014-01-22 16:10:37 ----A---- C:\Windows\system32\IObitSmartDefragExtension.dll
2014-01-22 16:10:30 ----A---- C:\Windows\system32\drivers\SmartDefragDriver.sys
2014-01-19 14:36:16 ----A---- C:\Windows\system32\drivers\ew_jubusenum.sys
2014-01-18 21:36:43 ----D---- C:\ProgramData\Vodafone
2014-01-18 20:54:00 ----D---- C:\ProgramData\Sierra Wireless
2014-01-18 20:47:40 ----A---- C:\Windows\system32\drivers\ewusbmdm.sys
2014-01-18 20:45:46 ----D---- C:\ProgramData\Macrovision
2014-01-17 19:40:20 ----D---- C:\Users\beheerder\AppData\Roaming\OpenOffice
2014-01-17 15:43:13 ----D---- C:\Users\beheerder\AppData\Roaming\AVAST Software
2014-01-17 15:42:24 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-01-17 15:42:24 ----A---- C:\Windows\system32\drivers\aswstm.sys
2014-01-17 15:42:24 ----A---- C:\Windows\system32\drivers\aswSP.sys
2014-01-17 15:42:24 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2014-01-17 15:42:24 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-01-17 15:42:24 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-01-17 15:42:24 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-01-17 15:42:23 ----A---- C:\Windows\system32\aswBoot.exe
2014-01-17 15:42:22 ----A---- C:\Windows\avastSS.scr
2014-01-17 15:40:42 ----D---- C:\Program Files\AVAST Software
2014-01-17 14:22:27 ----D---- C:\ProgramData\Kaspersky Lab
2014-01-16 15:03:11 ----D---- C:\ProgramData\Oracle
2014-01-16 15:03:07 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-01-16 15:03:01 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-01-16 15:03:01 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-01-16 15:03:01 ----A---- C:\Windows\SYSWOW64\java.exe
2014-01-15 19:41:17 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-15 19:41:17 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-15 19:41:16 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-15 19:41:12 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2014-01-15 19:41:11 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-01-15 19:41:09 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2014-01-15 19:41:09 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-01-15 19:41:09 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll
2014-01-15 19:41:09 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2014-01-15 19:41:09 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2014-01-15 19:41:09 ----A---- C:\Windows\system32\wksprtPS.dll
2014-01-15 19:41:09 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-15 19:41:09 ----A---- C:\Windows\system32\tsgqec.dll
2014-01-15 19:41:09 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-01-15 19:41:09 ----A---- C:\Windows\system32\aaclient.dll
2014-01-15 19:41:08 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-01-15 19:41:08 ----A---- C:\Windows\system32\wksprt.exe
2014-01-15 19:41:08 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-01-15 19:41:08 ----A---- C:\Windows\system32\rdpudd.dll
2014-01-15 19:41:08 ----A---- C:\Windows\system32\rdpendp_winip.dll
2014-01-15 19:41:08 ----A---- C:\Windows\system32\mstsc.exe
2014-01-15 19:41:07 ----A---- C:\Windows\system32\rdpcorets.dll
2014-01-15 19:41:06 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-01-15 19:41:06 ----A---- C:\Windows\system32\mstscax.dll
2014-01-15 13:47:34 ----A---- C:\Windows\system32\javaws.exe
2014-01-15 13:47:30 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-15 13:47:30 ----A---- C:\Windows\system32\javaw.exe
2014-01-15 13:47:30 ----A---- C:\Windows\system32\java.exe
2014-01-15 09:54:05 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-01-15 09:54:05 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-01-15 09:54:05 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-01-15 09:54:05 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-01-15 09:54:05 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-01-15 09:54:05 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-01-15 09:54:05 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-01-15 09:53:57 ----A---- C:\Windows\system32\win32k.sys
2014-01-15 09:53:49 ----A---- C:\Windows\system32\drivers\netio.sys
2014-01-11 17:16:51 ----D---- C:\AMD
2014-01-11 17:11:10 ----A---- C:\Windows\system32\drivers\SWDUMon.sys
2014-01-11 14:19:36 ----D---- C:\Users\beheerder\AppData\Roaming\Skype
2014-01-11 14:19:28 ----D---- C:\ProgramData\Skype
2014-01-11 14:09:10 ----D---- C:\Users\beheerder\AppData\Roaming\ProductData
2014-01-11 14:09:03 ----D---- C:\ProgramData\IObit
2014-01-11 14:08:58 ----D---- C:\Program Files (x86)\IObit
2014-01-09 20:33:32 ----D---- C:\Program Files (x86)\Emsisoft Anti-Malware

======List of files/folders modified in the last 1 month======

2014-02-08 05:40:35 ----SHD---- C:\System Volume Information
2014-02-07 21:23:07 ----D---- C:\Windows\Temp
2014-02-07 21:19:21 ----D---- C:\Windows\system32\config
2014-02-07 21:18:21 ----A---- C:\Windows\SYSWOW64\log.txt
2014-02-07 21:18:16 ----A---- C:\Windows\SYSWOW64\bscs.ini
2014-02-07 19:59:37 ----D---- C:\Windows\System32
2014-02-07 19:59:37 ----D---- C:\Windows\inf
2014-02-07 19:59:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-07 19:59:02 ----D---- C:\Program Files
2014-02-07 19:49:13 ----SHD---- C:\Windows\Installer
2014-02-07 19:48:44 ----D---- C:\ProgramData
2014-02-07 19:48:43 ----D---- C:\Windows\Downloaded Program Files
2014-02-07 19:48:41 ----D---- C:\Program Files (x86)
2014-02-07 19:38:53 ----D---- C:\Windows
2014-02-07 17:15:54 ----D---- C:\Program Files\SUPERAntiSpyware
2014-02-07 17:15:30 ----D---- C:\Users\beheerder\AppData\Roaming\IObit
2014-02-07 16:51:56 ----D---- C:\Windows\Prefetch
2014-02-07 16:23:17 ----A---- C:\Windows\SYSWOW64\LOCALSERVICE.INI
2014-02-07 16:23:17 ----A---- C:\Windows\SYSWOW64\LOCALDEVICE.INI
2014-02-07 16:00:28 ----D---- C:\Windows\system32\catroot2
2014-02-07 10:47:51 ----D---- C:\Program Files\Defraggler
2014-02-05 11:06:00 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-02-03 09:30:25 ----D---- C:\ProgramData\ProductData
2014-01-31 22:14:16 ----RSD---- C:\Windows\assembly
2014-01-31 22:13:57 ----D---- C:\Windows\SysWOW64
2014-01-31 22:13:21 ----RSD---- C:\Windows\Fonts
2014-01-31 22:04:43 ----SD---- C:\Users\beheerder\AppData\Roaming\Microsoft
2014-01-31 20:39:19 ----D---- C:\Windows\SYSWOW64\config
2014-01-30 20:50:23 ----D---- C:\Program Files (x86)\Glary Utilities 4
2014-01-27 09:48:51 ----D---- C:\Program Files (x86)\Google
2014-01-26 21:44:30 ----D---- C:\ProgramData\Auslogics
2014-01-26 21:44:30 ----D---- C:\Program Files (x86)\Windows Sidebar
2014-01-26 13:00:48 ----RD---- C:\Games
2014-01-26 01:03:19 ----D---- C:\Users\beheerder\AppData\Roaming\Mozilla
2014-01-25 14:45:07 ----D---- C:\Windows\system32\Tasks
2014-01-25 10:12:22 ----D---- C:\Windows\Tasks
2014-01-24 14:21:20 ----D---- C:\Windows\rescache
2014-01-23 17:30:02 ----D---- C:\Program Files (x86)\Common Files
2014-01-23 17:28:17 ----D---- C:\Program Files\CCleaner
2014-01-23 17:02:38 ----A---- C:\Windows\wininit.ini
2014-01-23 13:31:27 ----D---- C:\Windows\winsxs
2014-01-23 13:27:48 ----D---- C:\Windows\SYSWOW64\nl-NL
2014-01-23 13:27:48 ----D---- C:\Windows\SYSWOW64\migration
2014-01-23 13:27:48 ----D---- C:\Windows\system32\nl-NL
2014-01-23 13:27:48 ----D---- C:\Windows\system32\migration
2014-01-23 13:27:48 ----D---- C:\Windows\PolicyDefinitions
2014-01-23 12:11:29 ----D---- C:\Windows\system32\drivers
2014-01-22 02:16:42 ----A---- C:\Windows\system32\BootDefrag.exe
2014-01-19 15:40:50 ----D---- C:\Windows\ModemLogs
2014-01-19 14:52:03 ----D---- C:\Windows\system32\DriverStore
2014-01-19 14:52:03 ----D---- C:\Windows\system32\catroot
2014-01-19 14:51:50 ----D---- C:\Windows\Microsoft.NET
2014-01-18 21:30:54 ----D---- C:\Windows\tracing
2014-01-18 12:57:51 ----SD---- C:\ProgramData\Microsoft
2014-01-18 12:56:59 ----D---- C:\Users\beheerder\AppData\Roaming\Vodafone
2014-01-17 15:39:16 ----D---- C:\ProgramData\AVAST Software
2014-01-15 21:47:55 ----D---- C:\Windows\Panther
2014-01-15 21:47:54 ----D---- C:\Windows\Logs
2014-01-15 21:47:54 ----D---- C:\Windows\debug
2014-01-15 19:42:29 ----D---- C:\Windows\SYSWOW64\wbem
2014-01-15 19:42:28 ----D---- C:\Windows\system32\wbem
2014-01-15 19:42:28 ----D---- C:\Windows\system32\drivers\nl-NL
2014-01-15 19:33:42 ----RD---- C:\Program Files (x86)\Internet Explorer
2014-01-15 19:33:41 ----D---- C:\Program Files\Internet Explorer
2014-01-15 19:20:29 ----D---- C:\Windows\SYSWOW64\en-US
2014-01-15 19:20:28 ----D---- C:\Windows\system32\en-US
2014-01-15 19:19:49 ----D---- C:\Windows\servicing
2014-01-15 11:22:17 ----D---- C:\Windows\system32\MRT
2014-01-15 11:18:00 ----A---- C:\Windows\system32\MRT.exe
2014-01-12 20:06:39 ----D---- C:\Users\beheerder\AppData\Roaming\Easy Watermark Studio
2014-01-12 15:53:31 ----D---- C:\Users\beheerder\AppData\Roaming\Samsung
2014-01-12 15:51:44 ----D---- C:\ProgramData\Samsung
2014-01-10 09:51:04 ----A---- C:\Windows\SYSWOW64\REMOTEDEVICE.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-01-17 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-01-17 207904]
R0 BootDefragDriver;BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [2014-01-22 17088]
R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys [2009-08-26 24840]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-04 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2013-12-24 21184]
R1 A2DDA;A2 Direct Disk Access Support Driver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-03-28 26176]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2014-01-17 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2014-01-23 1038072]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2014-01-23 421704]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2014-01-23 78648]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-01-22 6233088]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-01-22 161280]
R3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [2014-01-23 80184]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-09-24 94208]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-04-02 3060800]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2009-08-28 47880]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2009-08-26 34440]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2013-01-30 90112]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service; C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-19 17920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-12-01 3707864]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys [2009-08-26 30344]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2013-12-01 458960]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-06 18432]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-12-06 32496]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-09-18 292912]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-06 16896]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2009-08-28 43912]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 a2acc;a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2013-08-24 70960]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2012-06-27 36328]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 121872]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\Windows\system32\DRIVERS\BrSerIf.sys [2006-12-12 97280]
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2009-06-17 20488]
S3 BTCOM;Bluetooth Serial port driver; C:\Windows\system32\DRIVERS\btcomport.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys [2006-06-07 63744]
S3 cleanhlp;cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-12-04 57024]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 13824]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS [2013-02-05 37344]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2012-09-06 225920]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 IvtAudioBusSrv;IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [2009-08-26 30344]
S3 IvtComBusSrv;IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys []
S3 IvtPanBusSrv;IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [2009-08-26 34440]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 ProcObsrv;Process creation detector.; C:\Windows\system32\drivers\ProcObsrv.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [2013-12-01 535624]
S3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2014-01-11 16152]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2009-08-26 17032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-10-10 144152]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-12-04 4161512]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-01-23 50344]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-09-02 1466476]
R2 DfSdkS;Defragmentation-Service; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS64.exe [2009-08-24 544768]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-03 268824]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-04 14336]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-09-02 192000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-01-11 2151744]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-18 116648]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-18 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-04 118896]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-11 1255736]
S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
 

Zer0Day

Niet meer actief
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe

Download
Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie).
  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
Code:
{e1420d09-acc8-4efd-9965-e7ae3c5b977c};c
C:\Users\beheerder\AppData\Roaming\newnext.me;fs
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"NextLive"=-;r
autoclean;
emptyclsid;
emptyfolderscheck;delete
startupall; 
filesrcm;
  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.
 
Zoek.exe v5.0.0.0 Updated 07-February-2014
Tool run by beheerder on za 08/02/2014 at 10:37:32,57.

Running in: Normal Mode Internet Access Detected
Launched: C:\Users\beheerder\Downloads\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== System Restore Info ======================

Failed to create System Restore Point

==== Empty Folders Check ======================

C:\PROGRA~2\1-abc deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\Users\beheerder\AppData\Local\CrashDumps deleted successfully
C:\Users\beheerder\AppData\Local\Unity deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-383548449-1752747047-1464757094-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_USERS\S-1-5-21-383548449-1752747047-1464757094-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-383548449-1752747047-1464757094-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0734D757-FEA6-4637-A7E4-2BD40A7FD8DA} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\99ypf554.default-1391506838280

---- Lines Sweet removed from prefs.js ----
user_pref("extensions.fbp@fbpurity.com.oldfriendstore-100000855681559", "{\"100000855681559\":\"Hans Van Geem\",\"1649022537\":\"Veerle Ryssaert\",\"1
---- FireFox user.js and prefs.js backups ----

user_20140802_1050_.backup
prefs_20140802_1050_.backup

ProfilePath: C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\kt6w6jjd.default-1388684527419

---- FireFox user.js and prefs.js backups ----

user_20140802_1050_.backup
prefs_20140802_1050_.backup

==== Deleting Files \ Folders ======================

C:\Users\beheerder\daemonprocess.txt deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\Wise\Wise Registry Cleaner deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\Users\beheerder\AppData\Roaming\burnaware.ini deleted
C:\Users\beheerder\AppData\Roaming\eCyber deleted
C:\ProgramData\OberonGameConsole deleted
C:\ProgramData\ProductData deleted
C:\Users\beheerder\AppData\Local\Wondershare deleted
C:\Users\beheerder\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Windows\wininit.ini deleted
"C:\Users\beheerder\AppData\Roaming\nswb\icr.dll" deleted
"C:\Users\beheerder\AppData\Roaming\nswb" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-01-17 14:42:22 0245D0889C3443F5DC9194558583FE59 43152 ----a-w- C:\Windows\avastSS.scr
====== C:\Users\BEHEER~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-01-28 15:31:48 BC83108B18756547013ED443B8CDB31B 421200 ----a-w- C:\Windows\SysWOW64\msvcp100.dll
2014-01-28 15:31:48 0E37FBFA79D349D672456923EC5FBBE3 773968 ----a-w- C:\Windows\SysWOW64\msvcr100.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-01-23 11:11:29 85E239DE26774AFD66A6305BC7C39662 17088 ----a-w- C:\Windows\Sysnative\drivers\BootDefragDriver.sys
2014-01-22 15:10:30 E77CB3736A702D46A6FB15FB4A9894E3 21184 ----a-w- C:\Windows\Sysnative\drivers\SmartDefragDriver.sys
2014-01-19 13:36:16 F6C1661C55EAAD2DD9FBB37D5DF1A011 90112 ----a-w- C:\Windows\Sysnative\drivers\ew_jubusenum.sys
2014-01-18 19:47:40 24FA6177FE55C4BC045EC87E39F90688 225920 ----a-w- C:\Windows\Sysnative\drivers\ewusbmdm.sys
2014-01-17 14:42:24 FD3EA14ADF6216BDF4030DB2EFD43D96 80184 ----a-w- C:\Windows\Sysnative\drivers\aswstm.sys
2014-01-17 14:42:24 F22DE5F5BA8ADA0A861441B624B51EB5 421704 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys
2014-01-17 14:42:24 C04F7B373881009D7994D9BF55D24AB4 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2014-01-17 14:42:24 90399625F341AB76BA4B85A5E860EB1F 207904 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys
2014-01-17 14:42:24 679712B7A353EE665B9301592164A172 92544 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
2014-01-17 14:42:24 43599E630DFC30AD4E6A2B4B269EB1C0 1038072 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys
2014-01-17 14:42:24 0ACC3F49015E628590CA4372322EB46B 78648 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2014-01-15 18:41:12 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2014-01-15 18:41:11 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2014-01-15 08:54:05 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys
2014-01-15 08:54:05 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys
2014-01-15 08:54:05 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys
2014-01-15 08:54:05 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys
2014-01-15 08:54:05 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys
2014-01-15 08:54:05 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys
2014-01-15 08:54:05 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys
2014-01-15 08:53:49 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys
2014-01-11 16:11:10 9CFEFD62D86DABFAC12D1C5ED72BA6A4 16152 ----a-w- C:\Windows\Sysnative\drivers\SWDUMon.sys
====== C:\Windows\Tasks ======
2014-01-23 11:11:31 D2F591B3338604EC56070C77C1063425 2988 ----a-w- C:\Windows\Sysnative\Tasks\GU4SkipUAC
2014-01-17 14:42:36 9D9CC1E408C1E9582E86D53C6D3B1FBE 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update
2014-01-17 14:22:24 0AD5AE47C507B6C44A3381000FA220D4 3044 ----a-w- C:\Windows\Sysnative\Tasks\{CF0D0570-9A88-42CF-A15E-3987A327EC71}
2014-01-11 13:09:06 A8F8FC555B3062AAFF0A4BE5F96E8DC0 2894 ----a-w- C:\Windows\Sysnative\Tasks\Uninstaller_SkipUac_Administrator
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-02-07 18:59:02 -------- d-----w- C:\Program Files\trend micro
2014-02-07 14:56:47 -------- d-----w- C:\Program Files\Unlocker
======= C:\PROGRA~2 =====
2014-02-07 18:48:41 -------- d-----w- C:\PROGRA~2\Vodafone
2014-01-31 21:13:04 -------- d-----w- C:\PROGRA~2\LibreOffice 4
2014-01-25 08:59:59 -------- d-----w- C:\PROGRA~2\Wise
2014-01-24 15:22:53 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service
2014-01-23 16:30:02 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2014-01-23 16:30:02 -------- d-----r- C:\PROGRA~2\Skype
2014-01-11 13:08:58 -------- d-----w- C:\PROGRA~2\IObit
======= C: =====
====== C:\Users\beheerder\AppData\Roaming ======
2014-02-07 18:49:08 -------- d-----r- C:\Users\beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-07 18:43:03 D0FF9F8A058A9FC70248046812EE9D3B 20480 --sha-w- C:\Users\beheerder\AppData\Roaming\Thumbs.db
2014-02-07 14:56:47 -------- d-----w- C:\Users\beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-02-07 12:29:16 -------- d-----w- C:\Users\beheerder\AppData\Roaming\WinRAR
2014-02-02 19:54:32 -------- d-----w- C:\Users\beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\accessoires
2014-01-31 21:14:28 -------- d-----w- C:\Users\beheerder\AppData\Roaming\LibreOffice
2014-01-30 19:24:33 -------- d-----w- C:\Users\beheerder\AppData\Local\SuperEasy_Software
2014-01-26 13:20:04 -------- d-----w- C:\Users\beheerder\AppData\Roaming\uTorrent
2014-01-26 11:45:17 -------- d-----w- C:\Users\beheerder\AppData\Roaming\aliasworlds
2014-01-25 09:00:11 -------- d-----w- C:\Users\beheerder\AppData\Roaming\Wise Registry Cleaner
2014-01-23 16:30:15 -------- d-----w- C:\Users\beheerder\AppData\Local\Skype
2014-01-20 17:35:52 -------- d-----w- C:\Users\beheerder\AppData\Locallow\Unity
2014-01-18 20:35:48 -------- d-----w- C:\Users\beheerder\AppData\Local\{EC607B1F-126C-4BF7-A945-BDDFF853B025}
2014-01-18 19:53:59 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Sierra Wireless
2014-01-18 11:56:46 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Vodafone
2014-01-17 18:40:20 -------- d-----w- C:\Users\beheerder\AppData\Roaming\OpenOffice
2014-01-15 12:44:29 -------- d-----w- C:\Users\beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-01-13 10:05:21 -------- d-----w- C:\Users\beheerder\AppData\Local\Diagnostics
2014-01-11 13:19:36 -------- d-----w- C:\Users\beheerder\AppData\Roaming\Skype
2014-01-11 13:09:10 -------- d-----w- C:\Users\beheerder\AppData\Roaming\ProductData
====== C:\Users\beheerder ======
2014-02-07 18:48:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-02-07 14:56:16 1E02D6AA4A199448719113AE3926AFB2 1078591 ----a-w- C:\Users\beheerder\Downloads\Unlocker1.9.2.exe
2014-01-31 21:13:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-01-30 19:20:15 -------- d-----w- C:\ProgramData\Supereasy
2014-01-26 13:19:48 7BCC6D6A58C120E6CDCB4FB654A9EA1B 1307736 ----a-w- C:\Users\beheerder\Downloads\utorrent.exe
2014-01-26 11:45:17 -------- d-----w- C:\ProgramData\aliasworlds
2014-01-25 12:47:47 2EFC4327974E21C899934E4918EC537C 241664 ----a-w- C:\Windows\serviceprofiles\Localservice\NTUSER.rhk
2014-01-25 12:47:47 0E5149433C0FEE18F34C1F55C8029D41 253952 ----a-w- C:\Windows\serviceprofiles\networkservice\NTUSER.rhk
2014-01-25 09:00:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-01-23 16:30:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-01-18 20:36:43 -------- d-----w- C:\ProgramData\Vodafone
2014-01-18 19:54:00 -------- d-----w- C:\ProgramData\Sierra Wireless
2014-01-18 19:45:46 -------- d-----w- C:\ProgramData\Macrovision
2014-01-18 11:56:34 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Saved Games
2014-01-18 11:56:34 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Links
2014-01-18 11:56:34 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Contacts
2014-01-18 11:56:32 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Searches
2014-01-17 14:43:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-01-17 13:22:27 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-01-11 13:19:28 -------- d-----w- C:\ProgramData\Skype
2014-01-11 13:09:03 -------- d-----w- C:\ProgramData\IObit

====== C: exe-files ==
2014-02-07 18:59:02 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\beheerder.exe
2014-02-07 14:56:48 CBC4DC3DC6588687641D7FFD626A0156 98302 ----a-w- C:\Program Files\Unlocker\uninst.exe
2014-02-07 14:56:16 1E02D6AA4A199448719113AE3926AFB2 1078591 ----a-w- C:\Users\beheerder\Downloads\Unlocker1.9.2.exe
2014-02-05 09:22:26 0AFCCB7C6B3C6B93732BA1D09895BBAC 172960 ----a-w- C:\Program Files\Defraggler\uninst.exe
2014-02-05 09:22:04 8E46FF66C2B8D47780EAAB86E22DF858 1520920 ----a-w- C:\Program Files\Defraggler\df64.exe
2014-02-05 09:22:02 C8370F1AA4E6C4B094ECCB3B74AA538A 4369176 ----a-w- C:\Program Files\Defraggler\Defraggler64.exe
2014-02-05 09:22:02 A9BD26EC3C1523788B0601115F5E70AF 3464984 ----a-w- C:\Program Files\Defraggler\Defraggler.exe
2014-02-05 09:22:02 2A5260AA271F20DC35E428B2E0266597 1249048 ----a-w- C:\Program Files\Defraggler\df.exe
2014-02-04 08:44:07 BA7524A2D91F895CE7502C78B6A4CBAF 732888 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.107\32.0.1700.107_32.0.1700.102_chrome_updater.exe
=== C: other files ==
2014-02-07 16:15:54 DB44BD008A346E70A13752D2B9EC6AE2 6563608 ----a-w- C:\Program Files\SUPERAntiSpyware\09851c71-0400-4926-9e93-dd3d8ea9b827.com
2014-02-05 22:14:42 CDC4EA9A2F14BB5D2F846695C37596D9 8866 ----a-w- C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\kt6w6jjd.default-1388684527419\extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi
2014-02-04 09:54:48 24B8A7B523FC77BBC735866BBB582B34 294445 ----a-w- C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\99ypf554.default-1391506838280\extensions\s3download@statusbar.xpi
2014-02-04 09:49:49 CBB712B8F70A46284894667E72130245 184519 ----a-w- C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\99ypf554.default-1391506838280\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
2014-02-04 09:46:33 0EE1FF417D59B4F60467D19F76D0B896 940775 ----a-w- C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\99ypf554.default-1391506838280\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2014-02-04 09:44:15 6BF08DC1ECCC8CC4800BADC62728ABD5 87455 ----a-w- C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\99ypf554.default-1391506838280\extensions\fbp@fbpurity.com.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-383548449-1752747047-1464757094-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPDLR.exe Run"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="c:\\program files (x86)\\common files\\apple\\apple application support\\apsdaemon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\beheerder\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ScanSoft\\PaperPort\\IndexSearch.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesAirMessage]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesAirMessage"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesAirMessage.exe -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPreload"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesTrayAgent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Malwarebytes' Anti-Malware"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PaperPort PTD"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ScanSoft\\PaperPort\\pptd40nt.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PPort11reminder]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPort11reminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ScanSoft\\PaperPort\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\ScanSoft\\PaperPort\\11\\Config\\Ereg\\Ereg.ini\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"hkey"="HKLM"
"item"="SunJavaUpdateSched"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wondershare Helper Compact.exe]
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe"
"item"="Wondershare Helper Compact.exe"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UI0Detect]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinDefend]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\GlaryInitialize 4.job --a------ C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [22/01/2014 02:15]
C:\Windows\tasks\GlaryOneClickOptimizer 4.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/10/2013 09:03]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-383548449-1752747047-1464757094-1000Core.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-383548449-1752747047-1464757094-1000UA.job --a------ C:\Users\beheerder\AppData\Local\Google\Update\GoogleUpdate.exe [21/03/2012 15:58]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Anvi Ultimate Defrag" [C:\Program Files (x86)\Anvisoft\Anvi Ultimate Defrag\ScheduleDefrag.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GlaryInitialize 4" [C:\Program Files (x86)\Glary Utilities 4\Initialize.exe]
"C:\Windows\SysNative\tasks\GlaryOneClickOptimizer 4" [C:\Program Files (x86)\Glary Utilities 4\OneClickMaintenance.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-383548449-1752747047-1464757094-1000Core" [C:\Users\beheerder\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-383548449-1752747047-1464757094-1000UA" [C:\Users\beheerder\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GU4SkipUAC" [C:\Program Files (x86)\Glary Utilities 4\Integrator.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\SysNative\tasks\{14E0F69D-00DD-4AD2-91A1-CBA4A4D788ED}" ["c:\program files\internet explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=6.3.0.105&LastError=12002]
"C:\Windows\SysNative\tasks\{4164CCC0-BEBB-4BDC-9824-49DE63176045}" [C:\Program Files\AVAST Software\Avast\avastui.exe]
"C:\Windows\SysNative\tasks\{7559C8A7-C02B-4388-B965-A0331C057DE0}" [C:\Program Files\AVAST Software\Avast\avastui.exe]
"C:\Windows\SysNative\tasks\{A1B77673-2927-4359-AA44-6591D20B0816}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=5.8.0.156&LastError=12002]
"C:\Windows\SysNative\tasks\{C83C4A63-4D7D-48AF-9F2B-6AE4E12908F4}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.6.0.106/nl/go/help.faq.installer?LastError=1603]
"C:\Windows\SysNative\tasks\{CF0D0570-9A88-42CF-A15E-3987A327EC71}" [C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Auslogics\Disk Defrag Prof\Task {00000001-9FA2-4A66-91FD-0F6F3A648E24} for beheerder" [C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag Professional\DiskDefragPro.exe]
"C:\Windows\SysNative\tasks\Auslogics\Disk Defrag Prof\Task {00000001-D76B-45BE-8C6D-121403DC273E} for beheerder" [C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag Professional\DiskDefragPro.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [23/01/2014 17:20]

==== Firefox Extensions ======================

ProfilePath: C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\99ypf554.default-1391506838280
- Forecastfox - %ProfilePath%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
- F.B. Purity - Cleans Up Facebook - %ProfilePath%\extensions\fbp@fbpurity.com.xpi
- Gmail Notifier restartless - %ProfilePath%\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
- S3.Download Statusbar - %ProfilePath%\extensions\s3download@statusbar.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\kt6w6jjd.default-1388684527419
- Fasterfox Lite - %ProfilePath%\extensions\FasterFox_Lite@BigRedBrent
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
- F.B. Purity - Cleans Up Facebook - %ProfilePath%\extensions\fbp@fbpurity.com.xpi
- Gmail Notifier restartless - %ProfilePath%\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
- GrabRez - %ProfilePath%\extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi
- Download Status Bar - %ProfilePath%\extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi
- Outlook Button - %ProfilePath%\extensions\{8f7dd41a-0441-4e16-a7d0-f25deb928fb1}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\99ypf554.default-1391506838280
FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash
C36444D7301A8C881FC7296B092609C7 - C:\Users\beheerder\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\beheerder\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\beheerder\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\beheerder\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
C2321043FA2CA4C32FF449DE6116B5D9 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director

Profilepath: C:\Users\beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\kt6w6jjd.default-1388684527419
C36444D7301A8C881FC7296B092609C7 - C:\Users\beheerder\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\beheerder\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\beheerder\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\beheerder\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
C2321043FA2CA4C32FF449DE6116B5D9 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[23/01/2014 17:20]
nfengeggddojhakldhlpjdlddgkkjkdd - No path found[]

Google Drive - beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Shield For Chrome - beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbaffjopmgmcijlkoafmgnaiciogpdel
Google Search - beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Blackball Pool - beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkhefodfbgjpcmahghmfggbcpjabnag
F.B. Purity - beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl
Google Wallet - beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
OneClick Cleaner for Chrome - beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh
ClickClean App - beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp
Gmail - beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.vandaag.be/"
"Search Bar"="http://www.bing.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?sourceid=ie7&q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.vandaag.be/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Unknown Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} deleted successfully
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} deleted successfully
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} deleted successfully
HKEY_USERS\S-1-5-21-383548449-1752747047-1464757094-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\beheerder\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4063 folders=271 227449831 bytes)

==== Empty Temp Folders ======================

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\beheerder\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\BEHEER~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on za 08/02/2014 at 11:04:07,13 ======================
 

Zer0Day

Niet meer actief
Heb je Zoek 2x laten lopen? In dit log vind ik namelijk niets terug van de te verwijderen items in m'n fix.

Doe nog even dit:
Download
AdwCleaner by Xplode naar het bureaublad.
  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner om hem te starten.
  • Klik vervolgens op Verwijderen.
  • Klik bij AdwCleaner – Informatie op OK
  • Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.
Nadat de PC opnieuw is opgestart, opent een logfile.
Post aansluitend de inhoud van dit log in je volgende bericht.
 
Bovenaan Onderaan