Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware
Datenbank Version: v2014.03.15.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Michael Kempen :: MICHAELKEMPEN [Administrator]
15-3-2014 12:19:12
mbam-log-2014-03-15 (12-19-12).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218419
Laufzeit: 3 Minute(n), 34 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 7
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\Update RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0R0DtO0U1C1S1U1StR0J1Q2P1J1K1I2R -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bösartig: (Mysearchdial Search) Gut: (Google) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bösartig: (Mysearchdial Search) Gut: (Google) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 6
C:\Users\Michael Kempen\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\AppData\Roaming\mysearchdial\icons_2.2.15.1631 (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0 (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IePluginService (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IePluginService\update (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 13
C:\Users\Michael Kempen\AppData\Local\Temp\fullpackage_temp1391007627\package1.zip (PUP.Optional.SkyTech.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\AppData\Local\Temp\iLivid\iLividSetup.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\Downloads\iLividSetup-r161-n-bc.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\Downloads\SallandoItalic_Font_Installer.exe (PUP.Optional.Freemium.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx (PUP.Optional.NewTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\AppData\Roaming\mysearchdial\icons_2.2.15.1631\62.ico (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\AppData\Roaming\mysearchdial\icons_2.2.15.1631\80.ico (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\background.html (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\data.json (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\icon128.png (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\manifest.json (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IePluginService\update\conf (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
AdwCleaner Logfile:
Code:
# AdwCleaner v3.022 - Report created 15/03/2014 at 12:43:17
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Michael Kempen - MICHAELKEMPEN
# Running from : C:\Users\Michael Kempen\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : Util RightSurf
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\Surftastic
Folder Deleted : C:\Users\Michael Kempen\AppData\Local\iLivid
Folder Deleted : C:\Users\Michael Kempen\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\MICHAE~1\AppData\Local\Temp\iLivid
Folder Deleted : C:\Users\Michael Kempen\Documents\PC Speed Maximizer
File Deleted : C:\Users\Michael Kempen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2828 octets] - [15/03/2014 12:41:37]
AdwCleaner[S0].txt - [2284 octets] - [15/03/2014 12:43:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2344 octets] ##########
--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Michael Kempen on za 15-03-2014 at 13:28:41,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\sweetim
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on za 15-03-2014 at 13:34:53,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Michael Kempen (administrator) on MICHAELKEMPEN on 15-03-2014 13:35:42
Running from C:\Users\Michael Kempen\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Green Eclipse) C:\Program Files (x86)\StickyPad\StickyPad.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ArcSoft Inc.) C:\Program Files (x86)\ArcSoft\MediaConverter 4 Platinum\Monitor.exe
(Dropbox, Inc.) C:\Users\Michael Kempen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Geek Software GmbH) C:\Program Files (x86)\pdf24\pdf24.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\pdf24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-21] (AVAST Software)
HKU\S-1-5-21-1758146858-1784735532-1013142320-1000\...\Run: [Sticky Pad] - C:\Program Files (x86)\StickyPad\StickyPad.exe [516153 2012-08-13] (Green Eclipse)
HKU\S-1-5-21-1758146858-1784735532-1013142320-1000\...\MountPoints2: {2164b8d4-8d4c-11e2-9cfa-08606ed7325f} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1758146858-1784735532-1013142320-1000\...\MountPoints2: {2ba6a1cc-8bda-11e2-ab7f-806e6f6e6963} - D:\Autorun.exe
Startup: C:\Users\Michael Kempen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael Kempen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5E3955AEB1FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = Google
SearchScopes: HKCU - {C1374C69-C05C-43BA-9D2A-C99E5BDD545F} URL = hxxp://www.google.nl/search?hl=nl&q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://news.google.de/
CHR DefaultSearchURL: hxxp://www.google.nl/search?hl=nl&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Documenten) - C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-29]
CHR Extension: (Google Drive) - C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-29]
CHR Extension: (TabletGuide pushberichten) - C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglnombgigadbabocmfhaglkifjonoim [2014-02-01]
CHR Extension: (YouTube) - C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-29]
CHR Extension: (Adblock Plus) - C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-26]
CHR Extension: (Google Zoeken) - C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-29]
CHR Extension: (avast! Online Security) - C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-29]
CHR Extension: (Google Wallet) - C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-15]
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-21] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-21] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-02-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-21] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-21] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-21] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-15] ()
R3 DxVGrb; C:\Windows\System32\drivers\DxVGrb.sys [222464 2012-01-10] (Dexetek )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-15 13:34 - 2014-03-15 13:34 - 00001146 _____ () C:\Users\Michael Kempen\Desktop\JRT.txt
2014-03-15 13:27 - 2014-03-15 13:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 13:26 - 2014-03-15 13:26 - 01037734 _____ (Thisisu) C:\Users\Michael Kempen\Downloads\JRT.exe
2014-03-15 12:41 - 2014-03-15 12:44 - 00000000 ____D () C:\AdwCleaner
2014-03-15 12:40 - 2014-03-15 12:40 - 01950720 _____ () C:\Users\Michael Kempen\Downloads\adwcleaner.exe
2014-03-15 12:17 - 2014-03-15 12:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-15 12:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-15 12:09 - 2014-03-15 12:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael Kempen\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-14 08:17 - 2014-03-14 08:17 - 00075310 _____ () C:\Users\Michael Kempen\Downloads\NuevaStd-Regular.otf
2014-03-14 06:40 - 2014-03-14 06:40 - 00027489 _____ () C:\Users\Michael Kempen\Downloads\Addition.txt
2014-03-14 06:39 - 2014-03-15 13:35 - 00014227 _____ () C:\Users\Michael Kempen\Downloads\FRST.txt
2014-03-14 06:39 - 2014-03-15 13:35 - 00000000 ____D () C:\FRST
2014-03-14 06:39 - 2014-03-14 06:39 - 02157056 _____ (Farbar) C:\Users\Michael Kempen\Downloads\FRST64.exe
2014-03-13 08:59 - 2014-03-15 11:28 - 00018432 _____ () C:\Users\Michael Kempen\Desktop\Welke Museums wil ik kijken.xls
2014-03-12 06:27 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 06:27 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 06:27 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 06:27 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 06:27 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 06:27 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 06:27 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 06:27 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 06:27 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 06:27 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 06:27 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 06:27 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 06:27 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 06:27 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 06:27 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 06:27 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 06:27 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 06:27 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 06:27 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 06:27 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 06:27 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 06:27 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 06:27 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 06:27 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 06:27 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 06:27 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 06:27 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 06:27 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 06:27 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 06:27 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 06:27 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 06:27 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 06:27 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 06:27 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 06:27 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 06:27 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 06:27 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 06:27 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 06:27 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 06:27 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 06:27 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 06:27 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 06:27 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 06:27 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 06:27 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 06:27 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 06:27 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 06:27 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-10 16:41 - 2014-03-10 16:42 - 00000000 ____D () C:\Users\Michael Kempen\AppData\Roaming\EnterImage
2014-03-10 16:41 - 2014-03-10 16:41 - 01362695 _____ (Entersite Design ) C:\Users\Michael Kempen\Downloads\setup.exe
2014-03-10 16:41 - 2014-03-10 16:41 - 00000000 ____D () C:\Program Files (x86)\EnterImage
2014-03-10 13:13 - 2014-03-10 13:13 - 00032544 _____ () C:\Users\Michael Kempen\Downloads\HitmanPro_20140310_1313.log
2014-03-10 13:09 - 2014-03-10 13:09 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-03-10 13:02 - 2014-03-10 13:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-10 13:02 - 2014-03-10 13:02 - 10820032 _____ (SurfRight B.V.) C:\Users\Michael Kempen\Downloads\hitmanpro_x64.exe
2014-03-06 11:00 - 2014-03-06 11:00 - 00035881 _____ () C:\Users\Michael Kempen\Downloads\086692719.ibv2013
2014-03-06 10:59 - 2014-03-06 10:59 - 00001411 _____ () C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk
2014-03-06 07:58 - 2014-03-06 11:01 - 00000000 ____D () C:\Users\Michael Kempen\AppData\Roaming\Belastingdienst
2014-03-06 07:58 - 2014-03-06 07:58 - 00000000 ____D () C:\Users\Michael Kempen\Documents\Belastingdienst
2014-03-06 07:57 - 2014-03-06 07:57 - 02836400 _____ (Belastingdienst) C:\Users\Michael Kempen\Downloads\ib2013_win_setup.exe
2014-03-06 07:57 - 2014-03-06 07:57 - 00016780 _____ () C:\Users\Michael Kempen\Downloads\230470488.ibv2013
2014-03-04 13:49 - 2014-03-04 13:49 - 71195306 _____ () C:\Users\Michael Kempen\Downloads\Russisch Sprachübung - Wichtige Ausdrücke - Teil 1.mp4
2014-03-04 13:48 - 2014-03-04 13:48 - 10885409 _____ () C:\Users\Michael Kempen\Downloads\Jon Kortajarena entrevista en Cosmopolitan TV.webm
2014-03-04 13:47 - 2014-03-04 13:47 - 38900875 _____ () C:\Users\Michael Kempen\Downloads\Andres Velencoso Segura Models.com Interview.webm
2014-03-04 13:30 - 2014-03-04 13:30 - 93859047 _____ () C:\Users\Michael Kempen\Downloads\Denkstof Waarom hebben christenen rituelen (lang) EO _ ZvK.mp4
2014-03-04 13:30 - 2014-03-04 13:30 - 20690926 _____ () C:\Users\Michael Kempen\Downloads\▶ Convo in Rochester.mp4
2014-03-03 08:13 - 2014-03-03 08:13 - 06542336 _____ () C:\Users\Michael Kempen\Downloads\Asgraphic_presentation_js.pps
2014-03-02 17:04 - 2014-03-02 17:04 - 01927168 _____ () C:\Users\Michael Kempen\Downloads\Hoe_doen_ze_dat_toch.pps
2014-02-27 19:39 - 2014-02-27 19:39 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-27 19:39 - 2014-02-27 19:39 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-02-27 19:21 - 2014-02-27 19:21 - 05852504 _____ (TeamViewer GmbH) C:\Users\Michael Kempen\Downloads\TeamViewer_Setup_nl-ckg.exe
2014-02-27 09:24 - 2014-02-27 09:24 - 00196960 _____ () C:\Users\Michael Kempen\Downloads\leeftijd.ppsx
2014-02-26 18:03 - 2014-02-27 18:02 - 01644692 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-23 10:17 - 2014-02-23 10:17 - 05526016 _____ () C:\Users\Michael Kempen\Downloads\Amsterdam_speciaal_CC.pps
2014-02-22 16:05 - 2014-02-22 16:05 - 18240707 _____ () C:\Users\Michael Kempen\Downloads\Fotos_gedownload_door_AirDroid.zip
2014-02-21 14:08 - 2014-02-21 14:08 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-02-21 14:08 - 2014-02-21 14:08 - 00002032 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-02-21 14:08 - 2014-02-21 14:08 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-02-21 14:07 - 2014-02-21 14:07 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-02-16 07:47 - 2014-02-16 07:47 - 00092438 _____ () C:\Users\Michael Kempen\Downloads\noname.eml
2014-02-15 18:01 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-15 18:01 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-15 13:35 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-15 13:35 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-15 13:35 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-15 13:35 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-15 13:35 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-15 13:35 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-15 13:35 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-15 13:35 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-15 13:35 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-15 13:35 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-15 13:35 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-15 13:35 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-15 13:35 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-15 13:35 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-15 13:35 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-15 13:35 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-15 13:35 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-15 13:35 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-15 13:35 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-15 13:35 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-15 13:35 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-15 13:35 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-15 13:35 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-15 13:35 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-15 13:34 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-15 13:34 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-15 13:34 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-15 13:34 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
==================== One Month Modified Files and Folders =======
2014-03-15 13:36 - 2014-03-14 06:39 - 00014227 _____ () C:\Users\Michael Kempen\Downloads\FRST.txt
2014-03-15 13:35 - 2014-03-14 06:39 - 00000000 ____D () C:\FRST
2014-03-15 13:34 - 2014-03-15 13:34 - 00001146 _____ () C:\Users\Michael Kempen\Desktop\JRT.txt
2014-03-15 13:27 - 2014-03-15 13:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 13:26 - 2014-03-15 13:26 - 01037734 _____ (Thisisu) C:\Users\Michael Kempen\Downloads\JRT.exe
2014-03-15 13:26 - 2013-05-25 15:31 - 00000000 ____D () C:\Users\Michael Kempen\AppData\Roaming\Dropbox
2014-03-15 13:26 - 2013-04-28 16:32 - 00000000 ___RD () C:\Users\Michael Kempen\Dropbox
2014-03-15 13:26 - 2013-03-13 17:18 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 13:15 - 2013-03-13 14:16 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-15 12:53 - 2009-07-14 05:45 - 00022736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-15 12:53 - 2009-07-14 05:45 - 00022736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 12:46 - 2014-01-15 07:38 - 00004518 _____ () C:\Windows\setupact.log
2014-03-15 12:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 12:45 - 2013-03-13 13:42 - 01595773 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 12:44 - 2014-03-15 12:41 - 00000000 ____D () C:\AdwCleaner
2014-03-15 12:40 - 2014-03-15 12:40 - 01950720 _____ () C:\Users\Michael Kempen\Downloads\adwcleaner.exe
2014-03-15 12:37 - 2014-01-15 09:54 - 00348664 _____ () C:\Windows\PFRO.log
2014-03-15 12:21 - 2013-07-03 04:39 - 00004014 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D20AD8BA-418C-4CB9-97A2-117293E3D896}
2014-03-15 12:17 - 2014-03-15 12:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-15 12:09 - 2014-03-15 12:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael Kempen\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-15 11:37 - 2013-03-13 17:18 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-15 11:28 - 2014-03-13 08:59 - 00018432 _____ () C:\Users\Michael Kempen\Desktop\Welke Museums wil ik kijken.xls
2014-03-15 09:36 - 2013-03-13 17:08 - 00000000 ____D () C:\Users\Michael Kempen\AppData\Local\Windows Live
2014-03-15 09:21 - 2013-10-12 06:54 - 00000000 ____D () C:\Users\Michael Kempen\Desktop\Word
2014-03-15 08:39 - 2009-07-14 05:45 - 00923168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 15:24 - 2011-04-12 14:00 - 00745764 _____ () C:\Windows\system32\perfh013.dat
2014-03-14 15:24 - 2011-04-12 14:00 - 00153716 _____ () C:\Windows\system32\perfc013.dat
2014-03-14 15:24 - 2009-07-14 06:13 - 01670960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 11:12 - 2013-03-13 14:21 - 00243632 _____ () C:\Users\Michael Kempen\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-14 08:17 - 2014-03-14 08:17 - 00075310 _____ () C:\Users\Michael Kempen\Downloads\NuevaStd-Regular.otf
2014-03-14 06:40 - 2014-03-14 06:40 - 00027489 _____ () C:\Users\Michael Kempen\Downloads\Addition.txt
2014-03-14 06:39 - 2014-03-14 06:39 - 02157056 _____ (Farbar) C:\Users\Michael Kempen\Downloads\FRST64.exe
2014-03-12 17:03 - 2013-04-05 08:51 - 00025600 _____ () C:\Users\Michael Kempen\Desktop\Hoogvliet.xls
2014-03-12 16:20 - 2013-03-13 17:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 16:20 - 2013-03-13 17:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 07:15 - 2013-03-13 14:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 07:15 - 2013-03-13 14:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 07:15 - 2013-03-13 14:16 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 06:20 - 2014-01-14 22:59 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-12 06:19 - 2013-03-13 13:42 - 00000000 ____D () C:\Users\Michael Kempen
2014-03-12 06:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-12 06:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-11 08:47 - 2013-08-07 04:56 - 00000000 ____D () C:\ProgramData\tmp
2014-03-10 16:42 - 2014-03-10 16:41 - 00000000 ____D () C:\Users\Michael Kempen\AppData\Roaming\EnterImage
2014-03-10 16:41 - 2014-03-10 16:41 - 01362695 _____ (Entersite Design ) C:\Users\Michael Kempen\Downloads\setup.exe
2014-03-10 16:41 - 2014-03-10 16:41 - 00000000 ____D () C:\Program Files (x86)\EnterImage
2014-03-10 13:13 - 2014-03-10 13:13 - 00032544 _____ () C:\Users\Michael Kempen\Downloads\HitmanPro_20140310_1313.log
2014-03-10 13:13 - 2014-03-10 13:02 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-10 13:09 - 2014-03-10 13:09 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-03-10 13:02 - 2014-03-10 13:02 - 10820032 _____ (SurfRight B.V.) C:\Users\Michael Kempen\Downloads\hitmanpro_x64.exe
2014-03-06 11:01 - 2014-03-06 07:58 - 00000000 ____D () C:\Users\Michael Kempen\AppData\Roaming\Belastingdienst
2014-03-06 11:00 - 2014-03-06 11:00 - 00035881 _____ () C:\Users\Michael Kempen\Downloads\086692719.ibv2013
2014-03-06 10:59 - 2014-03-06 10:59 - 00001411 _____ () C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk
2014-03-06 07:58 - 2014-03-06 07:58 - 00000000 ____D () C:\Users\Michael Kempen\Documents\Belastingdienst
2014-03-06 07:57 - 2014-03-06 07:57 - 02836400 _____ (Belastingdienst) C:\Users\Michael Kempen\Downloads\ib2013_win_setup.exe
2014-03-06 07:57 - 2014-03-06 07:57 - 00016780 _____ () C:\Users\Michael Kempen\Downloads\230470488.ibv2013
2014-03-05 08:45 - 2013-04-02 12:12 - 00000000 ___RD () C:\Users\Michael Kempen\Desktop\Ongebruikt
2014-03-04 13:49 - 2014-03-04 13:49 - 71195306 _____ () C:\Users\Michael Kempen\Downloads\Russisch Sprachübung - Wichtige Ausdrücke - Teil 1.mp4
2014-03-04 13:48 - 2014-03-04 13:48 - 10885409 _____ () C:\Users\Michael Kempen\Downloads\Jon Kortajarena entrevista en Cosmopolitan TV.webm
2014-03-04 13:47 - 2014-03-04 13:47 - 38900875 _____ () C:\Users\Michael Kempen\Downloads\Andres Velencoso Segura Models.com Interview.webm
2014-03-04 13:30 - 2014-03-04 13:30 - 93859047 _____ () C:\Users\Michael Kempen\Downloads\Denkstof Waarom hebben christenen rituelen (lang) EO _ ZvK.mp4
2014-03-04 13:30 - 2014-03-04 13:30 - 20690926 _____ () C:\Users\Michael Kempen\Downloads\▶ Convo in Rochester.mp4
2014-03-03 08:13 - 2014-03-03 08:13 - 06542336 _____ () C:\Users\Michael Kempen\Downloads\Asgraphic_presentation_js.pps
2014-03-02 17:04 - 2014-03-02 17:04 - 01927168 _____ () C:\Users\Michael Kempen\Downloads\Hoe_doen_ze_dat_toch.pps
2014-03-01 07:05 - 2014-03-12 06:27 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 06:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 06:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 06:27 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 06:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 06:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 06:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 06:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 06:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 06:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 06:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 06:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 06:27 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 06:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 06:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 06:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 06:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 06:27 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 06:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 06:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 06:27 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 06:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 06:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 06:27 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 06:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 06:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 06:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 06:27 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 06:27 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 06:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 06:27 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 06:27 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 06:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 06:27 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 06:27 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 06:27 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 06:27 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 06:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 06:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 06:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 19:39 - 2014-02-27 19:39 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-27 19:39 - 2014-02-27 19:39 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-02-27 19:21 - 2014-02-27 19:21 - 05852504 _____ (TeamViewer GmbH) C:\Users\Michael Kempen\Downloads\TeamViewer_Setup_nl-ckg.exe
2014-02-27 18:02 - 2014-02-26 18:03 - 01644692 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 09:24 - 2014-02-27 09:24 - 00196960 _____ () C:\Users\Michael Kempen\Downloads\leeftijd.ppsx
2014-02-23 10:17 - 2014-02-23 10:17 - 05526016 _____ () C:\Users\Michael Kempen\Downloads\Amsterdam_speciaal_CC.pps
2014-02-22 16:05 - 2014-02-22 16:05 - 18240707 _____ () C:\Users\Michael Kempen\Downloads\Fotos_gedownload_door_AirDroid.zip
2014-02-21 14:08 - 2014-02-21 14:08 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-02-21 14:08 - 2014-02-21 14:08 - 00002032 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-02-21 14:08 - 2014-02-21 14:08 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-02-21 14:07 - 2014-02-21 14:07 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-02-21 14:07 - 2014-01-15 12:48 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-21 14:07 - 2013-04-04 15:14 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-21 14:07 - 2013-04-04 15:14 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-21 14:07 - 2013-04-04 15:14 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-21 14:07 - 2013-04-04 15:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 14:07 - 2013-03-13 14:09 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-17 16:32 - 2013-03-13 17:18 - 00004068 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 16:32 - 2013-03-13 17:18 - 00003816 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 18:01 - 2013-08-06 17:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 18:00 - 2013-03-13 15:37 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 07:47 - 2014-02-16 07:47 - 00092438 _____ () C:\Users\Michael Kempen\Downloads\noname.eml
2014-02-15 19:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
Some content of TEMP:
====================
C:\Users\Michael Kempen\AppData\Local\Temp\82504uninstall.exe
C:\Users\Michael Kempen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcf2ho.dll
C:\Users\Michael Kempen\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael Kempen\AppData\Local\Temp\Sqlite3.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-10 07:19
==================== End Of Log ============================
--- --- ---
--- --- ---