Ga naar inhoud

Hallo ik heb last van veel ongewenste reclame.


j.van.haaren

Aanbevolen berichten

Download 51a5f5d096dae-icon_RSIT.pngRSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

Dubbelklik op RSIT.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  • Plaats de inhoud hiervan in het volgende bericht.

Link naar reactie
Delen op andere sites

Logfile of random's system information tool 1.09 (written by random/random)

Run by hans at 2013-11-08 15:30:35

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 153 GB (65%) free of 234 GB

Total RAM: 3948 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:30:37, on 8-11-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16720)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Packard Bell\Software Suite\PBSoftSuite.exe

C:\Program Files (x86)\Packard Bell\Software Suite\pbDevDetect.exe

C:\Users\hans\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe

C:\Program Files\trend micro\hans.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - (no file)

R3 - URLSearchHook: (no name) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)

O2 - BHO: BHO_PROJECT - {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - (no file)

O2 - BHO: BHO_PROJECT - {82EA3E77-7BD2-4744-A8F2-670770767EC5} - (no file)

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: appbario2 - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - (no file)

O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: (no name) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - (no file)

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [Packard Bell Software Suite] "C:\Program Files (x86)\Packard Bell\Software Suite\PBSoftSuite.exe" /run

O4 - HKCU\..\Run: [software Suite] "C:\Program Files (x86)\Packard Bell\Software Suite\PBSoftSuite.exe" /RUN

O4 - HKCU\..\Run: [speedUpMyComputer] C:\Program Files (x86)\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O4 - Startup: Dropbox.lnk = hans\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - C:\Users\hans\AppData\Local\Temp\f5tmp\f5InspectionHost.cab

O16 - DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} (Mail Migration) - https://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1697859283

O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - C:\Users\hans\AppData\Local\Temp\f5tmp\f5syschk.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://glaswerkcentrum.glaspact.com/admin/uploadCenter/XUpload.ocx

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: bitguard\261694~1.246\{c16c1~1\bitguard.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: BitGuard - Unknown owner - BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Program Files (x86)\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files (x86)\WinZipper\winzipersvc.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11913 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

"C:\Program Files\Microsoft Security Client\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

"C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe"

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files (x86)\WinZipper\winzipersvc.exe"

taskeng.exe {378F78C1-F626-4FD5-9975-0E60065EC610}

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"

"C:\Program Files (x86)\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe"

"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 1316

"taskhost.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"C:\Windows\system32\Dwm.exe"

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding

C:\Windows\Explorer.EXE

"C:\Windows\System32\hkcmd.exe"

C:\Windows\system32\igfxsrvc.exe -Embedding

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Elantech\ETDCtrl.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4

"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Program Files (x86)\Packard Bell\Software Suite\PBSoftSuite.exe" /RUN

C:\Windows\system32\igfxext.exe -Embedding

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Program Files\Elantech\ETDCtrlHelper.exe"

"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Packard Bell\Software Suite\pbDevDetect.exe"

"C:\Users\hans\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup

"C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

"C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

"C:\Dolby PCEE4\pcee4.exe" -autostart

"C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe"

"C:\Program Files\Microsoft Security Client\NisSrv.exe"

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files (x86)\Windows Live\Mail\wlmail.exe"

"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://www.pc-helpforum.be/f167/hallo-ik-heb-last-van-veel-65986-new/"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3756.0.1834098716\611735177" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,18,24,26 --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2418 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_18/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --channel="3756.1.1913600814\1014471787" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_18/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3756.2.165507546\1046812566" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3756.3.275229193\1879580722" --ppapi-flash-args --lang=nl --ignored=" --type=renderer " /prefetch:-632637702

"C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe"

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

"E:\ha downloads\RSITx64 (3).exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\Torntv 2-codedownloader.job

C:\Windows\tasks\Torntv 2-enabler.job

C:\Windows\tasks\Torntv 2-updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82EA3E77-7BD2-4744-A8F2-670770767EC5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdf97ee2-ded0-4369-835e-99dd08225fa5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

!{2318C2B1-4965-11d4-9B18-009027A5CD4F}

{ae07101b-46d4-4a98-af68-0333ea26e113}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

!{2318C2B1-4965-11d4-9B18-009027A5CD4F}

{98889811-442D-49dd-99D7-DC866BE87DBC}

{cdf97ee2-ded0-4369-835e-99dd08225fa5}

{ae07101b-46d4-4a98-af68-0333ea26e113}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-21 392472]

"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-21 416024]

"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []

"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2011-04-05 2589992]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-03-28 11786344]

"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-03-21 2207848]

"Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528]

"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-08-12 1356240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Packard Bell Software Suite"=C:\Program Files (x86)\Packard Bell\Software Suite\PBSoftSuite.exe [2009-10-01 3144736]

"Software Suite"=C:\Program Files (x86)\Packard Bell\Software Suite\PBSoftSuite.exe [2009-10-01 3144736]

"SpeedUpMyComputer"=C:\Program Files (x86)\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.exe [2013-01-10 2054776]

"ccleaner"=C:\Program Files\CCleaner\CCleaner64.exe [2010-11-24 3390264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser companion helper]

C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\Windows\system32\igfxtray.exe [2011-06-21 167704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

C:\Program Files (x86)\Launch Manager\LManager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Finder]

C:\Program Files (x86)\Media Finder\Media Finder.exe /opentotray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]

C:\Users\hans\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

C:\Users\hans\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray]

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-04-02 340848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^hans^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

C:\Users\hans\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-05-25 27776968]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2011-03-29 408432]

"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2011-03-29 202608]

"BackupManagerTray"=C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2012-01-05 296984]

"Dolby Advanced Audio v2"=C:\Dolby PCEE4\pcee4.exe [2011-02-03 506712]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[]

C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\hans\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2011-06-10 389632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-11-08 14:06:00 ----D---- C:\rsit

2013-11-08 14:06:00 ----D---- C:\Program Files\trend micro

2013-11-02 15:32:52 ----A---- C:\Windows\system32\drivers\usbuhci.sys

2013-11-02 15:32:52 ----A---- C:\Windows\system32\drivers\usbport.sys

2013-11-02 15:32:52 ----A---- C:\Windows\system32\drivers\usbhub.sys

2013-11-02 15:32:52 ----A---- C:\Windows\system32\drivers\usbehci.sys

2013-11-02 15:32:52 ----A---- C:\Windows\system32\drivers\usbd.sys

2013-11-02 15:32:52 ----A---- C:\Windows\system32\drivers\usbccgp.sys

2013-11-02 15:32:51 ----A---- C:\Windows\system32\drivers\usbohci.sys

2013-10-19 19:13:28 ----RD---- C:\Users\hans\AppData\Roaming\Brother

2013-10-19 15:56:10 ----D---- C:\Program Files (x86)\Adobe

2013-10-16 16:58:56 ----D---- C:\Program Files (x86)\GUM117B.tmp

2013-10-16 16:58:56 ----A---- C:\Program Files (x86)\GUT117C.tmp

2013-10-10 21:08:19 ----A---- C:\Windows\SYSWOW64\ieui.dll

2013-10-10 21:08:19 ----A---- C:\Windows\system32\ieui.dll

2013-10-10 21:08:18 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe

2013-10-10 21:08:18 ----A---- C:\Windows\SYSWOW64\iesysprep.dll

2013-10-10 21:08:18 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2013-10-10 21:08:18 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2013-10-10 21:08:18 ----A---- C:\Windows\system32\iesetup.dll

2013-10-10 21:08:18 ----A---- C:\Windows\system32\iernonce.dll

2013-10-10 21:08:18 ----A---- C:\Windows\system32\ie4uinit.exe

2013-10-10 21:08:17 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2013-10-10 21:08:17 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-10 21:08:17 ----A---- C:\Windows\system32\iesysprep.dll

2013-10-10 21:08:17 ----A---- C:\Windows\system32\iertutil.dll

2013-10-10 21:08:16 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2013-10-10 21:08:15 ----A---- C:\Windows\SYSWOW64\jscript.dll

2013-10-10 21:08:15 ----A---- C:\Windows\system32\msfeeds.dll

2013-10-10 21:08:15 ----A---- C:\Windows\system32\jscript.dll

2013-10-10 21:08:14 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2013-10-10 21:08:14 ----A---- C:\Windows\system32\jscript9.dll

2013-10-10 21:08:13 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2013-10-10 21:08:12 ----A---- C:\Windows\system32\urlmon.dll

2013-10-10 21:08:11 ----A---- C:\Windows\SYSWOW64\wininet.dll

2013-10-10 21:08:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2013-10-10 21:08:11 ----A---- C:\Windows\system32\jsproxy.dll

2013-10-10 21:08:10 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2013-10-10 21:08:10 ----A---- C:\Windows\system32\wininet.dll

2013-10-10 21:08:09 ----A---- C:\Windows\system32\ieframe.dll

2013-10-10 21:08:08 ----A---- C:\Windows\system32\mshtml.dll

2013-10-10 21:08:06 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2013-10-10 20:18:25 ----A---- C:\Windows\system32\comctl32.dll

2013-10-10 20:18:24 ----A---- C:\Windows\SYSWOW64\comctl32.dll

2013-10-10 20:18:23 ----A---- C:\Windows\SYSWOW64\lpk.dll

2013-10-10 20:18:23 ----A---- C:\Windows\SYSWOW64\fontsub.dll

2013-10-10 20:18:23 ----A---- C:\Windows\SYSWOW64\dciman32.dll

2013-10-10 20:18:23 ----A---- C:\Windows\SYSWOW64\atmlib.dll

2013-10-10 20:18:23 ----A---- C:\Windows\SYSWOW64\atmfd.dll

2013-10-10 20:18:23 ----A---- C:\Windows\system32\lpk.dll

2013-10-10 20:18:23 ----A---- C:\Windows\system32\fontsub.dll

2013-10-10 20:18:23 ----A---- C:\Windows\system32\drivers\Wdf01000.sys

2013-10-10 20:18:23 ----A---- C:\Windows\system32\dciman32.dll

2013-10-10 20:18:23 ----A---- C:\Windows\system32\atmlib.dll

2013-10-10 20:18:23 ----A---- C:\Windows\system32\atmfd.dll

2013-10-10 20:17:58 ----A---- C:\Windows\system32\drivers\usbvideo.sys

2013-10-10 20:17:58 ----A---- C:\Windows\system32\drivers\usbcir.sys

2013-10-10 20:17:58 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys

2013-10-10 20:17:57 ----A---- C:\Windows\system32\drivers\usbscan.sys

2013-10-10 20:17:57 ----A---- C:\Windows\system32\drivers\hidparse.sys

2013-10-10 20:17:57 ----A---- C:\Windows\system32\drivers\hidclass.sys

2013-10-10 20:17:55 ----A---- C:\Windows\SYSWOW64\WebClnt.dll

2013-10-10 20:17:55 ----A---- C:\Windows\SYSWOW64\davclnt.dll

2013-10-10 20:17:55 ----A---- C:\Windows\system32\WebClnt.dll

2013-10-10 20:17:55 ----A---- C:\Windows\system32\drivers\mrxdav.sys

2013-10-10 20:17:55 ----A---- C:\Windows\system32\davclnt.dll

2013-10-10 20:17:53 ----A---- C:\Windows\system32\mswsock.dll

2013-10-10 20:17:53 ----A---- C:\Windows\system32\drivers\tcpip.sys

2013-10-10 20:17:53 ----A---- C:\Windows\system32\drivers\afd.sys

2013-10-10 20:17:52 ----A---- C:\Windows\SYSWOW64\mswsock.dll

2013-10-10 20:17:52 ----A---- C:\Windows\system32\win32k.sys

2013-10-10 20:17:49 ----A---- C:\Windows\system32\ntoskrnl.exe

2013-10-10 20:17:48 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2013-10-10 20:17:48 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2013-10-10 20:17:47 ----A---- C:\Windows\system32\tdh.dll

2013-10-10 20:17:47 ----A---- C:\Windows\system32\ntdll.dll

2013-10-10 20:17:47 ----A---- C:\Windows\system32\advapi32.dll

2013-10-10 20:17:46 ----A---- C:\Windows\SYSWOW64\tdh.dll

2013-10-10 20:17:46 ----A---- C:\Windows\SYSWOW64\ntdll.dll

2013-10-10 20:17:46 ----A---- C:\Windows\SYSWOW64\advapi32.dll

2013-10-10 20:17:46 ----A---- C:\Windows\system32\wow64.dll

2013-10-10 20:17:45 ----A---- C:\Windows\SYSWOW64\wow32.dll

2013-10-10 20:17:45 ----A---- C:\Windows\SYSWOW64\user.exe

2013-10-10 20:17:45 ----A---- C:\Windows\SYSWOW64\setup16.exe

2013-10-10 20:17:45 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll

2013-10-10 20:17:45 ----A---- C:\Windows\SYSWOW64\instnm.exe

2013-10-10 20:17:40 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 20:17:40 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 20:17:40 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys

2013-10-10 20:17:39 ----A---- C:\Windows\system32\scavengeui.dll

======List of files/folders modified in the last 1 month======

2013-11-08 15:28:41 ----D---- C:\Windows\Temp

2013-11-08 14:06:00 ----D---- C:\Program Files

2013-11-08 14:05:01 ----D---- C:\Windows

2013-11-08 14:01:48 ----D---- C:\Windows\system32\config

2013-11-08 13:47:49 ----D---- C:\Program Files (x86)\WinZipper

2013-11-08 13:45:56 ----D---- C:\Users\hans\AppData\Roaming\Dropbox

2013-11-08 13:43:23 ----D---- C:\Windows\System32

2013-11-08 13:43:23 ----D---- C:\Windows\inf

2013-11-08 13:43:23 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-11-08 13:41:03 ----A---- C:\Windows\SYSWOW64\log.txt

2013-11-06 20:15:49 ----D---- C:\Windows\system32\NDF

2013-11-06 20:05:35 ----D---- C:\Windows\system32\catroot2

2013-11-06 11:00:43 ----D---- C:\Windows\Prefetch

2013-11-06 11:00:40 ----SHD---- C:\System Volume Information

2013-11-02 15:43:31 ----D---- C:\Windows\winsxs

2013-11-02 15:41:51 ----D---- C:\Windows\system32\DriverStore

2013-11-02 15:41:51 ----D---- C:\Windows\system32\drivers

2013-11-02 15:31:55 ----D---- C:\Windows\system32\catroot

2013-11-02 14:46:30 ----SHD---- C:\Windows\Installer

2013-11-02 14:46:30 ----SHD---- C:\Config.Msi

2013-11-02 13:37:01 ----D---- C:\Windows\SysWOW64

2013-10-20 15:28:59 ----D---- C:\ProgramData\DSearchLink

2013-10-19 15:56:15 ----D---- C:\ProgramData\Adobe

2013-10-19 15:56:10 ----D---- C:\Program Files (x86)

2013-10-16 04:58:27 ----D---- C:\Program Files\Microsoft Security Client

2013-10-16 04:58:26 ----D---- C:\Program Files (x86)\Microsoft Security Client

2013-10-13 14:22:33 ----D---- C:\Windows\rescache

2013-10-13 14:04:18 ----RSD---- C:\Windows\assembly

2013-10-13 14:04:18 ----D---- C:\Windows\Microsoft.NET

2013-10-13 07:36:33 ----D---- C:\Windows\debug

2013-10-13 07:32:28 ----D---- C:\Program Files (x86)\Internet Explorer

2013-10-13 07:32:27 ----D---- C:\Program Files\Internet Explorer

2013-10-13 07:32:24 ----D---- C:\Windows\AppPatch

2013-10-10 21:09:54 ----A---- C:\Windows\win.ini

2013-10-10 21:07:03 ----D---- C:\Program Files\Microsoft Silverlight

2013-10-10 21:07:03 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2013-10-10 21:02:49 ----D---- C:\Windows\system32\MRT

2013-10-10 21:01:02 ----A---- C:\Windows\system32\MRT.exe

2013-10-10 20:57:49 ----D---- C:\Windows\system32\nl-NL

2013-10-10 20:49:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-04-26 557848]

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 247216]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]

R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-22 22648]

R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-22 20520]

R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-22 62776]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 139616]

R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-11-09 2377216]

R3 b57xdbd;Broadcom xD Picture Bus Driver Service; C:\Windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]

R3 b57xdmp;Broadcom xD Picture vstorp client drv; C:\Windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]

R3 bScsiMSa;bScsiMSa; C:\Windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]

R3 bScsiSDa;bScsiSDa; C:\Windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]

R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-10 12230912]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-03-29 2819560]

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]

R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]

R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 BrSerIb;Brother Serial Interface Driver(WDM); C:\Windows\system32\DRIVERS\BrSerIb.sys [2012-11-15 95344]

S3 BrUsbSIb;Brother Serial USB Driver(WDM); C:\Windows\system32\DRIVERS\BrUsbSIb.sys [2012-11-15 21872]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]

S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

S3 USB28xxBGA;USB 2861 Device; C:\Windows\system32\DRIVERS\emBDA64.sys [2011-03-06 683136]

S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys [2011-03-06 1189504]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-03 65640]

R2 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]

R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]

R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2011-02-01 326168]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-08-12 23808]

R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]

R2 PowerSave;PowerSave Service; C:\Program Files (x86)\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [2009-04-06 1002016]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152]

R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

R2 winzipersvc;WinZiper service; C:\Program Files (x86)\WinZipper\winzipersvc.exe [2013-07-22 424104]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-08-12 366600]

S2 BitGuard;BitGuard; BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe []

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10 116648]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10 257416]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-09-06 655624]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10 116648]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Link naar reactie
Delen op andere sites

Download 51a612a8b27e2-Zoek.pngZoek.zip naar het bureaublad.

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

chromelook; 
 {3bbd3c14-4c16-4989-8366-95bc9179779d};c
 {cdf97ee2-ded0-4369-835e-99dd08225fa5};c
 {2EECD738-5844-4a99-B4B6-146BF802613B};c
 {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9};c
 {82EA3E77-7BD2-4744-A8F2-670770767EC5};c
 {cdf97ee2-ded0-4369-835e-99dd08225fa5};c
 {2318C2B1-4965-11d4-9B18-009027A5CD4F};c
 {98889811-442D-49dd-99D7-DC866BE87DBC};c
 {cdf97ee2-ded0-4369-835e-99dd08225fa5};c
 {ae07101b-46d4-4a98-af68-0333ea26e113};c
 BitGuard;s
 C:\Windows\tasks\Torntv 2-codedownloader.job;f
 C:\Windows\tasks\Torntv 2-enabler.job;f
 C:\Windows\tasks\Torntv 2-updater.job;f
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82EA3E77-7BD2-4744-A8F2-670770767EC5}];r64
 [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdf97ee2-ded0-4369-835e-99dd08225fa5}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar];r64
 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser companion helper];r64
 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Finder];r64
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r64
 "AppInit_DLLs"=-;r64
 C:\Program Files (x86)\GUM117B.tmp;f
 C:\Program Files (x86)\GUT117C.tmp;f
 firefoxlook; 

emptyfolderscheck;delete 
startupall; 
filesrcm;

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
  • Firefox Defaults
  • Reset Chrome
  • IE Defaults
  • Auto Clean
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Zoek.exe Version 4.0.0.5 Updated 09-November-2013

Tool run by hans on zo 10-11-2013 at 10:10:23,39.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\hans\AppData\Local\Temp\WzE8BAD.tmp\zoek.exe [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2013-11-10-090144.log 26049 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{17623E0E-0AC5-1C73-3CA6-4F42DEECCD50} deleted successfully

HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1FE7D3B3-CC9F-E17F-CFFB-56A046C1375A} deleted successfully

HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4A9CFE73-6D3B-4090-8B23-F4EDA59D4373} deleted successfully

HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70BA3E6B-1059-2266-0B2C-40E4A85231B8} deleted successfully

HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\winzipersvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winzipersvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\winzipersvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winzipersvc deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:

Added to C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\prefs.js:

Added to C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

---- Lines funmoods removed from user.js ----

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hmpgUrl", "http://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0D0FyC0EyCzztB0CtAyDtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=978201457");

user_pref("extensions.funmoods.dfltSrch", true);

user_pref("extensions.funmoods.srchPrvdr", "Search");

user_pref("extensions.funmoods.dnsErr", true);

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods.newTabUrl", "http://start.funmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0D0FyC0EyCzztB0CtAyDtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=978201457");

user_pref("extensions.funmoods.tlbrSrchUrl", "http://start.funmoods.com/?f=3&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0D0FyC0EyCzztB0CtAyDtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=978201457&q=");

user_pref("extensions.funmoods.id", "B870F4DF6E682C35");

user_pref("extensions.funmoods.instlDay", "15527");

user_pref("extensions.funmoods.vrsn", "1.5.23.22");

user_pref("extensions.funmoods.vrsni", "1.5.23.22");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:20:3");

user_pref("extensions.funmoods.prtnrId", "funmoods");

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.aflt", "fmtgl");

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods.tlbrId", "base");

user_pref("extensions.funmoods.instlRef", "fmtgl");

user_pref("extensions.funmoods.dfltLng", "");

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.autoRvrt", false);

user_pref("extensions.funmoods.envrmnt", "production");

user_pref("extensions.funmoods.isdcmntcmplt", true);

user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

---- FireFox user.js and prefs.js backups ----

user_10-11-2013_1019_.backup

prefs_10-11-2013_1019_.backup

ProfilePath: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default

---- Lines funmoods removed from user.js ----

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hmpgUrl", "http://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0D0FyC0EyCzztB0CtAyDtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=978201457");

user_pref("extensions.funmoods.dfltSrch", true);

user_pref("extensions.funmoods.srchPrvdr", "Search");

user_pref("extensions.funmoods.dnsErr", true);

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods.newTabUrl", "http://start.funmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0D0FyC0EyCzztB0CtAyDtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=978201457");

user_pref("extensions.funmoods.tlbrSrchUrl", "http://start.funmoods.com/?f=3&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0D0FyC0EyCzztB0CtAyDtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=978201457&q=");

user_pref("extensions.funmoods.id", "B870F4DF6E682C35");

user_pref("extensions.funmoods.instlDay", "15527");

user_pref("extensions.funmoods.vrsn", "1.5.23.22");

user_pref("extensions.funmoods.vrsni", "1.5.23.22");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:20:3");

user_pref("extensions.funmoods.prtnrId", "funmoods");

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.aflt", "fmtgl");

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods.tlbrId", "base");

user_pref("extensions.funmoods.instlRef", "fmtgl");

user_pref("extensions.funmoods.dfltLng", "");

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.autoRvrt", false);

user_pref("extensions.funmoods.envrmnt", "production");

user_pref("extensions.funmoods.isdcmntcmplt", true);

user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.id", "c4a02c350000000000004a59f90df354");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.instlDay", "15985");

user_pref("extensions.delta.vrsn", "1.8.24.6");

user_pref("extensions.delta.vrsni", "1.8.24.6");

user_pref("extensions.delta.vrsnTs", "1.8.24.617:27:30");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.dfltLng", "nl");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta_i.babTrack", "affID=124798&tsp=5028");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.srcExt", "ss");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.newTab", false);

---- FireFox user.js and prefs.js backups ----

user_10-11-2013_1019_.backup

prefs_10-11-2013_1019_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]

@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Uninstall Information\ib_uninst_514 deleted

C:\PROGRA~2\Uninstall Information\ib_uninst_515 deleted

C:\PROGRA~2\Delta deleted

C:\PROGRA~2\OApps deleted

C:\PROGRA~2\Conduit deleted

C:\Users\hans\AppData\Roaming\WinZipper deleted

C:\Users\hans\AppData\Roaming\Funmoods deleted

C:\Users\hans\AppData\Roaming\ExpressFiles deleted

C:\Users\hans\AppData\Roaming\eIntaller deleted

C:\Users\hans\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com deleted

C:\Users\hans\AppData\Roaming\Media Finder deleted

C:\Users\hans\AppData\Local\Ilivid Player deleted

C:\Users\hans\AppData\Local\funmoods-speeddial.crx deleted

C:\Users\hans\AppData\Local\CRE deleted

C:\Users\hans\AppData\Local\Software deleted

C:\Users\hans\AppData\Local\Conduit deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder deleted

C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard deleted

C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender deleted

C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted

C:\Windows\SysNative\roboot64.exe deleted

C:\Users\hans\AppData\LocalLow\Search-NewTab deleted

C:\Users\hans\AppData\LocalLow\appbario2 deleted

C:\Users\hans\AppData\LocalLow\searchquband deleted

C:\Users\hans\AppData\LocalLow\Delta deleted

C:\Users\hans\AppData\LocalLow\DataMngr deleted

C:\Users\hans\AppData\LocalLow\PriceGong deleted

C:\Users\hans\AppData\LocalLow\Conduit deleted

C:\Windows\wininit.ini deleted

C:\windows\SysNative\tasks\Funmoods deleted

C:\windows\SysNative\tasks\Desk 365 RunAsStdUser deleted

C:\windows\SysNative\Tasks\Express FilesUpdate deleted

C:\windows\SysNative\Tasks\EPUpdater deleted

C:\windows\SysNative\tasks\BitGuard deleted

C:\Windows\SysWow64\searchplugins deleted

C:\Windows\SysWow64\Extensions deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\babylon.xml deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\bProtect.xml deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\search.xml deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\Search_Results.xml deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\WebSearch.xml deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\ffxtlbr@babylon.com deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\bProtector_extensions.sqlite deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\bProtector_prefs.js deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\jetpack deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\CT2849859 deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\CT3008653 deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\CT3227975 deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\ffxtlbr@funmoods.com deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\ffxtlbr@delta.com deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\conduitCommon deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\plugin@startsearcher.com deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\gadget@gadgetbox deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\bbrs_002@blabbers.com deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\OneClickDownload@OneClickDownload.com deleted

"C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\delta.xml" deleted

"C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\conduit.xml" deleted

"C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\torntv2@torntv.com.xpi" deleted

"C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\GadgetBox.xml" deleted

"C:\PROGRA~2\WinZipper\7z.dll" deleted

"C:\PROGRA~2\WinZipper\ebase.dll" deleted

"C:\PROGRA~2\WinZipper\eshellctx64.dll" deleted

"C:\PROGRA~2\WinZipper\libpng.dll" deleted

"C:\PROGRA~2\WinZipper\ouilibnl.dll" deleted

"C:\PROGRA~2\WinZipper\WinZipper.exe" deleted

"C:\PROGRA~2\WinZipper" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"yayy5_a@qp-oyiha.edu"="C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\yayy5_a@qp-oyiha.edu" [17-03-2013 08:50]

==== Firefox Extensions ======================

ProfilePath: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default

- Undetermined - C:\Users\hans\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

- Plus-HD-2.2 - %ProfilePath%\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com

- Bcool - %ProfilePath%\extensions\4fe0f2def0911@4fe0f2def094b.info

- Bcool - %ProfilePath%\extensions\5103ffa1c9600@5103ffa1c9639.com

- Search-NewTab - %ProfilePath%\extensions\5103ffb489974@5103ffb4899ad.com

- VideoFileDownload - Download YouTube Videos - %ProfilePath%\extensions\plugin@videofiledownload.com

- BcoouL - %ProfilePath%\extensions\sbxabkpk@yoo-vvbcfb.edu

- SeaRch-NeWTab - %ProfilePath%\extensions\yayy5_a@qp-oyiha.edu

- BittorrentBar_NL Community Toolbar - %ProfilePath%\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}

- Translator 3.1 Community Toolbar - %ProfilePath%\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}

- DealPly Shopping - %ProfilePath%\extensions\{906000a4-88d9-4d52-b209-7a772970d91f}

- GoPhotoIt - %ProfilePath%\extensions\gophoto@gophoto.it.xpi

- Torntv 3 - %ProfilePath%\extensions\trtv3@trtv.com.xpi

==== Firefox Plugins ======================

==== Deleted Firefox Extensions ======================

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\4fe0f2def0911@4fe0f2def094b.info deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\5103ffa1c9600@5103ffa1c9639.com deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f} deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\trtv3@trtv.com.xpi deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\gophoto@gophoto.it.xpi deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\5103ffb489974@5103ffb4899ad.com deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\yayy5_a@qp-oyiha.edu deleted

C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bicnnkjibmphdeigoodpjlcklcnaobdj - C:\Program Files (x86)\TornTV.com\torntv10.crx[]

clbfjfbnelcflpgpklppgplejolacbej - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx[]

dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\hans\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[]

jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[]

jplinpmadfkdgipabgcdchbdikologlh - C:\Program Files (x86)\1ClickDownload\1click12.crx[]

lcbdmcaecolegfghinimlklbainfakge - C:\ProgramData\Bcool\lcbdmcaecolegfghinimlklbainfakge.crx[19-06-2012 22:45]

lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\hans\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[]

nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\hans\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\hans\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

==== Chrome Fix ======================

C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully

C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully

C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully

C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully

C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.delta-search.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Backup.Old.Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT2849859"

"Start Page Restore"="http://www.searchnu.com/406"

"Default_Page_URL"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://www.google.com"

"Start Page Redirect Cache"="http://www.startsearcher.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://www.google.com"

"Start Page Redirect Cache"="http://www.startsearcher.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.com"

"Backup.Old.Start Page"="http://www.google.com"

"Start Page Restore"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{DB347609-BFF5-441A-BC2E-6B4DD755B2D5} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_nl"

==== Reset Google Chrome ======================

C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg

E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg

E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg

E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg

E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg

E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg

E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg

E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg

E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg

E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp

E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg

E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg

E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg

E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg

E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg

E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg

E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg

E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg

E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg

E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg

E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp

E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg

E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg

E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg

E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg

E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg

E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg

E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg

E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg

E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg

E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg

E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp

E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg

E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg

E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg

E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg

E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg

E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg

E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg

E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg

E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg

E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg

E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp

E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg

E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg

E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg

E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg

E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg

E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg

E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg

E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg

E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg

E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg

E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp

E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg

E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg

E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg

E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg

E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg

E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg

E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg

E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg

E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg

E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg

E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp

E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg

E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg

E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg

E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg

E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg

E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg

E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg

E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg

E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg

E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg

E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp

E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X .lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AA1000000001}\SC_Reader.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office-hulpprogramma's\Microsoft Office Access Snapshot Viewer.lnk - C:\Windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Base.lnk - C:\Program Files (x86)\OpenOffice 4\program\sbase.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Calc.lnk - C:\Program Files (x86)\OpenOffice 4\program\scalc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Draw.lnk - C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Impress.lnk - C:\Program Files (x86)\OpenOffice 4\program\simpress.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Math.lnk - C:\Program Files (x86)\OpenOffice 4\program\smath.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Writer.lnk - C:\Program Files (x86)\OpenOffice 4\program\swriter.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe QVO6

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk - C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE /recycle

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Excel 2003.lnk - C:\Windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2003.lnk - C:\Windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint Shop Pro 7.lnk - C:\Windows\Installer\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}\psp7.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Excel 2003.lnk - C:\Windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2003.lnk - C:\Windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WinZipper application.lnk - C:\Program Files (x86)\WinZipper\WinZipper.exe

==== shortcuts After Repair ======================

C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0DBED70A-F43C-B2C4-79B7-514BD953EFB5} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{34F521A7-2CD5-0B32-4504-31C64B05EE89} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{617DD7C5-7FA3-B51A-6731-BB87BC15F0EC} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7C366C02-4577-90A0-3602-26AE83354560} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B516E6E6-D295-84BF-BF6A-AD5F7AF84A36} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D44A5975-47CD-3D5E-E4BB-E1E831DCF094} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\hans\AppData\Local\Mozilla\Firefox\Profiles\xxxi386s.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\hans\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\WinZipper" not found

==== EOF on zo 10-11-2013 at 10:24:24,47 ======================

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.