j.van.haaren

Er kom nu niets vreemds meer voor de dag hartelijk bedank voor het oplossen ik zal nu mijn virus en malware scanners weer aan zetten wat kan ik nog meer doen om geen rotzooi meer binnen te krijgen.

# AdwCleaner v3.012 - Report created 16/11/2013 at 12:59:44 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : eigenaar - PC43108-A # Running from : C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EF0LX01G\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\WinMaximizer ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-2.2 Key Deleted : HKCU\Software\AppDataLow\Software\smartbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\Software\Uniblue Key Deleted : HKLM\Software\WinMaximizer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods Key Deleted : [x64] HKLM\SOFTWARE\DataMngr Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Mozilla Firefox v [ File : C:\Users\eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ] -\\ Google Chrome v [ File : C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [6696 octets] - [16/11/2013 12:58:37] AdwCleaner[s0].txt - [6574 octets] - [16/11/2013 12:59:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6634 octets] ##########

Zoek.exe Version 4.0.0.5 Updated 14-November-2013 Tool run by eigenaar on za 16-11-2013 at 10:39:57,84. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\eigenaar\AppData\Local\Temp\Rar$EX05.752\zoek.exe [script inserted] [Checkboxes used] ==== System Restore Info ====================== 16-11-2013 10:44:35 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Atari deleted successfully C:\PROGRA~2\DealPly deleted successfully C:\PROGRA~2\TomTom DesktopSuite deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\ProgramData\\Babylon deleted successfully C:\ProgramData\\Big Fish Games deleted successfully C:\ProgramData\\CorelDRAW Graphics Suite X5 deleted successfully C:\ProgramData\\Oracle deleted successfully C:\Users\eigenaar\AppData\Roaming\Atari deleted successfully C:\Users\eigenaar\AppData\Roaming\Reviversoft deleted successfully C:\Users\eigenaar\AppData\Roaming\Solvusoft deleted successfully C:\Users\eigenaar\AppData\Roaming\SynthMaker deleted successfully C:\Users\Pieter\AppData\Roaming\Google deleted successfully C:\Users\eigenaar\AppData\Local\Conduit deleted successfully C:\Users\eigenaar\AppData\Local\MigWiz deleted successfully C:\Users\eigenaar\AppData\Local\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03} deleted successfully HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8AD43791-97EE-4FCB-95C5-06C00A67F700} deleted successfully HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E398376B-E950-4B75-9F7A-A2C65C605FD5} deleted successfully HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js: Added to C:\Users\eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js: user_pref("browser.startup.homepage", "Google"); user_pref("browser.search.defaulturl", "Google="); user_pref("browser.newtab.url", "Google"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "Google="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\DealPly not found C:\PROGRA~2\TornTV.com deleted C:\PROGRA~2\1ClickDownload deleted C:\PROGRA~2\Conduit deleted C:\ProgramData\\Ask deleted C:\ProgramData\\boost_interprocess deleted C:\ProgramData\\Tarma Installer deleted C:\Users\eigenaar\AppData\Local\Ilivid Player deleted C:\Users\eigenaar\AppData\Local\CRE deleted C:\Users\eigenaar\AppData\Local\APN deleted C:\Users\eigenaar\AppData\Local\Babylon deleted C:\Users\eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted C:\Windows\SysNative\roboot64.exe deleted C:\windows\SysNative\Tasks\WinMaximizer-eigenaar-Startup deleted C:\windows\SysNative\Tasks\WinMaximizer64-eigenaar-Startup deleted C:\Windows\Tasks\WinMaximizer-eigenaar-Startup.job deleted C:\Windows\Tasks\WinMaximizer64-eigenaar-Startup.job deleted C:\Users\eigenaar\AppData\LocalLow\IAC deleted C:\Users\eigenaar\AppData\LocalLow\facemoods.com deleted C:\Users\eigenaar\AppData\LocalLow\DataMngr deleted C:\Users\eigenaar\AppData\LocalLow\Conduit deleted C:\Users\Pieter\AppData\LocalLow\AskToolbar deleted C:\Users\Pieter\AppData\LocalLow\facemoods.com deleted C:\user.js deleted "C:\Users\eigenaar\AppData\Roaming\TVSM\prefs" deleted "C:\Users\eigenaar\AppData\Roaming\TVSM" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-10-22 20:03:04 7D6E128FDC85D9EC2130ECAEC7FB7C76 66 ----a-w- C:\Windows\Brfaxrx.ini ====== C:\Users\eigenaar\AppData\Local\Temp ==== ====== Java Cache ===== 2013-10-22 19:18:28 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-413c13ee 2013-10-22 19:18:15 399263C9A2834C1EB6329D8FAA969E64 100 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap 2013-10-22 19:18:15 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-7eef390b 2013-10-22 19:18:14 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-40392d82 2013-11-14 23:01:43 37C5C378CAC200CDA3B32EA9337D52E8 79 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4eb386c2-6.0.lap 2013-11-14 23:01:50 7B7A2E080B7666937AC3F375D9E3DEC9 39234 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\76354827-73a5c781 2013-10-22 19:18:15 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-1653ae62 ====== C:\Windows\SysWOW64 ===== 2013-11-13 23:10:36 FED1803F2F9C4BDBA8267EA2DE47CFE2 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 23:10:35 FEB2F07A980A9844AD1B5E886C9B5338 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-11-13 23:10:34 E841206E319069920C394A5E3842568F 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-11-13 23:10:33 8D98D99DC6D4033591354156CEB25153 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 23:10:33 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 23:10:33 70F131E94E1B4496469A563C85279192 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-11-13 23:10:32 DA5374911037841F81072A4DCBB02D93 2049024 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-11-13 23:10:30 AD6639EF2BD655C7E630B6BCF7203463 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 23:10:29 6AD683FF326836EB6AE63B1F144A4F9D 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-11-13 23:10:27 D42525513055C0A65FD4BEFAFACEB134 2877952 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-11-13 23:10:27 A5897063A4B6796EFB7B34CEC5BC739F 1138176 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-11-13 23:10:25 98B05ADD60BAA432E708BAFEBE5B1D70 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 23:10:24 5FD4335DCD343D0FEA9FA6B18ED408D9 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-11-13 23:10:22 1191434BB424F18C2609AB5C955DD14E 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-11-13 23:10:17 02A04841906A8892AD6CC7BDBCB5F61D 14355968 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-11-13 22:30:45 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2013-11-13 22:30:38 EE7CB55F77465CDAC4C80F587FF7C278 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll 2013-11-13 22:30:37 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\SysWOW64\credui.dll 2013-11-13 22:30:37 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 22:30:31 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2013-11-13 22:30:30 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 22:30:30 42B924C5F3924C1EB2539F22C10D7DF1 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2013-11-13 22:30:30 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2013-11-13 22:30:28 56E3313690866F99CD17AA1342F64AE1 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2013-11-13 22:30:24 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 22:30:24 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-11-13 23:10:36 668653D2C9ED9E7529386DD8138FAAEB 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-11-13 23:10:35 8D0D46B480BB260FA2AEA1201F15E784 526336 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-11-13 23:10:34 59AD440EFC7A653B55D5DC34E75960B2 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-11-13 23:10:34 2CA49EB6296DBC1A5CEE141009A6F757 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-11-13 23:10:33 9F1D74E792DADA30809FCA64F705C042 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-11-13 23:10:33 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-11-13 23:10:32 F08BF4FC30F31350DCAB06F2B59ED1E9 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-11-13 23:10:31 A96B3E9D360DE75B09EE77698A54412B 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-11-13 23:10:30 1E47964351EA38C20A8E28B413769C80 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-11-13 23:10:29 EFB4937249C7E4D57F69CC4B1986BC4B 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-11-13 23:10:28 90868BDD4047BF951E03620961945149 3959808 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-11-13 23:10:26 F13305A81317DDAEA3968D2D8EC0C0A4 1364992 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-11-13 23:10:25 B83DB27D36C697760E0D33AE0CF76AAD 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-11-13 23:10:24 9706C99DAEBE3FEAC811B239617E98C4 2241536 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-11-13 23:10:21 9991ABD246ED906CF420B2CA08BF685A 15404544 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-11-13 23:10:20 25C356A79B7002E0A20AAF592ED59DE4 19269632 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-11-13 22:30:46 780F6ECC4F55D76C9730E6B6C9B31913 1474048 ----a-w- C:\Windows\Sysnative\crypt32.dll 2013-11-13 22:30:38 8563BA40DF4F1E93A61B70E2C8B60CF8 190464 ----a-w- C:\Windows\Sysnative\SmartcardCredentialProvider.dll 2013-11-13 22:30:38 4403D5ECE7D8323CAF1207D1AA38FA01 197120 ----a-w- C:\Windows\Sysnative\credui.dll 2013-11-13 22:30:38 34152997FB906895290E0199AC94B85F 1930752 ----a-w- C:\Windows\Sysnative\authui.dll 2013-11-13 22:30:31 31FFED18C7B836CEC1B559347E32E151 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2013-11-13 22:30:30 B08EA91C774AA734E0B9881F85CD9F42 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll 2013-11-13 22:30:30 7C46EC9CCDE6E793713FA01DB2EB918E 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2013-11-13 22:30:30 747B9BA5412422F27934CB21131F0A3E 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2013-11-13 22:30:30 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\Sysnative\lsass.exe 2013-11-13 22:30:30 208EAAFF40DA400190AA0605C797BEA2 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2013-11-13 22:30:30 086F906B1D30C0A5D35FE0F6362DAB21 1447936 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2013-11-13 22:30:28 56325BB1FF19F2A5AC8713756AC41140 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll 2013-11-13 22:30:26 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL 2013-11-13 22:30:25 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL 2013-11-13 22:30:24 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll ====== C:\Windows\Sysnative\drivers ===== 2013-11-13 22:30:52 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2013-11-13 22:30:31 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2013-11-13 22:30:31 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2013-11-13 22:30:30 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2013-11-07 19:22:42 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2013-10-22 18:51:37 E73A7A04FDAC9DD46EE2A4257F09E91C 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys 2013-10-22 18:51:37 ACCEA6BC68D0C9A78EB97EE159028B4E 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys 2013-10-22 18:51:37 311C1DD1088E55BEAE15954D17F50646 52736 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2013-10-22 18:51:36 A83D0EC9AE4C31704442099D40BA2471 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys 2013-10-22 18:51:36 9406D801042FAF859CF81B2C886413DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys 2013-10-22 18:51:36 861C197502A5057E68F0AC75D9EFCDD7 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys 2013-10-22 18:51:36 280E90CBF4B2DDD169F0728CB44D726F 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2013-10-21 19:19:16 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys 2013-10-21 19:19:16 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-11-11 15:47:52 -------- d-----w- C:\Program Files\trend micro 2013-10-24 17:28:35 -------- d-----w- C:\Program Files\Nuance ======= C:\PROGRA~2 ===== 2013-10-24 17:26:20 -------- d-----w- C:\PROGRA~2\COMMON~1\ScanSoft Shared 2013-10-22 20:03:13 -------- d-----w- C:\PROGRA~2\Browny02 2013-10-22 20:03:04 -------- d-----w- C:\PROGRA~2\ControlCenter4 2013-10-22 20:02:40 -------- d-----w- C:\PROGRA~2\Brother 2013-10-22 19:17:04 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\eigenaar\AppData\Roaming ====== 2013-11-07 17:27:35 -------- d-----w- C:\Users\eigenaar\AppData\Local\FileViewPro 2013-11-07 17:27:29 -------- d-----w- C:\Users\eigenaar\AppData\Roaming\IsolatedStorage 2013-11-07 17:24:06 -------- d-----w- C:\Users\eigenaar\AppData\Local\Programs 2013-10-22 20:23:58 -------- d-----w- C:\Users\eigenaar\AppData\Roaming\ControlCenter4 2013-10-22 19:20:37 -------- d-----w- C:\Users\eigenaar\AppData\Local\Apps ====== C:\Users\eigenaar ====== 2013-11-07 19:21:54 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\eigenaar\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-07 17:27:29 -------- d-----w- C:\ProgramData\IsolatedStorage 2013-11-07 17:22:03 65295BFEAC7F8D27FC637C6F2E03DCFB 2388400 ----a-w- C:\Users\eigenaar\Downloads\FileViewPro_2013.exe 2013-11-06 20:03:51 5F3D2EB5C6CB581C892734BA197BD8D3 4178040 ----a-w- C:\Users\eigenaar\Downloads\ccsetup326.exe 2013-11-06 19:27:06 79B2816DF722E273961E09BFBAC0A90C 1303552 ----a-w- C:\Users\eigenaar\Downloads\ZiggoWifiSpots.exe 2013-11-01 19:25:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2013-10-24 17:27:50 -------- d-----w- C:\ProgramData\zeon 2013-10-24 17:27:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12 2013-10-22 20:09:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother 2013-10-22 20:03:13 -------- d-----w- C:\ProgramData\ControlCenter4 2013-10-22 19:16:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ====== C: exe-files == 2013-11-15 15:33:32 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LPX2CMB\RSITx64.exe 2013-11-13 23:10:33 9F1D74E792DADA30809FCA64F705C042 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-11-13 23:10:33 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 23:10:33 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-11-13 23:10:30 D7D5768B8A697FCBAEE2CFE137070F02 770736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2013-11-13 23:10:30 39D0074C59F6D1A62731942C7FA8B60B 775344 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-11-13 22:30:30 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\System32\lsass.exe 2013-11-11 15:47:53 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\eigenaar.exe === C: other files == 2013-11-13 22:30:52 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-11-13 22:30:31 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2013-11-13 22:30:31 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-11-13 22:30:30 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\System32\drivers\cng.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1759461233-1512547366-3970981607-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe /c" "EmbMachineComms.exe"="C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe" "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"="C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "Adobe Photo Downloader"="C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" "avast"="C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun" "BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN" "IndexSearch"="C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" "PaperPort PTD"="C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" "PPort12reminder"="C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe -r C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" "PDFHook"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" "PDF5 Registry Controller"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe /c" "EmbMachineComms.exe"="C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe" "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" ==== Startup Folders ====================== 2011-04-14 19:44:45 1053 ----a-w- C:\Users\eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-10-22 20:27:51 2719 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother BPPO.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08-10-2013 19:47] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18-05-2010 14:11] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18-05-2010 14:11] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759461233-1512547366-3970981607-1000Core.job --a------ C:D?C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759461233-1512547366-3970981607-1000UA.job --a------ C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [18-10-2010 10:22] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\0" [c:\program files (x86)\internet explorer\iexplore.exe] "C:\Windows\SysNative\tasks\5009" [wscript.exe C:\Users\eigenaar\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1759461233-1512547366-3970981607-1000Core" [C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1759461233-1512547366-3970981607-1000UA" [C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Start Registry Reviver" [C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{DE456AD9-E711-4DE1-BCE3-EEF10F75CD87}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{46512339-EE89-4B6E-BD61-E39F8C6B7B19}" [C:\Users\eigenaar\Desktop\frui\flstudio608_install.exe] "C:\Windows\SysNative\tasks\{4BB9EC91-6CAB-4CC7-8675-EC2EE1636508}" [C:\Program Files (x86)\Nitro PDF\Professional\NitroPDF.exe] "C:\Windows\SysNative\tasks\{508CFF7E-7CDF-400C-BF0B-A135171E5D5D}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [20-09-2013 10:03] ==== Firefox Extensions ====================== ExtDir: C:\Users\eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi ==== Firefox Plugins ====================== ==== Deleted Firefox Extensions ====================== C:\Users\eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\trtv3@trtv.com.xpi deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bicnnkjibmphdeigoodpjlcklcnaobdj - C:\Program Files (x86)\TornTV.com\torntv10.crx[] jplinpmadfkdgipabgcdchbdikologlh - C:\Program Files (x86)\1ClickDownload\1click12.crx[] ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\eigenaar\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\eigenaar\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[] 1Click Downloader - eigenaar - Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh Plus-HD-2.2 - eigenaar - Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo BittorrentBar_NL - eigenaar - Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn Google Wallet - eigenaar - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chrome Fix ====================== C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jplinpmadfkdgipabgcdchbdikologlh_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jplinpmadfkdgipabgcdchbdikologlh_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfakeonomonapccoamcmdgpoaicnpnoo_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kfakeonomonapccoamcmdgpoaicnpnoo_0 deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" "Search Bar"="Bing" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://dutch.toggle.com/nl/index.php?rvs=google" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="http://dutch.toggle.com/nl/index.php?rvs=google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{EEE6C360-6118-11DC-9C72-001320C79847}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="Bing" "Start Page"="Google" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="Bing" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="Bing" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing?}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" {D36A7629-633E-4E42-A787-5BE185EFA07D} Google Url="{searchTerms} - Google zoeken" ==== Reset Google Chrome ====================== C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Pieter\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VY6OM7N2 will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\eigenaar\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VY6OM7N2" not found ==== EOF on za 16-11-2013 at 11:05:21,33 ======================

Logfile of random's system information tool 1.09 (written by random/random) Run by eigenaar at 2013-11-15 16:34:49 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 20 GB (13%) free of 150 GB Total RAM: 4095 MB (69% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:34:52, on 15-11-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16736) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Brother\BPRSP\resources\BrSupSsp.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\trend micro\eigenaar.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://dutch.toggle.com/nl/index.php?rvs=google R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun O4 - HKLM\..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [EmbMachineComms.exe] C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Brother BPPO.lnk = ? O8 - Extra context menu item: Openen in PDF Viewer Plus - res://C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SecretZone Assist Service (SZASSIST) - Clarus, Inc. - C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13192 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup atieclxx C:\Windows\system32\svchost.exe -k NetworkService "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe" "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" "taskhost.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe" "C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\SysWOW64\IoctlSvc.exe C:\Windows\Explorer.EXE "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2772 "C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe" "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "C:\Brother\BPRSP\resources\BrSupSsp.exe" "C:\Program Files\Windows Media Player\wmpnetwk.exe" "C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe" "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" "C:\Users\eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" -BootProc "C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe" C:\Windows\system32\SearchIndexer.exe /Embedding -BootProc "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files (x86)\Browny02\BrYNSvc.exe" C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c0f353a1-cb18-4b0d-aba1-91485c88842b -SystemEventPortName:HostProcess-08016b70-354c-4bb5-a99d-725433ac28b1 -IoCancelEventPortName:HostProcess-3a36b7bb-ec3f-4fde-93cb-2bf4154393c3 -NonStateChangingEventPortName:HostProcess-84d4ea56-03e5-4f14-9ab3-f7c98454a61a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4d1f0c75-e53c-4100-9ce7-40bbd79177d0 -DeviceGroupId:WpdFsGroup C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} C:\Windows\system32\svchost.exe -k SDRSVC "C:\Program Files (x86)\Windows Live\Mail\wlmail.exe" "C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding "C:\Program Files\Internet Explorer\iexplore.exe" Windows 7 malware virus "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5568 CREDAT:267521 /prefetch:2 C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe -Embedding "C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LPX2CMB\RSITx64.exe" "C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LPX2CMB\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759461233-1512547366-3970981607-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759461233-1512547366-3970981607-1000UA.job C:\Windows\tasks\WinMaximizer-eigenaar-Startup.job C:\Windows\tasks\WinMaximizer64-eigenaar-Startup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}] avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2013-08-30 245592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-10 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}] PlusIEEventHelper Class - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06 249856] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-08-30 201784] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-10 194640] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2013-08-30 245592] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-10 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-08-30 201784] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-10 194640] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Users\eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 136176] "EmbMachineComms.exe"=C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe [2010-10-26 100352] "ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2009-05-05 222496] "TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2013-03-22 248208] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-02 98304] "HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10 49208] "Adobe Photo Downloader"=C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-10 67488] "avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2013-08-30 4858968] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "ControlCenter4"=C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [2012-09-06 143360] "BrStsMon00"=C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2012-06-06 3076096] "IndexSearch"=C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [2010-03-08 46368] "PaperPort PTD"=C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [2010-03-08 29984] "PPort12reminder"=C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [2010-02-09 328992] "PDFHook"=C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [2010-03-05 636192] "PDF5 Registry Controller"=C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [2010-03-05 62752] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Brother BPPO.lnk - C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe C:\Users\eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv "MSVideo8"=VfWWDM32.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-11-14 00:10:35 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-11-14 00:10:35 ----A---- C:\Windows\system32\ieui.dll 2013-11-14 00:10:34 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-11-14 00:10:34 ----A---- C:\Windows\system32\iesetup.dll 2013-11-14 00:10:34 ----A---- C:\Windows\system32\iernonce.dll 2013-11-14 00:10:33 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-11-14 00:10:33 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-11-14 00:10:33 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-11-14 00:10:33 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-14 00:10:33 ----A---- C:\Windows\system32\ie4uinit.exe 2013-11-14 00:10:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-11-14 00:10:32 ----A---- C:\Windows\system32\iesysprep.dll 2013-11-14 00:10:31 ----A---- C:\Windows\system32\iertutil.dll 2013-11-14 00:10:30 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-11-14 00:10:30 ----A---- C:\Windows\system32\msfeeds.dll 2013-11-14 00:10:29 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-11-14 00:10:29 ----A---- C:\Windows\system32\jscript.dll 2013-11-14 00:10:28 ----A---- C:\Windows\system32\jscript9.dll 2013-11-14 00:10:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-11-14 00:10:27 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-11-14 00:10:26 ----A---- C:\Windows\system32\urlmon.dll 2013-11-14 00:10:25 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-11-14 00:10:25 ----A---- C:\Windows\system32\jsproxy.dll 2013-11-14 00:10:24 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-11-14 00:10:24 ----A---- C:\Windows\system32\wininet.dll 2013-11-14 00:10:22 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-11-14 00:10:21 ----A---- C:\Windows\system32\ieframe.dll 2013-11-14 00:10:20 ----A---- C:\Windows\system32\mshtml.dll 2013-11-14 00:10:17 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-11-13 23:30:52 ----A---- C:\Windows\system32\drivers\afd.sys 2013-11-13 23:30:46 ----A---- C:\Windows\system32\crypt32.dll 2013-11-13 23:30:45 ----A---- C:\Windows\SYSWOW64\crypt32.dll 2013-11-13 23:30:38 ----A---- C:\Windows\SYSWOW64\authui.dll 2013-11-13 23:30:38 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-13 23:30:38 ----A---- C:\Windows\system32\credui.dll 2013-11-13 23:30:38 ----A---- C:\Windows\system32\authui.dll 2013-11-13 23:30:37 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll 2013-11-13 23:30:37 ----A---- C:\Windows\SYSWOW64\credui.dll 2013-11-13 23:30:31 ----A---- C:\Windows\SYSWOW64\schannel.dll 2013-11-13 23:30:31 ----A---- C:\Windows\system32\schannel.dll 2013-11-13 23:30:31 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2013-11-13 23:30:31 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2013-11-13 23:30:30 ----A---- C:\Windows\SYSWOW64\sspicli.dll 2013-11-13 23:30:30 ----A---- C:\Windows\SYSWOW64\secur32.dll 2013-11-13 23:30:30 ----A---- C:\Windows\SYSWOW64\ncrypt.dll 2013-11-13 23:30:30 ----A---- C:\Windows\system32\sspisrv.dll 2013-11-13 23:30:30 ----A---- C:\Windows\system32\sspicli.dll 2013-11-13 23:30:30 ----A---- C:\Windows\system32\secur32.dll 2013-11-13 23:30:30 ----A---- C:\Windows\system32\ncrypt.dll 2013-11-13 23:30:30 ----A---- C:\Windows\system32\lsass.exe 2013-11-13 23:30:30 ----A---- C:\Windows\system32\lsasrv.dll 2013-11-13 23:30:30 ----A---- C:\Windows\system32\drivers\cng.sys 2013-11-13 23:30:28 ----A---- C:\Windows\SYSWOW64\gdi32.dll 2013-11-13 23:30:28 ----A---- C:\Windows\system32\gdi32.dll 2013-11-13 23:30:26 ----A---- C:\Windows\system32\IKEEXT.DLL 2013-11-13 23:30:25 ----A---- C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 23:30:24 ----A---- C:\Windows\SYSWOW64\nshwfp.dll 2013-11-13 23:30:24 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL 2013-11-13 23:30:24 ----A---- C:\Windows\system32\nshwfp.dll 2013-11-11 16:47:52 ----D---- C:\Program Files\trend micro 2013-11-11 16:47:49 ----D---- C:\rsit 2013-11-07 20:22:48 ----D---- C:\Users\eigenaar\AppData\Roaming\Malwarebytes 2013-11-07 20:22:44 ----D---- C:\ProgramData\Malwarebytes 2013-11-07 20:22:42 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-07 20:22:42 ----A---- C:\Windows\system32\drivers\mbam.sys 2013-11-07 18:27:29 ----D---- C:\Users\eigenaar\AppData\Roaming\IsolatedStorage 2013-11-07 18:27:29 ----D---- C:\ProgramData\IsolatedStorage 2013-11-07 18:26:08 ----D---- C:\Users\eigenaar\AppData\Roaming\Solvusoft 2013-11-07 18:23:05 ----D---- C:\Spacekace 2013-11-06 21:05:17 ----D---- C:\Program Files\CCleaner 2013-10-24 18:28:35 ----D---- C:\Program Files\Nuance 2013-10-24 18:27:50 ----D---- C:\ProgramData\zeon 2013-10-22 21:23:58 ----D---- C:\Users\eigenaar\AppData\Roaming\ControlCenter4 2013-10-22 21:03:18 ----D---- C:\Brother 2013-10-22 21:03:13 ----D---- C:\ProgramData\ControlCenter4 2013-10-22 21:03:13 ----D---- C:\Program Files (x86)\Browny02 2013-10-22 21:03:04 ----D---- C:\Program Files (x86)\ControlCenter4 2013-10-22 21:03:04 ----A---- C:\Windows\Brfaxrx.ini 2013-10-22 21:02:43 ----N---- C:\Windows\SYSWOW64\BrDctF2L.dll 2013-10-22 21:02:40 ----N---- C:\Windows\SYSWOW64\BrDctF2S.dll 2013-10-22 21:02:40 ----N---- C:\Windows\SYSWOW64\BrDctF2.dll 2013-10-22 21:02:40 ----D---- C:\Program Files (x86)\Brother 2013-10-22 20:52:38 ----D---- C:\bro 2013-10-22 20:17:08 ----D---- C:\ProgramData\Oracle 2013-10-22 20:16:58 ----A---- C:\Windows\SYSWOW64\javaws.exe 2013-10-22 20:16:52 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll 2013-10-22 20:16:52 ----A---- C:\Windows\SYSWOW64\javaw.exe 2013-10-22 20:16:52 ----A---- C:\Windows\SYSWOW64\java.exe 2013-10-22 19:51:37 ----A---- C:\Windows\system32\drivers\usbport.sys 2013-10-22 19:51:37 ----A---- C:\Windows\system32\drivers\usbehci.sys 2013-10-22 19:51:37 ----A---- C:\Windows\system32\drivers\usbccgp.sys 2013-10-22 19:51:36 ----A---- C:\Windows\system32\drivers\usbuhci.sys 2013-10-22 19:51:36 ----A---- C:\Windows\system32\drivers\usbohci.sys 2013-10-22 19:51:36 ----A---- C:\Windows\system32\drivers\usbhub.sys 2013-10-22 19:51:36 ----A---- C:\Windows\system32\drivers\usbd.sys 2013-10-21 20:19:19 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2013-10-21 20:19:19 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2013-10-21 20:19:19 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll 2013-10-21 20:19:16 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys 2013-10-21 20:19:16 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys 2013-10-21 20:19:11 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll 2013-10-21 20:19:11 ----A---- C:\Windows\SYSWOW64\tsgqec.dll 2013-10-21 20:19:11 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll 2013-10-21 20:19:11 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll 2013-10-21 20:19:11 ----A---- C:\Windows\SYSWOW64\aaclient.dll 2013-10-21 20:19:11 ----A---- C:\Windows\system32\wksprtPS.dll 2013-10-21 20:19:11 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll 2013-10-21 20:19:11 ----A---- C:\Windows\system32\tsgqec.dll 2013-10-21 20:19:10 ----A---- C:\Windows\SYSWOW64\mstsc.exe 2013-10-21 20:19:10 ----A---- C:\Windows\system32\wksprt.exe 2013-10-21 20:19:10 ----A---- C:\Windows\system32\TSWbPrxy.exe 2013-10-21 20:19:10 ----A---- C:\Windows\system32\rdpudd.dll 2013-10-21 20:19:10 ----A---- C:\Windows\system32\rdpendp_winip.dll 2013-10-21 20:19:10 ----A---- C:\Windows\system32\MsRdpWebAccess.dll 2013-10-21 20:19:10 ----A---- C:\Windows\system32\aaclient.dll 2013-10-21 20:19:09 ----A---- C:\Windows\SYSWOW64\mstscax.dll 2013-10-21 20:19:09 ----A---- C:\Windows\system32\rdpcorets.dll 2013-10-21 20:19:09 ----A---- C:\Windows\system32\mstsc.exe 2013-10-21 20:19:08 ----A---- C:\Windows\system32\mstscax.dll 2013-10-21 20:18:02 ----A---- C:\Windows\SYSWOW64\qdvd.dll 2013-10-21 20:18:02 ----A---- C:\Windows\system32\qdvd.dll ======List of files/folders modified in the last 1 month====== 2013-11-15 16:34:52 ----D---- C:\Windows\Temp 2013-11-15 16:33:43 ----D---- C:\Windows\Prefetch 2013-11-15 12:18:56 ----D---- C:\Users\eigenaar\AppData\Roaming\Dropbox 2013-11-15 10:10:53 ----D---- C:\Windows\system32\config 2013-11-14 11:24:26 ----D---- C:\Windows\rescache 2013-11-14 10:12:34 ----D---- C:\Windows\winsxs 2013-11-14 10:12:15 ----D---- C:\Windows\Panther 2013-11-14 10:09:57 ----D---- C:\Program Files (x86)\Internet Explorer 2013-11-14 10:09:56 ----D---- C:\Windows\SysWOW64 2013-11-14 10:09:56 ----D---- C:\Windows\System32 2013-11-14 10:09:55 ----D---- C:\Program Files\Internet Explorer 2013-11-14 10:09:54 ----D---- C:\Windows\SYSWOW64\nl-NL 2013-11-14 10:09:53 ----D---- C:\Windows\system32\nl-NL 2013-11-14 10:09:53 ----D---- C:\Windows\system32\drivers 2013-11-14 00:10:51 ----D---- C:\Windows\system32\catroot2 2013-11-14 00:10:51 ----D---- C:\Windows\system32\catroot 2013-11-14 00:10:16 ----SHD---- C:\Windows\Installer 2013-11-14 00:10:15 ----HD---- C:\Config.Msi 2013-11-14 00:10:09 ----A---- C:\Windows\win.ini 2013-11-14 00:08:47 ----D---- C:\Windows\system32\MRT 2013-11-14 00:07:02 ----D---- C:\Windows\debug 2013-11-14 00:06:58 ----A---- C:\Windows\system32\MRT.exe 2013-11-14 00:06:16 ----SHD---- C:\System Volume Information 2013-11-11 16:47:52 ----RD---- C:\Program Files 2013-11-08 09:32:57 ----RD---- C:\Program Files (x86) 2013-11-07 20:35:14 ----D---- C:\Windows 2013-11-07 20:32:44 ----D---- C:\Windows\system32\Tasks 2013-11-07 20:32:41 ----D---- C:\Windows\Tasks 2013-11-07 20:22:44 ----HD---- C:\ProgramData 2013-11-07 19:21:51 ----D---- C:\Windows\inf 2013-11-07 14:11:49 ----A---- C:\Windows\Brpfx04a.ini 2013-11-06 23:07:57 ----D---- C:\Users\eigenaar\AppData\Roaming\DAEMON Tools Lite 2013-11-06 23:07:50 ----D---- C:\Windows\ModemLogs 2013-11-06 23:07:50 ----D---- C:\Windows\Minidump 2013-11-06 23:07:50 ----D---- C:\Windows\Logs 2013-10-27 22:29:44 ----D---- C:\Program Files (x86)\DealPly 2013-10-24 18:37:21 ----A---- C:\Windows\brpcfx.ini 2013-10-24 18:37:19 ----A---- C:\Windows\BRPARAM.INI 2013-10-24 18:35:14 ----D---- C:\Windows\system32\DriverStore 2013-10-24 18:28:00 ----D---- C:\ProgramData\Nuance 2013-10-24 18:27:49 ----D---- C:\Program Files (x86)\Nuance 2013-10-24 18:27:07 ----D---- C:\ProgramData\ScanSoft 2013-10-24 18:26:20 ----D---- C:\Program Files (x86)\Common Files 2013-10-24 18:18:25 ----SD---- C:\Users\eigenaar\AppData\Roaming\Microsoft 2013-10-24 16:23:55 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2013-10-22 21:33:01 ----D---- C:\Users\eigenaar\AppData\Roaming\PC-FAX TX 2013-10-22 20:16:52 ----D---- C:\Program Files (x86)\Java 2013-10-21 20:28:12 ----D---- C:\Windows\SYSWOW64\wbem 2013-10-21 20:28:12 ----D---- C:\Windows\system32\wbem 2013-10-21 20:28:12 ----D---- C:\Windows\system32\drivers\nl-NL 2013-10-21 20:28:12 ----D---- C:\Windows\PolicyDefinitions 2013-10-21 20:03:23 ----D---- C:\Program Files (x86)\BitTorrent 2013-10-21 20:03:22 ----D---- C:\Users\eigenaar\AppData\Roaming\BitTorrent 2013-10-19 17:21:54 ----D---- C:\Windows\system32\NDF ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-08-30 65336] R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-08-30 204880] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2012-03-30 52856] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-10-30 21136] R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-08-30 72016] R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-08-30 1030952] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-08-30 378944] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-08-30 64288] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-08-30 33400] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-08-30 80816] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-03 6366720] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-03 186880] R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736] R3 BrSerIb;Brother Serial Interface Driver(WDM); C:\Windows\system32\DRIVERS\BrSerIb.sys [2012-11-15 95344] R3 BrUsbSIb;Brother Serial USB Driver(WDM); C:\Windows\system32\DRIVERS\BrUsbSIb.sys [2012-11-15 21872] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192] R3 rt61x64;Linksys Wireless-G PCI Adapter Driver; C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys [2010-04-07 446304] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392] R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-03 6366720] S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984] S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784] S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960] S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384] S3 cpuz132;cpuz132; \??\C:\Users\eigenaar\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488] S3 mdf15;mdf15; \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mdf15.sys [2010-03-18 12288] S3 mvd21;mvd21; \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd21.sys [2010-06-14 64512] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456] S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720] S3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2013-02-22 160256] S3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288] S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 57856] S3 USB28xxBGA;USB 2861 Device; C:\Windows\system32\DRIVERS\emBDA64.sys [2011-03-06 683136] S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys [2011-03-06 1189504] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-03 202752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-08-30 46808] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864] R2 PDFProFiltSrvPP;PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-03-22 93072] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] R3 BrYNSvc;BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-06-05 266240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 135664] S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136] S2 SZASSIST;SecretZone Assist Service; C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-07-30 90112] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-03-30 654848] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 135664] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-10-03 194032] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF-----------------

vorige week hebben jullie me heel goed geholpen maar op mijn andere pc heb ik het zelfde probleem. ik krijg telkens ongewenste sites malware. moet ik nu het zelfde doen als vorige week?

Zoek.exe Version 4.0.0.5 Updated 09-November-2013 Tool run by hans on zo 10-11-2013 at 10:10:23,39. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\hans\AppData\Local\Temp\WzE8BAD.tmp\zoek.exe [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2013-11-10-090144.log 26049 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{17623E0E-0AC5-1C73-3CA6-4F42DEECCD50} deleted successfully HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1FE7D3B3-CC9F-E17F-CFFB-56A046C1375A} deleted successfully HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4A9CFE73-6D3B-4090-8B23-F4EDA59D4373} deleted successfully HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70BA3E6B-1059-2266-0B2C-40E4A85231B8} deleted successfully HKEY_USERS\S-1-5-21-981052268-148696840-1701591769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\winzipersvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winzipersvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\winzipersvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winzipersvc deleted successfully ==== FireFox Fix ====================== Deleted from C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js: Added to C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\prefs.js: Added to C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\extensions ---- Lines funmoods removed from user.js ---- user_pref("extensions.funmoods.hmpg", true); user_pref("extensions.funmoods.hmpgUrl", "http://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0D0FyC0EyCzztB0CtAyDtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=978201457"); user_pref("extensions.funmoods.dfltSrch", true); user_pref("extensions.funmoods.srchPrvdr", "Search"); user_pref("extensions.funmoods.dnsErr", true); user_pref("extensions.funmoods_i.newTab", true); user_pref("extensions.funmoods.newTabUrl", "http://start.funmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0D0FyC0EyCzztB0CtAyDtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=978201457"); user_pref("extensions.funmoods.tlbrSrchUrl", "http://start.funmoods.com/?f=3&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0D0FyC0EyCzztB0CtAyDtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=978201457&q="); user_pref("extensions.funmoods.id", "B870F4DF6E682C35"); user_pref("extensions.funmoods.instlDay", "15527"); user_pref("extensions.funmoods.vrsn", "1.5.23.22"); user_pref("extensions.funmoods.vrsni", "1.5.23.22"); user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:20:3"); user_pref("extensions.funmoods.prtnrId", "funmoods"); user_pref("extensions.funmoods.prdct", "funmoods"); user_pref("extensions.funmoods.aflt", "fmtgl"); user_pref("extensions.funmoods_i.smplGrp", "none"); user_pref("extensions.funmoods.tlbrId", "base"); user_pref("extensions.funmoods.instlRef", "fmtgl"); user_pref("extensions.funmoods.dfltLng", ""); user_pref("extensions.funmoods.excTlbr", false); user_pref("extensions.funmoods.autoRvrt", false); user_pref("extensions.funmoods.envrmnt", "production"); user_pref("extensions.funmoods.isdcmntcmplt", true); user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); ---- FireFox user.js and prefs.js backups ---- user_10-11-2013_1019_.backup prefs_10-11-2013_1019_.backup ProfilePath: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default ---- Lines funmoods removed from user.js ---- user_pref("extensions.funmoods.hmpg", true); user_pref("extensions.funmoods.hmpgUrl", "http://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0D0FyC0EyCzztB0CtAyDtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=978201457"); user_pref("extensions.funmoods.dfltSrch", true); user_pref("extensions.funmoods.srchPrvdr", "Search"); user_pref("extensions.funmoods.dnsErr", true); user_pref("extensions.funmoods_i.newTab", true); user_pref("extensions.funmoods.newTabUrl", "http://start.funmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0D0FyC0EyCzztB0CtAyDtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=978201457"); user_pref("extensions.funmoods.tlbrSrchUrl", "http://start.funmoods.com/?f=3&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0D0FyC0EyCzztB0CtAyDtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=978201457&q="); user_pref("extensions.funmoods.id", "B870F4DF6E682C35"); user_pref("extensions.funmoods.instlDay", "15527"); user_pref("extensions.funmoods.vrsn", "1.5.23.22"); user_pref("extensions.funmoods.vrsni", "1.5.23.22"); user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:20:3"); user_pref("extensions.funmoods.prtnrId", "funmoods"); user_pref("extensions.funmoods.prdct", "funmoods"); user_pref("extensions.funmoods.aflt", "fmtgl"); user_pref("extensions.funmoods_i.smplGrp", "none"); user_pref("extensions.funmoods.tlbrId", "base"); user_pref("extensions.funmoods.instlRef", "fmtgl"); user_pref("extensions.funmoods.dfltLng", ""); user_pref("extensions.funmoods.excTlbr", false); user_pref("extensions.funmoods.autoRvrt", false); user_pref("extensions.funmoods.envrmnt", "production"); user_pref("extensions.funmoods.isdcmntcmplt", true); user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "c4a02c350000000000004a59f90df354"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15985"); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.617:27:30"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta_i.babTrack", "affID=124798&tsp=5028"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.srcExt", "ss"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- FireFox user.js and prefs.js backups ---- user_10-11-2013_1019_.backup prefs_10-11-2013_1019_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Uninstall Information\ib_uninst_514 deleted C:\PROGRA~2\Uninstall Information\ib_uninst_515 deleted C:\PROGRA~2\Delta deleted C:\PROGRA~2\OApps deleted C:\PROGRA~2\Conduit deleted C:\Users\hans\AppData\Roaming\WinZipper deleted C:\Users\hans\AppData\Roaming\Funmoods deleted C:\Users\hans\AppData\Roaming\ExpressFiles deleted C:\Users\hans\AppData\Roaming\eIntaller deleted C:\Users\hans\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com deleted C:\Users\hans\AppData\Roaming\Media Finder deleted C:\Users\hans\AppData\Local\Ilivid Player deleted C:\Users\hans\AppData\Local\funmoods-speeddial.crx deleted C:\Users\hans\AppData\Local\CRE deleted C:\Users\hans\AppData\Local\Software deleted C:\Users\hans\AppData\Local\Conduit deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder deleted C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard deleted C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender deleted C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\hans\AppData\LocalLow\Search-NewTab deleted C:\Users\hans\AppData\LocalLow\appbario2 deleted C:\Users\hans\AppData\LocalLow\searchquband deleted C:\Users\hans\AppData\LocalLow\Delta deleted C:\Users\hans\AppData\LocalLow\DataMngr deleted C:\Users\hans\AppData\LocalLow\PriceGong deleted C:\Users\hans\AppData\LocalLow\Conduit deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\tasks\Funmoods deleted C:\windows\SysNative\tasks\Desk 365 RunAsStdUser deleted C:\windows\SysNative\Tasks\Express FilesUpdate deleted C:\windows\SysNative\Tasks\EPUpdater deleted C:\windows\SysNative\tasks\BitGuard deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\babylon.xml deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\bProtect.xml deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\search.xml deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\Search_Results.xml deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\WebSearch.xml deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\ffxtlbr@babylon.com deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\bProtector_extensions.sqlite deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\bProtector_prefs.js deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\jetpack deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\CT2849859 deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\CT3008653 deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\CT3227975 deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\ffxtlbr@funmoods.com deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\ffxtlbr@delta.com deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\conduitCommon deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\plugin@startsearcher.com deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\gadget@gadgetbox deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\bbrs_002@blabbers.com deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\OneClickDownload@OneClickDownload.com deleted "C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\delta.xml" deleted "C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\conduit.xml" deleted "C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\torntv2@torntv.com.xpi" deleted "C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\searchplugins\GadgetBox.xml" deleted "C:\PROGRA~2\WinZipper\7z.dll" deleted "C:\PROGRA~2\WinZipper\ebase.dll" deleted "C:\PROGRA~2\WinZipper\eshellctx64.dll" deleted "C:\PROGRA~2\WinZipper\libpng.dll" deleted "C:\PROGRA~2\WinZipper\ouilibnl.dll" deleted "C:\PROGRA~2\WinZipper\WinZipper.exe" deleted "C:\PROGRA~2\WinZipper" not deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "yayy5_a@qp-oyiha.edu"="C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\yayy5_a@qp-oyiha.edu" [17-03-2013 08:50] ==== Firefox Extensions ====================== ProfilePath: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default - Undetermined - C:\Users\hans\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com - Plus-HD-2.2 - %ProfilePath%\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com - Bcool - %ProfilePath%\extensions\4fe0f2def0911@4fe0f2def094b.info - Bcool - %ProfilePath%\extensions\5103ffa1c9600@5103ffa1c9639.com - Search-NewTab - %ProfilePath%\extensions\5103ffb489974@5103ffb4899ad.com - VideoFileDownload - Download YouTube Videos - %ProfilePath%\extensions\plugin@videofiledownload.com - BcoouL - %ProfilePath%\extensions\sbxabkpk@yoo-vvbcfb.edu - SeaRch-NeWTab - %ProfilePath%\extensions\yayy5_a@qp-oyiha.edu - BittorrentBar_NL Community Toolbar - %ProfilePath%\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591} - Translator 3.1 Community Toolbar - %ProfilePath%\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - DealPly Shopping - %ProfilePath%\extensions\{906000a4-88d9-4d52-b209-7a772970d91f} - GoPhotoIt - %ProfilePath%\extensions\gophoto@gophoto.it.xpi - Torntv 3 - %ProfilePath%\extensions\trtv3@trtv.com.xpi ==== Firefox Plugins ====================== ==== Deleted Firefox Extensions ====================== C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\4fe0f2def0911@4fe0f2def094b.info deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\5103ffa1c9600@5103ffa1c9639.com deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f} deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\trtv3@trtv.com.xpi deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\gophoto@gophoto.it.xpi deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\5103ffb489974@5103ffb4899ad.com deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\yayy5_a@qp-oyiha.edu deleted C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\xxxi386s.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bicnnkjibmphdeigoodpjlcklcnaobdj - C:\Program Files (x86)\TornTV.com\torntv10.crx[] clbfjfbnelcflpgpklppgplejolacbej - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx[] dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\hans\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[] jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[] jplinpmadfkdgipabgcdchbdikologlh - C:\Program Files (x86)\1ClickDownload\1click12.crx[] lcbdmcaecolegfghinimlklbainfakge - C:\ProgramData\Bcool\lcbdmcaecolegfghinimlklbainfakge.crx[19-06-2012 22:45] lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\hans\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[] nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[] ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\hans\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[] pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\hans\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[] ==== Chrome Fix ====================== C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.delta-search.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Backup.Old.Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT2849859" "Start Page Restore"="http://www.searchnu.com/406" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Start Page Redirect Cache"="http://www.startsearcher.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Start Page Redirect Cache"="http://www.startsearcher.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" "Backup.Old.Start Page"="http://www.google.com" "Start Page Restore"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {DB347609-BFF5-441A-BC2E-6B4DD755B2D5} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_nl" ==== Reset Google Chrome ====================== C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg E:\ha bureaublad\webs\07dbad0f_185339 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\07dbad0f_185339.jpg E:\ha bureaublad\webs\355135f4_524982 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\355135f4_524982.jpg E:\ha bureaublad\webs\51546bed_306142 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\51546bed_306142.jpg E:\ha bureaublad\webs\5de87d20_556116 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\5de87d20_556116.jpg E:\ha bureaublad\webs\6be0f094_120214 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6be0f094_120214.jpg E:\ha bureaublad\webs\6c54a6b1_138879 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\6c54a6b1_138879.jpg E:\ha bureaublad\webs\841063df_259538 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\841063df_259538.jpg E:\ha bureaublad\webs\9973f7d4_257604 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\9973f7d4_257604.jpg E:\ha bureaublad\webs\c975ec28_1249981 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\foto's maarten\c975ec28_1249981.jpg E:\ha bureaublad\webs\d5b07b37_25945974 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d5b07b37_25945974.bmp E:\ha bureaublad\webs\d7a8c9b5_456344 - Snelkoppeling.lnk - E:\ha mijn afbeeldingen\werkglas h\d7a8c9b5_456344.jpg ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X .lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AA1000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office-hulpprogramma's\Microsoft Office Access Snapshot Viewer.lnk - C:\Windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Base.lnk - C:\Program Files (x86)\OpenOffice 4\program\sbase.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Calc.lnk - C:\Program Files (x86)\OpenOffice 4\program\scalc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Draw.lnk - C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Impress.lnk - C:\Program Files (x86)\OpenOffice 4\program\simpress.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Math.lnk - C:\Program Files (x86)\OpenOffice 4\program\smath.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Writer.lnk - C:\Program Files (x86)\OpenOffice 4\program\swriter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe QVO6 C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk - C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE /recycle C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Excel 2003.lnk - C:\Windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2003.lnk - C:\Windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint Shop Pro 7.lnk - C:\Windows\Installer\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}\psp7.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Excel 2003.lnk - C:\Windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2003.lnk - C:\Windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WinZipper application.lnk - C:\Program Files (x86)\WinZipper\WinZipper.exe ==== shortcuts After Repair ====================== C:\Users\hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0DBED70A-F43C-B2C4-79B7-514BD953EFB5} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{34F521A7-2CD5-0B32-4504-31C64B05EE89} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{617DD7C5-7FA3-B51A-6731-BB87BC15F0EC} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7C366C02-4577-90A0-3602-26AE83354560} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B516E6E6-D295-84BF-BF6A-AD5F7AF84A36} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D44A5975-47CD-3D5E-E4BB-E1E831DCF094} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\hans\AppData\Local\Mozilla\Firefox\Profiles\xxxi386s.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\hans\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\WinZipper" not found ==== EOF on zo 10-11-2013 at 10:24:24,47 ======================

Logfile of random's system information tool 1.09 (written by random/random) Run by hans at 2013-11-08 15:30:35 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 153 GB (65%) free of 234 GB Total RAM: 3948 MB (54% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:30:37, on 8-11-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16720) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Packard Bell\Software Suite\PBSoftSuite.exe C:\Program Files (x86)\Packard Bell\Software Suite\pbDevDetect.exe C:\Users\hans\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe C:\Program Files\trend micro\hans.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - (no file) R3 - URLSearchHook: (no name) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file) O2 - BHO: BHO_PROJECT - {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - (no file) O2 - BHO: BHO_PROJECT - {82EA3E77-7BD2-4744-A8F2-670770767EC5} - (no file) O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: appbario2 - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - (no file) O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: (no name) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - (no file) O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Packard Bell Software Suite] "C:\Program Files (x86)\Packard Bell\Software Suite\PBSoftSuite.exe" /run O4 - HKCU\..\Run: [software Suite] "C:\Program Files (x86)\Packard Bell\Software Suite\PBSoftSuite.exe" /RUN O4 - HKCU\..\Run: [speedUpMyComputer] C:\Program Files (x86)\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Startup: Dropbox.lnk = hans\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - C:\Users\hans\AppData\Local\Temp\f5tmp\f5InspectionHost.cab O16 - DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} (Mail Migration) - https://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1697859283 O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - C:\Users\hans\AppData\Local\Temp\f5tmp\f5syschk.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://glaswerkcentrum.glaspact.com/admin/uploadCenter/XUpload.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: bitguard\261694~1.246\{c16c1~1\bitguard.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BitGuard - Unknown owner - BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Program Files (x86)\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files (x86)\WinZipper\winzipersvc.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11913 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "C:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup "C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe" C:\Windows\system32\svchost.exe -k NetworkService "C:\Program Files (x86)\WinZipper\winzipersvc.exe" taskeng.exe {378F78C1-F626-4FD5-9975-0E60065EC610} C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files\Acer\Acer Updater\UpdaterService.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" "C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe" "C:\Program Files (x86)\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe" "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 1316 "taskhost.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "C:\Windows\system32\Dwm.exe" C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding C:\Windows\Explorer.EXE "C:\Windows\System32\hkcmd.exe" C:\Windows\system32\igfxsrvc.exe -Embedding "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Elantech\ETDCtrl.exe" "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 "C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Program Files (x86)\Packard Bell\Software Suite\PBSoftSuite.exe" /RUN C:\Windows\system32\igfxext.exe -Embedding C:\Windows\system32\wbem\unsecapp.exe -Embedding C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files\Elantech\ETDCtrlHelper.exe" "C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\Packard Bell\Software Suite\pbDevDetect.exe" "C:\Users\hans\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k "C:\Dolby PCEE4\pcee4.exe" -autostart "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" "C:\Program Files\Microsoft Security Client\NisSrv.exe" "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files\Windows Media Player\wmpnetwk.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\Windows Live\Mail\wlmail.exe" "C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://www.pc-helpforum.be/f167/hallo-ik-heb-last-van-veel-65986-new/" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3756.0.1834098716\611735177" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,18,24,26 --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2418 --ignored=" --type=renderer " /prefetch:822062411 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_18/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --channel="3756.1.1913600814\1014471787" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_18/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3756.2.165507546\1046812566" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3756.3.275229193\1879580722" --ppapi-flash-args --lang=nl --ignored=" --type=renderer " /prefetch:-632637702 "C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe" C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} "E:\ha downloads\RSITx64 (3).exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\Torntv 2-codedownloader.job C:\Windows\tasks\Torntv 2-enabler.job C:\Windows\tasks\Torntv 2-updater.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82EA3E77-7BD2-4744-A8F2-670770767EC5}] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdf97ee2-ded0-4369-835e-99dd08225fa5}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] !{2318C2B1-4965-11d4-9B18-009027A5CD4F} {ae07101b-46d4-4a98-af68-0333ea26e113} [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] !{2318C2B1-4965-11d4-9B18-009027A5CD4F} {98889811-442D-49dd-99D7-DC866BE87DBC} {cdf97ee2-ded0-4369-835e-99dd08225fa5} {ae07101b-46d4-4a98-af68-0333ea26e113} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-21 392472] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-21 416024] "IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [] "ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2011-04-05 2589992] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-03-28 11786344] "RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-03-21 2207848] "Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528] "MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-08-12 1356240] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Packard Bell Software Suite"=C:\Program Files (x86)\Packard Bell\Software Suite\PBSoftSuite.exe [2009-10-01 3144736] "Software Suite"=C:\Program Files (x86)\Packard Bell\Software Suite\PBSoftSuite.exe [2009-10-01 3144736] "SpeedUpMyComputer"=C:\Program Files (x86)\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.exe [2013-01-10 2054776] "ccleaner"=C:\Program Files\CCleaner\CCleaner64.exe [2010-11-24 3390264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\Windows\system32\igfxtray.exe [2011-06-21 167704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Finder] C:\Program Files (x86)\Media Finder\Media Finder.exe /opentotray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] C:\Users\hans\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] C:\Users\hans\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-04-02 340848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^hans^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] C:\Users\hans\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-05-25 27776968] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2011-03-29 408432] "EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2011-03-29 202608] "BackupManagerTray"=C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2012-01-05 296984] "Dolby Advanced Audio v2"=C:\Dolby PCEE4\pcee4.exe [2011-02-03 506712] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [] C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\hans\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-06-10 389632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-11-08 14:06:00 ----D---- C:\rsit 2013-11-08 14:06:00 ----D---- C:\Program Files\trend micro 2013-11-02 15:32:52 ----A---- C:\Windows\system32\drivers\usbuhci.sys 2013-11-02 15:32:52 ----A---- C:\Windows\system32\drivers\usbport.sys 2013-11-02 15:32:52 ----A---- C:\Windows\system32\drivers\usbhub.sys 2013-11-02 15:32:52 ----A---- C:\Windows\system32\drivers\usbehci.sys 2013-11-02 15:32:52 ----A---- C:\Windows\system32\drivers\usbd.sys 2013-11-02 15:32:52 ----A---- C:\Windows\system32\drivers\usbccgp.sys 2013-11-02 15:32:51 ----A---- C:\Windows\system32\drivers\usbohci.sys 2013-10-19 19:13:28 ----RD---- C:\Users\hans\AppData\Roaming\Brother 2013-10-19 15:56:10 ----D---- C:\Program Files (x86)\Adobe 2013-10-16 16:58:56 ----D---- C:\Program Files (x86)\GUM117B.tmp 2013-10-16 16:58:56 ----A---- C:\Program Files (x86)\GUT117C.tmp 2013-10-10 21:08:19 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-10-10 21:08:19 ----A---- C:\Windows\system32\ieui.dll 2013-10-10 21:08:18 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-10-10 21:08:18 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-10-10 21:08:18 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-10-10 21:08:18 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-10-10 21:08:18 ----A---- C:\Windows\system32\iesetup.dll 2013-10-10 21:08:18 ----A---- C:\Windows\system32\iernonce.dll 2013-10-10 21:08:18 ----A---- C:\Windows\system32\ie4uinit.exe 2013-10-10 21:08:17 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-10-10 21:08:17 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-10 21:08:17 ----A---- C:\Windows\system32\iesysprep.dll 2013-10-10 21:08:17 ----A---- C:\Windows\system32\iertutil.dll 2013-10-10 21:08:16 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-10-10 21:08:15 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-10-10 21:08:15 ----A---- C:\Windows\system32\msfeeds.dll 2013-10-10 21:08:15 ----A---- C:\Windows\system32\jscript.dll 2013-10-10 21:08:14 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-10-10 21:08:14 ----A---- C:\Windows\system32\jscript9.dll 2013-10-10 21:08:13 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-10-10 21:08:12 ----A---- C:\Windows\system32\urlmon.dll 2013-10-10 21:08:11 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-10-10 21:08:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-10-10 21:08:11 ----A---- C:\Windows\system32\jsproxy.dll 2013-10-10 21:08:10 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-10-10 21:08:10 ----A---- C:\Windows\system32\wininet.dll 2013-10-10 21:08:09 ----A---- C:\Windows\system32\ieframe.dll 2013-10-10 21:08:08 ----A---- C:\Windows\system32\mshtml.dll 2013-10-10 21:08:06 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-10-10 20:18:25 ----A---- C:\Windows\system32\comctl32.dll 2013-10-10 20:18:24 ----A---- C:\Windows\SYSWOW64\comctl32.dll 2013-10-10 20:18:23 ----A---- C:\Windows\SYSWOW64\lpk.dll 2013-10-10 20:18:23 ----A---- C:\Windows\SYSWOW64\fontsub.dll 2013-10-10 20:18:23 ----A---- C:\Windows\SYSWOW64\dciman32.dll 2013-10-10 20:18:23 ----A---- C:\Windows\SYSWOW64\atmlib.dll 2013-10-10 20:18:23 ----A---- C:\Windows\SYSWOW64\atmfd.dll 2013-10-10 20:18:23 ----A---- C:\Windows\system32\lpk.dll 2013-10-10 20:18:23 ----A---- C:\Windows\system32\fontsub.dll 2013-10-10 20:18:23 ----A---- C:\Windows\system32\drivers\Wdf01000.sys 2013-10-10 20:18:23 ----A---- C:\Windows\system32\dciman32.dll 2013-10-10 20:18:23 ----A---- C:\Windows\system32\atmlib.dll 2013-10-10 20:18:23 ----A---- C:\Windows\system32\atmfd.dll 2013-10-10 20:17:58 ----A---- C:\Windows\system32\drivers\usbvideo.sys 2013-10-10 20:17:58 ----A---- C:\Windows\system32\drivers\usbcir.sys 2013-10-10 20:17:58 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys 2013-10-10 20:17:57 ----A---- C:\Windows\system32\drivers\usbscan.sys 2013-10-10 20:17:57 ----A---- C:\Windows\system32\drivers\hidparse.sys 2013-10-10 20:17:57 ----A---- C:\Windows\system32\drivers\hidclass.sys 2013-10-10 20:17:55 ----A---- C:\Windows\SYSWOW64\WebClnt.dll 2013-10-10 20:17:55 ----A---- C:\Windows\SYSWOW64\davclnt.dll 2013-10-10 20:17:55 ----A---- C:\Windows\system32\WebClnt.dll 2013-10-10 20:17:55 ----A---- C:\Windows\system32\drivers\mrxdav.sys 2013-10-10 20:17:55 ----A---- C:\Windows\system32\davclnt.dll 2013-10-10 20:17:53 ----A---- C:\Windows\system32\mswsock.dll 2013-10-10 20:17:53 ----A---- C:\Windows\system32\drivers\tcpip.sys 2013-10-10 20:17:53 ----A---- C:\Windows\system32\drivers\afd.sys 2013-10-10 20:17:52 ----A---- C:\Windows\SYSWOW64\mswsock.dll 2013-10-10 20:17:52 ----A---- C:\Windows\system32\win32k.sys 2013-10-10 20:17:49 ----A---- C:\Windows\system32\ntoskrnl.exe 2013-10-10 20:17:48 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2013-10-10 20:17:48 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2013-10-10 20:17:47 ----A---- C:\Windows\system32\tdh.dll 2013-10-10 20:17:47 ----A---- C:\Windows\system32\ntdll.dll 2013-10-10 20:17:47 ----A---- C:\Windows\system32\advapi32.dll 2013-10-10 20:17:46 ----A---- C:\Windows\SYSWOW64\tdh.dll 2013-10-10 20:17:46 ----A---- C:\Windows\SYSWOW64\ntdll.dll 2013-10-10 20:17:46 ----A---- C:\Windows\SYSWOW64\advapi32.dll 2013-10-10 20:17:46 ----A---- C:\Windows\system32\wow64.dll 2013-10-10 20:17:45 ----A---- C:\Windows\SYSWOW64\wow32.dll 2013-10-10 20:17:45 ----A---- C:\Windows\SYSWOW64\user.exe 2013-10-10 20:17:45 ----A---- C:\Windows\SYSWOW64\setup16.exe 2013-10-10 20:17:45 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2013-10-10 20:17:45 ----A---- C:\Windows\SYSWOW64\instnm.exe 2013-10-10 20:17:40 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 20:17:40 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 20:17:40 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys 2013-10-10 20:17:39 ----A---- C:\Windows\system32\scavengeui.dll ======List of files/folders modified in the last 1 month====== 2013-11-08 15:28:41 ----D---- C:\Windows\Temp 2013-11-08 14:06:00 ----D---- C:\Program Files 2013-11-08 14:05:01 ----D---- C:\Windows 2013-11-08 14:01:48 ----D---- C:\Windows\system32\config 2013-11-08 13:47:49 ----D---- C:\Program Files (x86)\WinZipper 2013-11-08 13:45:56 ----D---- C:\Users\hans\AppData\Roaming\Dropbox 2013-11-08 13:43:23 ----D---- C:\Windows\System32 2013-11-08 13:43:23 ----D---- C:\Windows\inf 2013-11-08 13:43:23 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-11-08 13:41:03 ----A---- C:\Windows\SYSWOW64\log.txt 2013-11-06 20:15:49 ----D---- C:\Windows\system32\NDF 2013-11-06 20:05:35 ----D---- C:\Windows\system32\catroot2 2013-11-06 11:00:43 ----D---- C:\Windows\Prefetch 2013-11-06 11:00:40 ----SHD---- C:\System Volume Information 2013-11-02 15:43:31 ----D---- C:\Windows\winsxs 2013-11-02 15:41:51 ----D---- C:\Windows\system32\DriverStore 2013-11-02 15:41:51 ----D---- C:\Windows\system32\drivers 2013-11-02 15:31:55 ----D---- C:\Windows\system32\catroot 2013-11-02 14:46:30 ----SHD---- C:\Windows\Installer 2013-11-02 14:46:30 ----SHD---- C:\Config.Msi 2013-11-02 13:37:01 ----D---- C:\Windows\SysWOW64 2013-10-20 15:28:59 ----D---- C:\ProgramData\DSearchLink 2013-10-19 15:56:15 ----D---- C:\ProgramData\Adobe 2013-10-19 15:56:10 ----D---- C:\Program Files (x86) 2013-10-16 04:58:27 ----D---- C:\Program Files\Microsoft Security Client 2013-10-16 04:58:26 ----D---- C:\Program Files (x86)\Microsoft Security Client 2013-10-13 14:22:33 ----D---- C:\Windows\rescache 2013-10-13 14:04:18 ----RSD---- C:\Windows\assembly 2013-10-13 14:04:18 ----D---- C:\Windows\Microsoft.NET 2013-10-13 07:36:33 ----D---- C:\Windows\debug 2013-10-13 07:32:28 ----D---- C:\Program Files (x86)\Internet Explorer 2013-10-13 07:32:27 ----D---- C:\Program Files\Internet Explorer 2013-10-13 07:32:24 ----D---- C:\Windows\AppPatch 2013-10-10 21:09:54 ----A---- C:\Windows\win.ini 2013-10-10 21:07:03 ----D---- C:\Program Files\Microsoft Silverlight 2013-10-10 21:07:03 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2013-10-10 21:02:49 ----D---- C:\Windows\system32\MRT 2013-10-10 21:01:02 ----A---- C:\Windows\system32\MRT.exe 2013-10-10 20:57:49 ----D---- C:\Windows\system32\nl-NL 2013-10-10 20:49:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-04-26 557848] R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 247216] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-22 22648] R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-22 20520] R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-22 62776] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 139616] R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-11-09 2377216] R3 b57xdbd;Broadcom xD Picture Bus Driver Service; C:\Windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624] R3 b57xdmp;Broadcom xD Picture vstorp client drv; C:\Windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496] R3 bScsiMSa;bScsiMSa; C:\Windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240] R3 bScsiSDa;bScsiSDa; C:\Windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056] R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2011-04-05 142632] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-10 12230912] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-03-29 2819560] R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432] R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 BrSerIb;Brother Serial Interface Driver(WDM); C:\Windows\system32\DRIVERS\BrSerIb.sys [2012-11-15 95344] S3 BrUsbSIb;Brother Serial USB Driver(WDM); C:\Windows\system32\DRIVERS\BrUsbSIb.sys [2012-11-15 21872] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] S3 USB28xxBGA;USB 2861 Device; C:\Windows\system32\DRIVERS\emBDA64.sys [2011-03-06 683136] S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys [2011-03-06 1189504] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-03 65640] R2 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424] R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592] R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2011-02-01 326168] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-08-12 23808] R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536] R2 PowerSave;PowerSave Service; C:\Program Files (x86)\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [2009-04-06 1002016] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] R2 winzipersvc;WinZiper service; C:\Program Files (x86)\WinZipper\winzipersvc.exe [2013-07-22 424104] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-08-12 366600] S2 BitGuard;BitGuard; BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10 116648] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10 257416] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-09-06 655624] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10 116648] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] -----------------EOF-----------------

Ik heb last van veel ongewenste reclame min virus scanner en mal ware scanner vinden niets. Ook komt er soms een vreemde zoekmachine in plaats van google.