Sara blocq
-
Items
3 -
Registratiedatum
-
Laatst bezocht
Sara blocq's prestaties
-
explorer.exe - ongeldige installatiekopie
Sara blocq reageerde op Sara blocq's topic in Archief Bestrijding malware & virussen
Ik heb elke dag al geprobeerd om zoek.exe openen te krijgen (ook met uitvoeren als administrator) maar het wil maar niet openen. De vorige keer was het ook pas na vele keren proberen gelukt. -
explorer.exe - ongeldige installatiekopie
Sara blocq reageerde op Sara blocq's topic in Archief Bestrijding malware & virussen
Hartelijk bedankt alleszins voor je hulp. Hier is het gevraagde logje: Zoek.exe Version 4.0.0.5 Updated 09-October-2013 Tool run by Sara on vr 11/10/2013 at 15:56:29,67. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Sara\Downloads\zoek\zoek.exe [script inserted] ==== System Restore Info ====================== 11/10/2013 15:58:34 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BDE9F0B-2749-461F-B2E9-3F8D242B712C} deleted successfully HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{79C3AC89-42AB-475C-904A-0DBE14C0FD3D} deleted successfully HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsysSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WsysSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsysSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BitGuard deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BitGuard deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command] @="C:\\Users\\Sara\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Deleting Files \ Folders ====================== "C:\ProgramData\RMIRdBeVr1vxa0" deleted "C:\ProgramData\~RMIRdBeVr1vxa0" deleted "C:\ProgramData\~RMIRdBeVr1vxa0r" deleted "C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx" deleted "C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\bprotector web data" deleted "C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted "C:\Windows\System32\Tasks\DealPly" deleted "C:\Windows\System32\Tasks\DealPlyUpdate" deleted "C:\Users\Sara\Downloads\FreeYouTubeToMP3Converter.exe" deleted "C:\Users\Sara\Downloads\SoftonicDownloader_voor_free-youtube-download.exe" deleted "C:\Windows\system32\Tasks\EPUpdater" deleted "C:\Windows\system32\tasks\BitGuard" deleted "C:\user.js" deleted "C:\END" deleted "C:\Windows\system32\roboot.exe" deleted "C:\Windows\System32\sho81D3.tmp" deleted "C:\Windows\System32\shoCB82.tmp" deleted "C:\Windows\System32\shoCC57.tmp" deleted "C:\Windows\System32\shoF810.tmp" deleted "C:\Users\Sara\AppData\Roaming\Delta" deleted "C:\Windows\system32\appdata" deleted "C:\Program Files\Softonic_English" deleted "C:\Program Files\Delta" deleted "C:\Program Files\Common Files\DVDVideoSoft\bin" deleted "C:\Program Files\DealPly" deleted "C:\Program Files\LyricsMonkey" deleted "C:\Program Files\XingHaoLyrics" deleted "C:\Program Files\WhiteSmoke_New_V6" deleted "C:\Program Files\Conduit" deleted "C:\Program Files\searchgol" deleted "C:\Users\Sara\AppData\Roaming\BabSolution" deleted "C:\Users\Sara\AppData\Roaming\Babylon" deleted "C:\Users\Sara\AppData\Roaming\DealPly" deleted "C:\Users\Sara\AppData\Roaming\Delta" deleted "C:\Users\Sara\AppData\Roaming\searchgol" deleted "C:\Users\Sara\AppData\Roaming\PerformerSoft" deleted "C:\Users\Sara\AppData\Roaming\OpenCandy" deleted "C:\Windows\system32\config\systemprofile\AppData\Roaming\DealPly" deleted "C:\ProgramData\BitGuard" deleted "C:\ProgramData\eSafe" deleted "C:\ProgramData\IBUpdaterService" deleted "C:\ProgramData\Babylon" deleted "C:\Users\Sara\AppData\Local\CRE" deleted "C:\Users\Sara\AppData\Local\Conduit" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly" deleted "C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard" deleted "C:\Users\Sara\AppData\LocalLow\Delta" deleted "C:\Users\Sara\AppData\LocalLow\PriceGong" deleted "C:\Users\Sara\AppData\LocalLow\Conduit" deleted "C:\Users\Sara\AppData\LocalLow\Toolbar4" deleted "C:\Windows\System32\searchplugins" deleted "C:\Windows\System32\Extensions" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Sara\AppData\Local\Temp ==== 2013-10-09 13:27:06 6A0F411CA91A97A709B98E114F4052D5 76344 ----a-w- C:\Users\Sara\AppData\Local\Temp\ct3311268\statisticsStub.exe 2013-10-09 13:26:15 4AE5F34AB33261FEB8B94F5FFC8E8F19 73543 ----a-w- C:\Users\Sara\AppData\Local\Temp\ct3311268\ctbe.exe 2013-10-09 13:26:04 8DE01B810296E6F5C49033C7F96CCE27 152096 ----a-w- C:\Users\Sara\AppData\Local\Temp\setup__3862.exe 2013-10-09 13:04:20 B212865E7E478A28A97268F960079A8D 132096 ----a-w- C:\Users\Sara\AppData\Local\Temp\4E333A09-BAB0-7891-9549-E553E3897DD3\Latest\BExternal.dll 2013-10-09 13:04:20 A21DE5067618D4F2DF261416315ED120 6144 ----a-w- C:\Users\Sara\AppData\Local\Temp\4E333A09-BAB0-7891-9549-E553E3897DD3\Latest\IEHelper.dll 2013-10-09 13:04:20 0F66E8E2340569FB17E774DAC2010E31 520234 ----a-w- C:\Users\Sara\AppData\Local\Temp\4E333A09-BAB0-7891-9549-E553E3897DD3\Latest\sqlite3.dll 2013-10-09 13:04:14 B4F54911FD477012FDABF5EF7EFAA945 1706064 ----a-w- C:\Users\Sara\AppData\Local\Temp\eIntaller\A138368873E14767B1BB7C49138202F1\eGdpSvc.exe 2013-10-09 13:04:14 0B428B42B615A357666D3F5131878D62 629816 ----a-w- C:\Users\Sara\AppData\Local\Temp\eIntaller\A138368873E14767B1BB7C49138202F1\eXQ.exe 2013-10-09 13:03:54 663C0061B5141CBFA401E578C36F129C 12612850 ----a-w- C:\Users\Sara\AppData\Local\Temp\is1244477948\345683676_Setup.EXE 2013-10-03 14:22:12 F8F24C37A1E930ECADB7736C69F3E7F4 488016 ------w- C:\Users\Sara\AppData\Local\Temp\is1244477948\cor_ar_qvo6.exe 2013-09-29 16:29:18 4B5B56BBC4D472D52C03C7DC6C33026D 734576 ------w- C:\Users\Sara\AppData\Local\Temp\is1244477948\SearchGol.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2013-09-15 15:10:22 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys ====== C:\Windows\Tasks ====== 2013-10-11 13:57:01 5E6236C7A74AB2E2FDBFDABFED28772F 2936 ----a-w- C:\Windows\system32\Tasks\{5029B598-40F2-45F7-8088-E5F27E072144} 2013-10-11 13:55:55 5E6236C7A74AB2E2FDBFDABFED28772F 2936 ----a-w- C:\Windows\system32\Tasks\{6B28D7A1-647A-4EB9-A5DE-F03C66F4A762} 2013-10-11 13:25:13 96A1DD0BD82AC72456635F119FC336B3 3080 ----a-w- C:\Windows\system32\Tasks\{8A7D41B4-95F3-4DA8-8B57-1098AD8964C9} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-10-09 13:25:47 -------- d-----w- C:\Program Files\Common Files\DVDVideoSoft 2013-10-09 13:25:46 -------- d-----w- C:\Program Files\DVDVideoSoft ======= C: ===== ====== C:\Users\Sara\AppData\Roaming ====== 2013-10-09 13:26:54 -------- d-----w- C:\Users\Sara\AppData\Locallow\WhiteSmoke_New_V6 2013-10-09 13:25:46 -------- d-----w- C:\Users\Sara\AppData\Roaming\DVDVideoSoft 2013-10-09 13:18:49 -------- d-----w- C:\Users\Sara\AppData\Local\Programs ====== C:\Users\Sara ====== 2013-10-09 13:26:53 -------- d-----w- C:\ProgramData\Conduit 2013-10-09 13:26:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2013-10-09 12:59:59 6B16010C9C28A444D56E6E9358FF94EC 640864 ----a-w- C:\Users\Sara\Downloads\FreeYouTubeDownloaderInstallerIC.exe ====== C: exe-files == 2013-10-10 15:48:32 EB8EEB98D01B5D31898D8E53C3789832 59784 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdateBroker.exe 2013-10-10 15:48:32 CEFEBDB9E274BD90C12D131ED25CC819 59784 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe 2013-10-10 15:48:32 4AFFF5FE4E69C8E7C5F1E4F3511301CF 818968 ----a-w- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdateSetup.exe 2013-10-10 15:48:23 0DC0DE2966A6DBA4CFBF6639DF44F5BA 319880 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler64.exe 2013-10-10 15:48:22 CF7B0E597C1F34E528285495721DEEE9 237960 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe 2013-10-10 15:48:22 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdate.exe 2013-10-10 15:48:18 4AFFF5FE4E69C8E7C5F1E4F3511301CF 818968 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.165\GoogleUpdateSetup.exe 2013-10-10 00:34:53 4B78E9AE06F7C310E30EE2FA5B7EBC3C 1721296 ----a-w- C:\Program Files\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe 2013-10-10 00:34:46 BB4F6465EEB9ACAA5C60C36983740219 310352 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarUser_32_4814EB429669E41D.exe 2013-10-10 00:34:42 B9D8842FF3EDAC918039C6F62F322E9A 1073232 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe 2013-10-10 00:33:45 A30351F539D71D6199BD2295CC234E96 531424 ----a-w- C:\Program Files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.4601.54\GoogleToolbarInstaller_updater_signed.exe 2013-10-09 14:41:21 09CC23CC2BAEF187A065108D0388DEA0 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-20367086-7761515-2426169248-1000\$IZN40WD.exe 2013-10-09 13:41:40 77CD01759537E0B7D0745BE451E5890D 2651192 ----a-w- C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe 2013-10-09 13:40:43 E1B93ECBC9C0CB0575DDFE1EDD0C9838 1176256 ----a-w- C:\Program Files\DVDVideoSoft\unins001.exe 2013-10-09 13:27:06 6A0F411CA91A97A709B98E114F4052D5 76344 ----a-w- C:\Users\Sara\AppData\Local\Temp\ct3311268\statisticsStub.exe 2013-10-09 13:26:15 4AE5F34AB33261FEB8B94F5FFC8E8F19 73543 ----a-w- C:\Users\Sara\AppData\Local\Temp\ct3311268\ctbe.exe 2013-10-09 13:26:11 E1C9FE18705AFBED727733D5C271579A 2527288 ----a-w- C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe 2013-10-09 13:26:09 703FA3A7A7720CCF080DA114319E3EAE 6468376 ----a-w- C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe 2013-10-09 13:26:04 8DE01B810296E6F5C49033C7F96CCE27 152096 ----a-w- C:\Users\Sara\AppData\Local\Temp\setup__3862.exe 2013-10-09 13:25:59 F330AEEF34F027B875352BC48D5BD187 285240 ----a-w- C:\Program Files\Common Files\DVDVideoSoft\lib\ffmpeg.exe 2013-10-09 13:25:55 933308ACF5D8BC83308616C30EEBBBBA 243256 ----a-w- C:\Program Files\Common Files\DVDVideoSoft\lib\dvsservice.exe 2013-10-09 13:25:48 25E4395BCCF00E46D7F9D447F99A1781 305320 ----a-w- C:\Program Files\Common Files\DVDVideoSoft\lib\Uninstall.exe 2013-10-09 13:25:46 9F00B8BBAB6C44AB29037D711DCC417B 1176240 ----a-w- C:\Program Files\DVDVideoSoft\unins000.exe 2013-10-09 13:15:13 DB276D074E0C2080C3F69862AE7D5F91 27378952 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-20367086-7761515-2426169248-1000\$RZN40WD.exe 2013-10-09 13:04:14 B4F54911FD477012FDABF5EF7EFAA945 1706064 ----a-w- C:\Users\Sara\AppData\Local\Temp\eIntaller\A138368873E14767B1BB7C49138202F1\eGdpSvc.exe 2013-10-09 13:04:14 0B428B42B615A357666D3F5131878D62 629816 ----a-w- C:\Users\Sara\AppData\Local\Temp\eIntaller\A138368873E14767B1BB7C49138202F1\eXQ.exe 2013-10-09 13:03:54 663C0061B5141CBFA401E578C36F129C 12612850 ----a-w- C:\Users\Sara\AppData\Local\Temp\is1244477948\345683676_Setup.EXE 2013-10-09 12:59:59 6B16010C9C28A444D56E6E9358FF94EC 640864 ----a-w- C:\Users\Sara\Downloads\FreeYouTubeDownloaderInstallerIC.exe === C: other files == 2013-10-11 13:52:03 9F5A5CB71AC30F5DC0E1BA73167BE4C1 156 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys 2013-10-09 13:04:14 2D0E258C08354FA84E5CB5D312B8E83F 416279 ----a-w- C:\Users\Sara\AppData\Local\Temp\eIntaller\A138368873E14767B1BB7C49138202F1\newtab.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON SX410 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU C:\Windows\TEMP\E_SF8FE.tmp /EF HKCU" "Google Update"="C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" "LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe" "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "NBAgent"="C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe /WinStart" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON SX410 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU C:\Windows\TEMP\E_SF8FE.tmp /EF HKCU" "Google Update"="C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" ==== Startup Folders ====================== 2013-10-02 12:55:06 1051 ----a-w- C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2012-07-22 14:29:07 937 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/07/2011 17:32] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-20367086-7761515-2426169248-1000Core.job --ah----- C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe [03/11/2011 18:41] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-20367086-7761515-2426169248-1000Core" [C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-20367086-7761515-2426169248-1000UA" [C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\WSCStub.exe"] "C:\Windows\system32\tasks\Sara 08 02 13" [C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe] "C:\Windows\system32\tasks\Sara backup" [C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe] "C:\Windows\system32\tasks\Sara NBAgent 6 0" ["C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe"] "C:\Windows\system32\tasks\Sara Nero LIVEBackup 6 0" [C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe] "C:\Windows\system32\tasks\Sara Nero LIVEBackup Merge 6 0" ["C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe"] "C:\Windows\system32\tasks\{5029B598-40F2-45F7-8088-E5F27E072144}" [C:\Users\Sara\Downloads\zoek\zoek.exe] "C:\Windows\system32\tasks\{6B28D7A1-647A-4EB9-A5DE-F03C66F4A762}" [C:\Users\Sara\Downloads\zoek\zoek.exe] "C:\Windows\system32\tasks\Norton AntiVirus\Norton Error Analyzer" [C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\SymErr.exe] "C:\Windows\system32\tasks\Norton AntiVirus\Norton Error Processor" [C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\SymErr.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFF" [09/10/2013 19:52] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aipfmkinhleccnodemkoofnnofpbbpac - C:\Users\Sara\AppData\Roaming\BabSolution\CR\searchgol.crx[] eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\Sara\AppData\Roaming\BabSolution\CR\delta1.crx[] gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[] ibcgjcbeckcdemelifnledhihpaighfk - C:\Users\Sara\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx[] ifohbjbgfchkkfhphahclmkpgejiplfo - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx[] khialnikbocfgkohdegnebhmmaifoglp - C:\Program Files\LyricsMonkey\Chrome.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[] ibcgjcbeckcdemelifnledhihpaighfk - C:\Users\Sara\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx[] Search-Gol Toolbar - Sara - Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac YouTube - Sara - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Kotnet Login - Sara - Default\Extensions\cmbaobaaddnblbcnfjpmikfbdcpmncid Google Search - Sara - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - Sara - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom WhiteSmoke New V6 - Sara - Default\Extensions\ibcgjcbeckcdemelifnledhihpaighfk Select City - Sara - Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo Lyrics Monkey - Sara - Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp Chrome In-App Payments service - Sara - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Sara - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac deleted successfully C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aipfmkinhleccnodemkoofnnofpbbpac_0.localstorage deleted successfully C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcgjcbeckcdemelifnledhihpaighfk deleted successfully C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibcgjcbeckcdemelifnledhihpaighfk_0.localstorage deleted successfully C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibcgjcbeckcdemelifnledhihpaighfk_0.localstorage-journal deleted successfully C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ibcgjcbeckcdemelifnledhihpaighfk_0 deleted successfully C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo deleted successfully C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage deleted successfully C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{3BDE9F0B-2749-461F-B2E9-3F8D242B712C}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BDE9F0B-2749-461F-B2E9-3F8D242B712C}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {F9341B97-B18A-4EFD-B887-31AA9F3CF275} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox" ==== Reset Google Chrome ====================== C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lyricsmonkey@mendoni.net deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Mozilla\Firefox\Extensions\lyricsmonkey@mendoni.net deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Gast\Desktop\VNC Viewer 4.lnk - C:\Program Files\RealVNC\VNC4\vncviewer.exe C:\Users\Sara\Desktop\Dropbox.lnk - C:\Users\Sara\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Sara\Desktop\Free Sound Recorder.lnk - C:\Program Files\Free Sound Recorder\FreeSoundRecorder.exe C:\Users\Sara\Desktop\Microsoft Excel.lnk - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Users\Sara\Desktop\Microsoft Word.lnk - C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Users\Sara\Desktop\PIXresizer.lnk - C:\Program Files\PIXresizer\PIXresizer.exe C:\Users\Sara\Desktop\System Check.lnk - C:\ProgramData\RMIRdBeVr1vxa0.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Download Assistant.lnk - C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe C:\Users\Public\Desktop\Google SketchUp 8.lnk - C:\Program Files\Google\Google SketchUp 8\SketchUp.exe C:\Users\Public\Desktop\Nero BackItUp 11.lnk - C:\Users\Public\Desktop\Norton AntiVirus.lnk - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\uistub.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk - C:\Program Files\Atari\RollerCoaster Tycoon 3 Platinum\RCT3plus.exe C:\Users\Public\Desktop\µTorrent.lnk - ==== shortcuts in Users Start Menu ====================== C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6 C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6 C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Sara\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe QVO6 C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Sara\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free Studio Manager.lnk - C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk - C:\Program Files\Common Files\DVDVideoSoft\bin\DVSSysReport.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs.lnk - C:\Users\Sara\AppData\Roaming\DVDVideoSoft\DVDVideoSoft C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Rocket Subscription.lnk - C:\Program Files\Common Files\DVDVideoSoft\bin\SubscriptionOffer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files\Common Files\DVDVideoSoft\lib\Uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6 C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk - C:\ProgramData\RMIRdBeVr1vxa0.exe C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel.lnk - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office 2010 component.lnk - C:\Program Files\Microsoft Office\Office14\ACCICONS.EXE C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft OneNote.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft PowerPoint.lnk - C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word.lnk - C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\System32\mspaint.exe C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe QVO6 C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6 C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft PowerPoint 2010.lnk - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft PowerPoint 2010 9014006204130000" C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Verkenner.lnk - C:\Windows\explorer.exe ==== shortcuts After Repair ====================== C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aipfmkinhleccnodemkoofnnofpbbpac deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ibcgjcbeckcdemelifnledhihpaighfk deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\khialnikbocfgkohdegnebhmmaifoglp deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ibcgjcbeckcdemelifnledhihpaighfk deleted successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\IPS\IPSBHO.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKCU\..\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU "C:\Windows\TEMP\E_SF8FE.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Google Update] "C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Startup: Dropbox.lnk = Sara\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - MSN Games - Free Online Games O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Sara\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sara\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0R1QZA3 will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Sara\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0R1QZA3" not found ==== EOF on vr 11/10/2013 at 16:54:09,68 ====================== -
explorer.exe - ongeldige installatiekopie
Sara blocq plaatste een topic in Archief Bestrijding malware & virussen
Hallo, Ik heb hetzelfde probleem als Riekje op 31 okt 2012. Ik krijg steeds de melding van een ongeldige installatiekopie van verschillende programma's. Ik heb dan ook dezelfde raad als Riekje opgevolgd en Hijack This gedownload en uitgevoerd. Het volgende bestand werd door Hijack This gegeven. Kunnen jullie mij helpen? Alvast bedankt, Sara Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 16:31:51, on 9/10/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16686) CHROME: 30.0.1599.69 Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\DllHost.exe C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe C:\Hijackthis\HijackThis.exe C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\msdt.exe C:\Windows\System32\sdiagnhost.exe C:\Windows\system32\conhost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll R3 - URLSearchHook: WhiteSmoke New V6 Toolbar - {da7f5ae1-3be3-43c0-8098-c1d183616e97} - C:\Program Files\WhiteSmoke_New_V6\prxtbWhit.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: FreeSoundRecorder - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\IPS\IPSBHO.DLL O2 - BHO: searchgol Helper Object - {8F547BDD-FCD4-48F8-A06F-573D6F404A3C} - C:\Program Files\searchgol\searchgol\1.8.16.19\bh\searchgol.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll O2 - BHO: WhiteSmoke New V6 - {da7f5ae1-3be3-43c0-8098-c1d183616e97} - C:\Program Files\WhiteSmoke_New_V6\prxtbWhit.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: searchgol Toolbar - {00078E95-3A4A-4137-8DE7-2824908D1C17} - C:\Program Files\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll O3 - Toolbar: WhiteSmoke New V6 Toolbar - {da7f5ae1-3be3-43c0-8098-c1d183616e97} - C:\Program Files\WhiteSmoke_New_V6\prxtbWhit.dll O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKCU\..\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU "C:\Windows\TEMP\E_SF8FE.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Google Update] "C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [ConduitFloatingPlugin_ibcgjcbeckcdemelifnledhihpaighfk] "C:\Windows\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3311268\plugins\TBVerifier.dll",RunConduitFloatingPlugin ibcgjcbeckcdemelifnledhihpaighfk O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Startup: Dropbox.lnk = Sara\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - MSN Games - Free Online Games O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: Wsys Service (WsysSvc) - Unknown owner - C:\ProgramData\eSafe\eGdpSvc.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12353 bytes
