n-iek

# AdwCleaner v3.018 - Report created 30/01/2014 at 15:24:30 # Updated 28/01/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Niek - J-A2814F047EE04 # Running from : C:\Documents and Settings\Niek\Bureaublad\adwcleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : BackupStack ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\DVDVideoSoftTB Folder Deleted : C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\torch Folder Deleted : C:\Documents and Settings\Niek\Local Settings\Application Data\DVDVideoSoftTB ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1 Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\conduitEngine Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\DVDVideoSoftTB Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\PriceGong Key Deleted : HKCU\Software\searchqutoolbar Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\conduitEngine Key Deleted : HKLM\Software\iLividSRTB Key Deleted : HKLM\Software\Myfree Codec Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\torch Key Deleted : HKLM\Software\V9Software Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v31.0.1650.63 [ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] [ File : C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted : homepage [ File : C:\Documents and Settings\Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : urls_to_restore_on_startup [ File : C:\Documents and Settings\Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] [ File : C:\Documents and Settings\Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [8946 octets] - [30/01/2014 15:22:44] AdwCleaner[s0].txt - [8378 octets] - [30/01/2014 15:24:30] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8438 octets] ##########

Zoek.exe v5.0.0.0 Updated 25-January-2014 Tool run by Niek on ma 27-01-2014 at 13:33:59,99. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Niek\Bureaublad\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-01-25-210441.log 49867 bytes C:\zoek-results2014-01-26-111204.log 16438 bytes ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx[19-01-2014 18:42] Google Wallet - Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Torch Helper - Christ & Jacqueline\Local Settings\Application Data\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg Bizzybolt - LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dgbjdgnkkchgleommaaapafcigjjbnmg Google Wallet - LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda AdBlock - Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Norton Identity Protection - Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda AdBlock - Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Norton Identity Protection - Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Norton Identity Protection - Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chrome Fix ====================== C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dgbjdgnkkchgleommaaapafcigjjbnmg deleted successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1353 folders=376 152039690 bytes) ==== EOF on ma 27-01-2014 at 13:36:23,26 ====================== - - - Updated - - - Bedankt, ik ondervind geen grote problemen meer. Alleen soms duurt het opstarten, nadat ik een gebruiker aangeklikt heb, wel erg lang.

Zoek.exe v5.0.0.0 Updated 25-January-2014 Tool run by Niek on zo 26-01-2014 at 11:57:14,79. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Niek\Bureaublad\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-01-25-210441.log 49867 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1417001333-436374069-839522115-1007\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\Niek\LOCALS~1\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== 2014-01-11 12:40:24 8128DD4852B101ABD9CFB2B93B7EEC0E 8194 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT.CAT 2014-01-11 12:40:22 A56FDE291912C739D5EDC705B4552D19 805 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT.INF 2014-01-11 12:40:21 E987A9CB539147527F56943BB34B7375 142936 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT.SYS ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-01-23 07:34:31 -------- d-----w- C:\Program Files\trend micro 2014-01-18 17:30:54 -------- d-----w- C:\Program Files\Belastingdienst 2014-01-10 17:07:44 -------- d-----w- C:\Program Files\Enigma Software Group 2014-01-10 17:06:58 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard ======= C: ===== ====== C:\Documents and Settings\Niek\Application Data ====== 2014-01-25 21:04:58 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\Apple Computer 2014-01-04 16:04:32 -------- d-----w- C:\Documents and Settings\Niek\Application Data\uTorrent 2014-01-02 12:15:00 -------- d-----w- C:\Documents and Settings\Marijn\Local Settings\Application Data\Apple ====== C:\Documents and Settings\Niek ====== 2014-01-23 14:16:01 -------- d-sh--w- C:\Documents and Settings\Marijn\PrivacIE 2014-01-01 16:23:45 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\AppData ====== C: exe-files == 2014-01-23 07:34:32 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Niek.exe 2014-01-22 16:12:12 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Niek\Mijn documenten\Downloads\RSIT.exe 2014-01-22 16:11:53 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Documents and Settings\Niek\Mijn documenten\Downloads\RSITx64.exe === C: other files == 2014-01-26 10:54:29 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Documents and Settings\Niek\Local Settings\Temp\scripttest.vbs ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-21-1417001333-436374069-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msseces" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SigmatelSysTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="stsystra" "hkey"="HKLM" "command"="stsystra.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpotifyWebHelper" "hkey"="HKCU" "command"="\"C:\\Documents and Settings\\Luc\\Application Data\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\HP Digital Imaging Monitor.lnk" "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Windows Search.lnk" "backup"="C:\\WINDOWS\\pss\\Windows Search.lnkCommon Startup" "command"="C:\\PROGRA~1\\WI459E~1\\WINDOW~1.EXE /startup" "item"="Windows Search" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task] C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cef5cd315af64e.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18-08-2011 17:21] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cef5cd31b58faa.job --a------ [undetermined Task] C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job --ah----- [undetermined Task] C:\WINDOWS\tasks\Norton Security Scan for Luc.job --ah----- C:\PROGRA1\NORTON2\Engine\4031.24\Nss.exe [] C:\WINDOWS\tasks\Norton Security Scan for Niek.job --ah----- C:\PROGRA1\NORTON2\Engine\4031.24\Nss.exe [] C:\WINDOWS\tasks\SymInstallStub.job --a------ C:\DOCUME1\Marijn\LOCALS1\Temp\Adobe\Shockwave 11\SymInstallStub.exe [] C:\WINDOWS\tasks\User_Feed_Synchronization-{2277C5F7-E9D9-4450-BD67-48054748DE38}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 03:31] C:\WINDOWS\tasks\User_Feed_Synchronization-{666F6ED9-7184-4005-A1B8-100FB998D539}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 03:31] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF" [11-01-2014 15:32] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx[19-01-2014 18:42] Google Wallet - Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Torch Helper - Christ & Jacqueline\Local Settings\Application Data\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg Bizzybolt - LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dgbjdgnkkchgleommaaapafcigjjbnmg Google Wallet - LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda AdBlock - Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Norton Identity Protection - Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda AdBlock - Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Norton Identity Protection - Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Norton Identity Protection - Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Empty IE Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Mijn documenten\J Monden\Marijn\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Mijn documenten\J Monden\Monden\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Mijn documenten\J Monden\Niek\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Mijn documenten\Mijn afbeeldingen\Marijn\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Mijn documenten\Mijn afbeeldingen\monden jacqueline\jacqueline\Local Settings\Temporary Internet Files\Content.ie5 emptied successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Luc\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Marijn\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\Niek\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Torch\User Data\Default\Cache emptied successfully C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1349 folders=374 152036020 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Administrator\Local Settings\Temp emptied successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Temp emptied successfully C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\Luc\Local Settings\Temp emptied successfully C:\Documents and Settings\Marijn\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully C:\Documents and Settings\Niek\Local Settings\Temp will be emptied at reboot C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\Niek\LOCALS~1\Temp successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\Niek\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on zo 26-01-2014 at 12:12:04,78 ======================

Zoek.exe v5.0.0.0 Updated 25-Januari-2014 Tool run by Niek on za 25-01-2014 at 21:38:53,46. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Niek\Bureaublad\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 25-1-2014 21:41:57 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\HAppY2Save deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\WinAVI deleted successfully C:\Documents and Settings\All Users\Menu Start\Programma's\Google Chrome deleted successfully C:\Documents and Settings\All Users\Application Data\Babylon deleted successfully C:\Documents and Settings\All Users\Application Data\HAppY2Save deleted successfully C:\Documents and Settings\All Users\Application Data\RandomPriCe deleted successfully C:\Documents and Settings\Christ & Jacqueline\Application Data\searchquband deleted successfully C:\Documents and Settings\Christ & Jacqueline\Application Data\searchresultstb deleted successfully C:\Documents and Settings\Christ & Jacqueline\Application Data\Systweak deleted successfully C:\Documents and Settings\LocalService\Application Data\Apple Computer deleted successfully C:\Documents and Settings\Luc\Application Data\searchquband deleted successfully C:\Documents and Settings\Luc\Application Data\Systweak deleted successfully C:\Documents and Settings\Niek\Application Data\searchquband deleted successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\PackageAware deleted successfully C:\Documents and Settings\Luc\Local Settings\Application Data\WMTools Downloaded Files deleted successfully C:\Documents and Settings\Niek\Local Settings\Application Data\WMTools Downloaded Files deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1417001333-436374069-839522115-1007\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-1417001333-436374069-839522115-1007\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-1417001333-436374069-839522115-1007\Software\Microsoft\Internet Explorer\SearchScopes\{9952ED44-DEEF-41AF-B1C8-F1155F4A683B} deleted successfully HKEY_USERS\S-1-5-21-1417001333-436374069-839522115-1007\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_USERS\S-1-5-21-1417001333-436374069-839522115-1007\Software\Microsoft\Internet Explorer\SearchScopes\{A3CEFD38-123D-47A5-BD88-1E48F386BB9A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Wpm deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Wpm deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command] @="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command] @="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Deleting Files \ Folders ====================== C:\Program Files\HAppY2Save not found C:\Documents and Settings\All Users\Application Data\HAppY2Save not found C:\Documents and Settings\All Users\Application Data\ssafe saveu not found C:\Documents and Settings\All Users\Application Data\WPM deleted C:\Documents and Settings\All Users\Application Data\idahcddpimjelfnkmocefhnbpbgconbb deleted C:\Documents and Settings\All Users\Application Data\f3fe3c5ff77c86bd deleted C:\WINDOWS\system32\config\systemprofile\AppData\LocalLow\{789C928D-7FC6-430E-2DF1-4657B8780EA4} deleted C:\WINDOWS\system32\config\systemprofile\AppData\LocalLow\{8D96B347-ED29-309E-9803-D8021EB4F44C} deleted C:\Program Files\iLivid deleted C:\Program Files\MyFree Codec deleted C:\Program Files\ConduitEngine deleted C:\Program Files\Search Results Toolbar deleted C:\Program Files\Searchqu Toolbar deleted C:\extensions deleted C:\Documents and Settings\Christ & Jacqueline\Application Data\Softonic deleted C:\Documents and Settings\Christ & Jacqueline\Application Data\BabylonToolbar deleted C:\Documents and Settings\Christ & Jacqueline\Application Data\PriceGong deleted C:\Documents and Settings\Luc\Application Data\BabylonToolbar deleted C:\Documents and Settings\Luc\Application Data\searchqutoolbar deleted C:\Documents and Settings\Luc\Application Data\PriceGong deleted C:\Documents and Settings\Marijn\Application Data\Softonic deleted C:\Documents and Settings\Marijn\Application Data\Systweak deleted C:\Documents and Settings\Niek\Application Data\Softonic deleted C:\Documents and Settings\Niek\Application Data\BabylonToolbar deleted C:\Documents and Settings\Niek\Application Data\searchqutoolbar deleted C:\Documents and Settings\Niek\Application Data\Systweak deleted C:\Documents and Settings\Niek\Application Data\PriceGong deleted C:\Documents and Settings\All Users\Application Data\boost_interprocess deleted C:\Documents and Settings\All Users\Application Data\Wincert deleted C:\Documents and Settings\All Users\Application Data\ssafe saveu deleted C:\Documents and Settings\All Users\Application Data\InstallMate deleted C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Conduit deleted C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\ConduitEngine deleted C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect deleted C:\Documents and Settings\Luc\Local Settings\Application Data\uTorrentBar_NL deleted C:\Documents and Settings\Luc\Local Settings\Application Data\Conduit deleted C:\Documents and Settings\Luc\Local Settings\Application Data\ConduitEngine deleted C:\Documents and Settings\Marijn\Local Settings\Application Data\ConduitEngine deleted C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect deleted C:\Documents and Settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL deleted C:\Documents and Settings\Niek\Local Settings\Application Data\Ilivid Player deleted C:\Documents and Settings\Niek\Local Settings\Application Data\uTorrentBar_NL deleted C:\Documents and Settings\Niek\Local Settings\Application Data\Conduit deleted C:\Documents and Settings\Niek\Local Settings\Application Data\ConduitEngine deleted C:\Documents and Settings\All Users\Menu Start\Programma's\MyFree Codec deleted C:\Documents and Settings\All Users\Menu Start\Programma's\ssafe saveu deleted C:\WINDOWS\002707_.tmp deleted C:\WINDOWS\SET25.tmp deleted C:\WINDOWS\SET26.tmp deleted C:\WINDOWS\SET3.tmp deleted C:\WINDOWS\SET4.tmp deleted C:\WINDOWS\SET8.tmp deleted C:\END deleted C:\WINDOWS\system32\roboot.exe deleted C:\Documents and Settings\Niek\AppData\LocalLow\DataMngr deleted "C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCall.dll" deleted "C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla.dll" deleted "C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla17.dll" deleted "C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla18.exe" deleted "C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla19.dll" deleted "C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla2.dll" deleted "C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla20.dll" deleted "C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla22.dll" deleted "C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla22.exe" deleted "C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP\WiseData.ini" deleted "C:\Program Files\MyPC Backup\AWSSDK.dll" deleted "C:\Program Files\MyPC Backup\BackupStack.exe" deleted "C:\Program Files\MyPC Backup\MPCBClient.dll" deleted "C:\Program Files\MyPC Backup\Shared Stack.dll" deleted "C:\Program Files\MyPC Backup\AWSSDK.dll" deleted "C:\Program Files\MyPC Backup\BackupStack.exe" deleted "C:\Program Files\MyPC Backup\MPCBClient.dll" deleted "C:\Program Files\MyPC Backup\Shared Stack.dll" deleted "C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll" deleted "C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll" deleted "C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP" deleted "C:\Program Files\MyPC Backup" not deleted "C:\Documents and Settings\All Users\Application Data\WinFilter" deleted "C:\Program Files\MyPC Backup" not deleted "C:\Documents and Settings\All Users\Application Data\WinFilter" deleted "C:\Program Files\MyPC Backup\x86" not deleted "C:\Program Files\MyPC Backup\x86" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\Niek\LOCALS~1\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== 2014-01-11 12:40:24 8128DD4852B101ABD9CFB2B93B7EEC0E 8194 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT.CAT 2014-01-11 12:40:22 A56FDE291912C739D5EDC705B4552D19 805 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT.INF 2014-01-11 12:40:21 E987A9CB539147527F56943BB34B7375 142936 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT.SYS ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-01-23 07:34:31 -------- d-----w- C:\Program Files\trend micro 2014-01-18 17:30:54 -------- d-----w- C:\Program Files\Belastingdienst 2014-01-10 17:07:44 -------- d-----w- C:\Program Files\Enigma Software Group 2014-01-10 17:06:58 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard ======= C: ===== ====== C:\Documents and Settings\Niek\Application Data ====== 2014-01-04 16:04:32 -------- d-----w- C:\Documents and Settings\Niek\Application Data\uTorrent 2014-01-02 12:15:00 -------- d-----w- C:\Documents and Settings\Marijn\Local Settings\Application Data\Apple ====== C:\Documents and Settings\Niek ====== 2014-01-23 14:16:01 -------- d-sh--w- C:\Documents and Settings\Marijn\PrivacIE 2014-01-01 16:23:45 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\AppData ====== C: exe-files == 2014-01-25 18:26:34 56D33BC99FA81C2CD00D4C54F2DB223A 1282560 ----a-w- C:\RECYCLER\S-1-5-21-1417001333-436374069-839522115-1006\Dc23.exe 2014-01-23 07:34:32 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Niek.exe 2014-01-23 07:32:35 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\RECYCLER\S-1-5-21-1417001333-436374069-839522115-1007\Dc66.exe 2014-01-22 16:12:12 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Niek\Mijn documenten\Downloads\RSIT.exe 2014-01-22 16:11:53 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Documents and Settings\Niek\Mijn documenten\Downloads\RSITx64.exe === C: other files == 2014-01-25 18:27:27 5CC2F5A33A46D41DBAC9FC0A945AB6EB 436 ----a-w- C:\Documents and Settings\Luc\Local Settings\Temp\download8.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-21-1417001333-436374069-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msseces" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SigmatelSysTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="stsystra" "hkey"="HKLM" "command"="stsystra.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpotifyWebHelper" "hkey"="HKCU" "command"="\"C:\\Documents and Settings\\Luc\\Application Data\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleToolbarNotifier" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\HP Digital Imaging Monitor.lnk" "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Windows Search.lnk" "backup"="C:\\WINDOWS\\pss\\Windows Search.lnkCommon Startup" "command"="C:\\PROGRA~1\\WI459E~1\\WINDOW~1.EXE /startup" "item"="Windows Search" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11-12-2013 00:15] C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cef5cd315af64e.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18-08-2011 17:21] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cef5cd31b58faa.job --a------ [undetermined Task] C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job --ah----- C:\Program Files\Microsoft Security Client\MpCmdRun.exe [23-10-2013 15:01] C:\WINDOWS\tasks\Norton Security Scan for Luc.job --ah----- C:\PROGRA1\NORTON2\Engine\4031.24\Nss.exe [] C:\WINDOWS\tasks\Norton Security Scan for Niek.job --ah----- C:\PROGRA1\NORTON2\Engine\4031.24\Nss.exe [] C:\WINDOWS\tasks\SymInstallStub.job --a------ C:\DOCUME1\Marijn\LOCALS1\Temp\Adobe\Shockwave 11\SymInstallStub.exe [] C:\WINDOWS\tasks\User_Feed_Synchronization-{2277C5F7-E9D9-4450-BD67-48054748DE38}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 03:31] C:\WINDOWS\tasks\User_Feed_Synchronization-{666F6ED9-7184-4005-A1B8-100FB998D539}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 03:31] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF" [11-01-2014 15:32] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\DOCUME~1\Luc\LOCALS~1\Temp\crxDA.tmp[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx[09-12-2013 10:38] HAppY2Save - Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcmmbodimpflfimghollkpcphhbjdhdk Google Wallet - Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Ask Toolbar - Christ & Jacqueline\Local Settings\Application Data\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne Torch Helper - Christ & Jacqueline\Local Settings\Application Data\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg HAppY2Save - Christ & Jacqueline\Local Settings\Application Data\Torch\User Data\Default\Extensions\mcmmbodimpflfimghollkpcphhbjdhdk Bizzybolt - LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dgbjdgnkkchgleommaaapafcigjjbnmg Softonic Chrome Toolbar - LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf Google Wallet - LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda AdBlock - Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Norton Identity Protection - Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda AdBlock - Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Norton Identity Protection - Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Norton Identity Protection - Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chrome Fix ====================== C:\Documents and Settings\Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage deleted successfully C:\Documents and Settings\Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bing.conduit-services.com_0.localstorage deleted successfully C:\Documents and Settings\Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bing.conduit-services.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage deleted successfully C:\Documents and Settings\Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage deleted successfully C:\Documents and Settings\Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage deleted successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage deleted successfully C:\Documents and Settings\Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully C:\Documents and Settings\Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcmmbodimpflfimghollkpcphhbjdhdk deleted successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Torch\User Data\Default\Extensions\mcmmbodimpflfimghollkpcphhbjdhdk deleted successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mcmmbodimpflfimghollkpcphhbjdhdk_0.localstorage deleted successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mcmmbodimpflfimghollkpcphhbjdhdk_0.localstorage-journal deleted successfully C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf deleted successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0A1B3F5F-459F-422A-A4AB-F59C4769CDF6&SSPV=" "Default_Page_URL"="http://www.v9.com/?type=hp&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.v9.com/?type=hp&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07" "Default_Search_URL"="http://search.v9.com/web/?type=ds&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07&q={searchTerms}" "Search Page"="http://search.v9.com/web/?type=ds&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07&q={searchTerms}" "Start Page"="http://www.v9.com/?type=hp&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://search.v9.com/web/?type=ds&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07&q={searchTerms}" "CustomizeSearch"="http://search.v9.com/web/?type=ds&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1417001333-436374069-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully HKEY_USERS\S-1-5-21-1417001333-436374069-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\jqs@sun.com deleted successfully ==== shortcuts on Users Desktops ====================== C:\Documents and Settings\Luc\Bureaublad\Deze computer.lnk - C:\Documents and Settings\Luc\Bureaublad\Norton Installation Files.lnk - C:\Documents and Settings\All Users\Documenten\Norton\{NISADM-B201-4abb-B07C-C084B04B4F12} C:\Documents and Settings\Luc\Bureaublad\Snelkoppeling naar chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Luc\Bureaublad\Spotify.lnk - C:\Documents and Settings\Luc\Application Data\Spotify\spotify.exe C:\Documents and Settings\Luc\Bureaublad\µTorrent.lnk - C:\Documents and Settings\Luc\Bureaublad\Films\Nero Burning ROM 11.lnk - C:\WINDOWS\Installer\{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}\ScBurningROMStartM_7533AE23D677474387D2A66427FA7052.exe C:\Documents and Settings\Luc\Bureaublad\Films\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe C:\Documents and Settings\Luc\Bureaublad\Films\µTorrent.lnk - C:\Documents and Settings\Niek\Bureaublad\Deze computer.lnk - C:\Documents and Settings\Niek\Bureaublad\Internet.lnk - C:\Documents and Settings\Niek\Bureaublad\Mijn documenten.lnk - C:\Documents and Settings\Niek\Mijn documenten C:\Documents and Settings\Niek\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\Niek\Bureaublad\Spellen\The Battle for Middle-earth™ II.lnk - ==== shortcuts on All Users Desktop ====================== C:\Documents and Settings\All Users\Bureaublad\Google Earth.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe C:\Documents and Settings\All Users\Bureaublad\Norton Internet Security.LNK - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\uistub.exe C:\Documents and Settings\All Users\Bureaublad\Norton Security Scan.LNK - C:\Program Files\Norton Security Scan\Engine\4.0.3.24\Nss.exe C:\Documents and Settings\All Users\Bureaublad\Samsung Kies.lnk - C:\Program Files\Samsung\Kies\KiesAgent.exe ==== shortcuts in Users Start Menu ====================== C:\Documents and Settings\Default User\Menu Start\Programma's\Hulp op afstand.lnk - C:\WINDOWS\system32\rcimlby.exe -LaunchRA C:\Documents and Settings\Default User\Menu Start\Programma's\Bureau-accessoires\Kladblok.lnk - C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Default User\Menu Start\Programma's\Bureau-accessoires\Opdrachtprompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Documents and Settings\Default User\Menu Start\Programma's\Bureau-accessoires\Rondleiding door Windows XP.lnk - C:\WINDOWS\system32\tourstart.exe C:\Documents and Settings\Default User\Menu Start\Programma's\Bureau-accessoires\Synchroniseren.lnk - C:\WINDOWS\system32\mobsync.exe C:\Documents and Settings\Default User\Menu Start\Programma's\Bureau-accessoires\Windows Verkenner.lnk - C:\WINDOWS\explorer.exe C:\Documents and Settings\Default User\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Hulpprogrammabeheer.lnk - C:\WINDOWS\system32\utilman.exe /start C:\Documents and Settings\Default User\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Schermtoetsenbord.lnk - C:\WINDOWS\system32\osk.exe C:\Documents and Settings\Default User\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Vergrootglas.lnk - C:\WINDOWS\system32\magnify.exe C:\Documents and Settings\Luc\Menu Start\µTorrent.lnk - C:\Documents and Settings\Luc\Menu Start\Programma's\Hulp op afstand.lnk - C:\WINDOWS\system32\rcimlby.exe -LaunchRA C:\Documents and Settings\Luc\Menu Start\Programma's\Bureau-accessoires\Opdrachtprompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Documents and Settings\Luc\Menu Start\Programma's\Bureau-accessoires\Rondleiding door Windows XP.lnk - C:\WINDOWS\system32\tourstart.exe C:\Documents and Settings\Luc\Menu Start\Programma's\Bureau-accessoires\Synchroniseren.lnk - C:\WINDOWS\system32\mobsync.exe C:\Documents and Settings\Luc\Menu Start\Programma's\Bureau-accessoires\Windows Verkenner.lnk - C:\WINDOWS\explorer.exe C:\Documents and Settings\Luc\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Hulpprogrammabeheer.lnk - C:\WINDOWS\system32\utilman.exe /start C:\Documents and Settings\Luc\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Schermtoetsenbord.lnk - C:\WINDOWS\system32\osk.exe C:\Documents and Settings\Luc\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Vergrootglas.lnk - C:\WINDOWS\system32\magnify.exe C:\Documents and Settings\Marijn\Menu Start\µTorrent.lnk - C:\Documents and Settings\Marijn\Menu Start\Programma's\Hulp op afstand.lnk - C:\WINDOWS\system32\rcimlby.exe -LaunchRA C:\Documents and Settings\Marijn\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Marijn\Menu Start\Programma's\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Marijn\Menu Start\Programma's\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\Documents and Settings\Marijn\Menu Start\Programma's\Bureau-accessoires\Adresboek.lnk - C:\Program Files\Outlook Express\wab.exe C:\Documents and Settings\Marijn\Menu Start\Programma's\Bureau-accessoires\Kladblok.lnk - C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Marijn\Menu Start\Programma's\Bureau-accessoires\Opdrachtprompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Documents and Settings\Marijn\Menu Start\Programma's\Bureau-accessoires\Rondleiding door Windows XP.lnk - C:\WINDOWS\system32\tourstart.exe C:\Documents and Settings\Marijn\Menu Start\Programma's\Bureau-accessoires\Synchroniseren.lnk - C:\WINDOWS\system32\mobsync.exe C:\Documents and Settings\Marijn\Menu Start\Programma's\Bureau-accessoires\Windows Verkenner.lnk - C:\WINDOWS\explorer.exe C:\Documents and Settings\Marijn\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Documents and Settings\Marijn\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Hulpprogrammabeheer.lnk - C:\WINDOWS\system32\utilman.exe /start C:\Documents and Settings\Marijn\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Schermtoetsenbord.lnk - C:\WINDOWS\system32\osk.exe C:\Documents and Settings\Marijn\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Vergrootglas.lnk - C:\WINDOWS\system32\magnify.exe C:\Documents and Settings\Niek\Menu Start\Programma's\Hulp op afstand.lnk - C:\WINDOWS\system32\rcimlby.exe -LaunchRA C:\Documents and Settings\Niek\Menu Start\Programma's\Bureau-accessoires\Kladblok.lnk - C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Niek\Menu Start\Programma's\Bureau-accessoires\Opdrachtprompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Documents and Settings\Niek\Menu Start\Programma's\Bureau-accessoires\Rondleiding door Windows XP.lnk - C:\WINDOWS\system32\tourstart.exe C:\Documents and Settings\Niek\Menu Start\Programma's\Bureau-accessoires\Synchroniseren.lnk - C:\WINDOWS\system32\mobsync.exe C:\Documents and Settings\Niek\Menu Start\Programma's\Bureau-accessoires\Windows Verkenner.lnk - C:\WINDOWS\explorer.exe C:\Documents and Settings\Niek\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Hulpprogrammabeheer.lnk - C:\WINDOWS\system32\utilman.exe /start C:\Documents and Settings\Niek\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Schermtoetsenbord.lnk - C:\WINDOWS\system32\osk.exe C:\Documents and Settings\Niek\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Vergrootglas.lnk - C:\WINDOWS\system32\magnify.exe ==== shortcuts in All Users Start Menu ====================== C:\Documents and Settings\All Users\Menu Start\Programma's\Adobe Reader X .lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7B44-AA1000000001}\SC_Reader.ico C:\Documents and Settings\All Users\Menu Start\Programma's\Belastingdienst\Aangifte inkomstenbelasting\2013\Aangifte inkomstenbelasting 2013 Help.lnk - C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2013\ib2013.chm C:\Documents and Settings\All Users\Menu Start\Programma's\Belastingdienst\Aangifte inkomstenbelasting\2013\Aangifte inkomstenbelasting 2013 verwijderen.lnk - C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2013\ib2013u.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Belastingdienst\Aangifte inkomstenbelasting\2013\Aangifte inkomstenbelasting 2013.lnk - C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2013\ib2013.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Belastingdienst\Aangifte inkomstenbelasting\2013\www.belastingdienst.nl.lnk - C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2013\www.belastingdienst.nl.url C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Verbinding met extern bureaublad.lnk - C:\WINDOWS\system32\mstsc.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Communicatie\Netwerkverbindingen.lnk - C:\WINDOWS\explorer.exe ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007acc7-3202-11d1-aad2-00805fc1270e} C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Communicatie\Wizard Netwerk instellen.lnk - C:\WINDOWS\system32\rundll32.exe hnetwiz.dll,HomeNetWizardRunDll C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Communicatie\Wizard Nieuwe verbinding.lnk - C:\WINDOWS\system32\rundll32.exe netshell.dll,StartNCW C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Back-up.lnk - C:\WINDOWS\system32\ntbackup.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Geplande taken.lnk - C:\WINDOWS\explorer.exe ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{D6277990-4C6A-11CF-8D87-00AA0060F5BF} C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Schijfdefragmentatie.lnk - C:\WINDOWS\system32\dfrg.msc C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Schijfopruiming.lnk - C:\WINDOWS\system32\cleanmgr.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Speciale tekens.lnk - C:\WINDOWS\system32\charmap.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Systeemherstel.lnk - C:\WINDOWS\system32\restore\rstrui.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Wizard Toegankelijkheid.lnk - C:\WINDOWS\system32\accwiz.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Norton Internet Security\LiveUpdate.LNK - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\uistub.exe /lu C:\Documents and Settings\All Users\Menu Start\Programma's\Norton Internet Security\Norton Internet Security verwijderen.LNK - C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\21.1.0.18\inststub.exe /X /shortcut C:\Documents and Settings\All Users\Menu Start\Programma's\Norton Internet Security\Norton Internet Security.LNK - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\uistub.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Norton Internet Security\Norton Recovery Tools.LNK - C:\Documents and Settings\All Users\Menu Start\Programma's\Norton Internet Security\Ondersteuning verkrijgen.LNK - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\symerr.exe /support C:\Documents and Settings\All Users\Menu Start\Programma's\Norton Security Scan\Norton Security Scan verwijderen.LNK - C:\Program Files\Norton Security Scan\Engine\4.0.3.24\InstWrap.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Norton Security Scan\Norton Security Scan.LNK - C:\Program Files\Norton Security Scan\Engine\4.0.3.24\Nss.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Ontspanning\FreeCell.lnk - C:\WINDOWS\system32\freecell.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Ontspanning\Mijnenveger.lnk - C:\WINDOWS\system32\winmine.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Ontspanning\Patience.lnk - C:\WINDOWS\system32\sol.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Computerbeheer.lnk - C:\WINDOWS\system32\compmgmt.msc /s C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Gegevensbronnen (ODBC).lnk - C:\WINDOWS\system32\odbcad32.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Logboeken.lnk - C:\WINDOWS\system32\eventvwr.msc /s C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Lokaal beveiligingsbeleid.lnk - C:\WINDOWS\system32\secpol.msc /s C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Prestaties.lnk - C:\WINDOWS\system32\perfmon.msc /s C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Services.lnk - C:\WINDOWS\system32\services.msc /s ==== shortcuts in Quick Launch ====================== C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Luc\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Luc\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\Documents and Settings\Luc\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Documents and Settings\Marijn\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Marijn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marijn\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\Documents and Settings\Niek\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{8c33f9f6} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Mijn documenten\J Monden\Marijn\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Mijn documenten\J Monden\Monden\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Mijn documenten\J Monden\Niek\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Mijn documenten\Mijn afbeeldingen\Marijn\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Mijn documenten\Mijn afbeeldingen\monden jacqueline\jacqueline\Local Settings\Temporary Internet Files\Content.ie5 emptied successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Luc\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Luc\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Marijn\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Marijn\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Niek\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\Niek\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Application Data\Torch\User Data\Default\Cache emptied successfully C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Luc\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Marijn\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Niek\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1347 folders=369 152003252 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Administrator\Local Settings\Temp emptied successfully C:\Documents and Settings\Christ & Jacqueline\Local Settings\Temp emptied successfully C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp will be emptied at reboot C:\Documents and Settings\Luc\Local Settings\Temp emptied successfully C:\Documents and Settings\Marijn\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully C:\Documents and Settings\Niek\Local Settings\Temp will be emptied at reboot C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\Niek\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\Niek\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Program Files\MyPC Backup" not found "C:\Program Files\MyPC Backup" not found "C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies" not found "C:\Documents and Settings\LocalService\Local Settings\Temp\History" not found "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files" not found ==== EOF on za 25-01-2014 at 22:04:41,82 ======================

edit.

Logfile of random's system information tool 1.09 (written by random/random) Run by Niek at 2014-01-23 08:34:28 Microsoft Windows XP Professional Service Pack 3 System drive C: has 221 GB (73%) free of 305 GB Total RAM: 2046 MB (56% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:34:47, on 23-1-2014 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\All Users\Application Data\WPM\wprotectmanager.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\MyPC Backup\BackupStack.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Update\NASvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Niek\Mijn documenten\Downloads\RSIT.exe C:\Program Files\trend micro\Niek.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0A1B3F5F-459F-422A-A4AB-F59C4769CDF6&SSPV= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07&q={searchTerms} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?type=hp&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com/web/?type=ds&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com/web/?type=ds&ts=1388851533&from=bnds&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1424628046280&i=psd&t=33bd1ed07&q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {26E1BEAF-C1A1-482B-8714-08844F1BCF7F} (GTileContainerCtl Class) - http://213.126.97.82:8080/webviewer.cab O16 - DPF: {3AA1C0E3-DA98-4BB4-91AE-D3BC61178240} (GVersionManager Class) - http://213.126.97.82:8080/GVersionMan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1311856062406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1311861837093 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\winfil~1\winfil~1.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files\MyPC Backup\BackupStack.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe O23 - Service: Wpm Service (Wpm) - Cherished Technololgy LIMITED - C:\Documents and Settings\All Users\Application Data\WPM\wprotectmanager.exe -- End of file - 9456 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cef5cd315af64e.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cef5cd31b58faa.job C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job C:\WINDOWS\tasks\Norton Security Scan for Luc.job C:\WINDOWS\tasks\Norton Security Scan for Niek.job C:\WINDOWS\tasks\SymInstallStub.job C:\WINDOWS\tasks\User_Feed_Synchronization-{2277C5F7-E9D9-4450-BD67-48054748DE38}.job C:\WINDOWS\tasks\User_Feed_Synchronization-{666F6ED9-7184-4005-A1B8-100FB998D539}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Norton Identity Protection - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll [2013-10-06 526672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Norton Vulnerability Protection - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL [2013-09-29 388504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll [2013-10-06 526672] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] ""=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-07-15 844656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-07-15 311152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe [2006-03-20 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] C:\Documents and Settings\Luc\Application Data\Spotify\Data\SpotifyWebHelper.exe [2013-08-02 1104280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\docume~1\alluse~1\applic~1\winfil~1\winfil~1.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:*:Enabled:The Battle for Middle-earth™ II" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour-service" "C:\Documents and Settings\Luc\Application Data\Spotify\spotify.exe"="C:\Documents and Settings\Luc\Application Data\Spotify\spotify.exe:*:Enabled:Spotify" "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit" "C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe"="C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Documents and Settings\Marijn\Application Data\uTorrent\uTorrent.exe"="C:\Documents and Settings\Marijn\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Documents and Settings\Luc\Application Data\uTorrent\uTorrent.exe"="C:\Documents and Settings\Luc\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Documents and Settings\Niek\Application Data\uTorrent\uTorrent.exe"="C:\Documents and Settings\Niek\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe"="C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "VIDC.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "VIDC.YVYU"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "msacm.siren"=sirenacm.dll "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux1"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2014-01-23 08:34:31 ----D---- C:\Program Files\trend micro 2014-01-23 08:34:28 ----D---- C:\rsit 2014-01-18 18:30:54 ----D---- C:\Program Files\Belastingdienst 2014-01-16 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-11 13:40:21 ----D---- C:\Program Files\Symantec 2014-01-11 13:40:21 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2014-01-11 13:37:53 ----D---- C:\WINDOWS\system32\drivers\NIS 2014-01-11 13:37:45 ----D---- C:\Program Files\Norton Internet Security 2014-01-11 13:19:26 ----D---- C:\WINDOWS\system32\drivers\NSS 2014-01-11 13:19:26 ----D---- C:\Program Files\Norton Security Scan 2014-01-10 18:07:44 ----D---- C:\Program Files\Enigma Software Group 2014-01-10 18:07:02 ----D---- C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP 2014-01-10 18:06:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2014-01-10 18:04:58 ----D---- C:\Program Files\HAppY2Save 2014-01-04 17:06:18 ----D---- C:\Documents and Settings\All Users\Application Data\WPM 2014-01-04 17:04:32 ----D---- C:\Documents and Settings\Niek\Application Data\uTorrent 2014-01-01 17:24:14 ----D---- C:\Documents and Settings\All Users\Application Data\RandomPriCe 2014-01-01 17:24:09 ----D---- C:\Documents and Settings\All Users\Application Data\idahcddpimjelfnkmocefhnbpbgconbb 2014-01-01 17:23:44 ----D---- C:\Documents and Settings\All Users\Application Data\f3fe3c5ff77c86bd 2014-01-01 17:23:42 ----D---- C:\Documents and Settings\All Users\Application Data\HAppY2Save 2013-12-29 12:53:28 ----D---- C:\Documents and Settings\All Users\Application Data\WinFilter 2013-12-26 14:16:06 ----N---- C:\WINDOWS\system32\spmsg2.dll 2013-12-26 14:16:00 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ ======List of files/folders modified in the last 1 month====== 2014-01-23 08:34:31 ----RD---- C:\Program Files 2014-01-23 08:34:31 ----D---- C:\WINDOWS\Temp 2014-01-23 08:34:21 ----D---- C:\WINDOWS\Prefetch 2014-01-23 07:43:03 ----D---- C:\Program Files\MyPC Backup 2014-01-22 13:53:52 ----SD---- C:\WINDOWS\Tasks 2014-01-22 13:49:34 ----SHD---- C:\System Volume Information 2014-01-22 13:44:57 ----D---- C:\WINDOWS\system32\CatRoot2 2014-01-21 19:23:44 ----A---- C:\WINDOWS\SchedLgU.Txt 2014-01-19 08:32:23 ----N---- C:\WINDOWS\system32\MpSigStub.exe 2014-01-16 15:56:41 ----SHD---- C:\WINDOWS\Installer 2014-01-16 15:56:40 ----HD---- C:\Config.Msi 2014-01-16 15:53:51 ----D---- C:\WINDOWS\system32 2014-01-16 15:48:34 ----D---- C:\WINDOWS 2014-01-16 11:18:55 ----D---- C:\Program Files\Common Files\Symantec Shared 2014-01-16 03:06:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-01-16 03:04:39 ----D---- C:\WINDOWS\system32\MRT 2014-01-16 03:01:36 ----A---- C:\WINDOWS\system32\MRT.exe 2014-01-16 03:01:27 ----HD---- C:\WINDOWS\inf 2014-01-16 03:01:19 ----RSHDC---- C:\WINDOWS\system32\dllcache 2014-01-16 03:01:19 ----D---- C:\WINDOWS\system32\drivers 2014-01-12 02:09:34 ----D---- C:\Documents and Settings\All Users\Application Data\ssafe saveu 2014-01-11 13:41:09 ----D---- C:\Documents and Settings\All Users\Application Data\Norton 2014-01-11 13:29:53 ----D---- C:\Program Files\NortonInstaller 2014-01-11 13:19:21 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller 2014-01-10 18:06:58 ----D---- C:\Program Files\Common Files 2014-01-05 12:46:15 ----D---- C:\WINDOWS\Minidump 2014-01-05 12:45:40 ----D---- C:\Program Files\PokerStars.EU 2013-12-26 14:42:12 ----D---- C:\WINDOWS\Microsoft.NET 2013-12-26 14:25:28 ----SH---- C:\boot.ini 2013-12-26 14:25:28 ----A---- C:\WINDOWS\win.ini 2013-12-26 14:25:28 ----A---- C:\WINDOWS\system.ini 2013-12-26 14:25:26 ----D---- C:\WINDOWS\pss 2013-12-26 14:16:17 ----A---- C:\WINDOWS\imsins.BAK 2013-12-26 14:15:52 ----RSD---- C:\WINDOWS\assembly 2013-12-26 14:15:40 ----D---- C:\WINDOWS\system32\XPSViewer 2013-12-26 14:15:37 ----D---- C:\WINDOWS\system32\nl-nl ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-09-27 214696] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 MpKslb9cf8b05;MpKslb9cf8b05; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C1F9B57-76B7-45DC-8D6B-12DF722554B5}\MpKslb9cf8b05.sys [] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-07-29 20747] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-07 1580544] R3 BHDrvx86;BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [] R3 ccSet_NIS;NIS Settings Manager; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [2013-09-26 127064] R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400] R3 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS [] R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IDSxpx86;IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140122.001\IDSxpx86.sys [] R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288] R3 NAVENG;NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140122.009\NAVENG.SYS [] R3 NAVEX15;NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140122.009\NAVEX15.SYS [] R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096] R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1501000.012\SRTSP.SYS [2013-09-27 651352] R3 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [2013-07-31 32344] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-20 1156648] R3 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMDS.SYS [2013-08-01 367704] R3 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMEFA.SYS [2013-09-27 935512] R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] R3 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [2013-07-31 206936] R3 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1501000.012\SYMTDI.SYS [2013-09-26 421592] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2004-12-13 39904] S1 wceusbsh;Windows CE USB Serial Host-stuurprogramma; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 32000] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\WINDOWS\System32\Drivers\ssadadb.sys [2013-06-21 32064] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [] S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2013-06-14 20032] S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-16 17432] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744] S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [] S3 htcnprot;HTC NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [2012-10-08 21248] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-11 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 naecd;naecd; \??\C:\DOCUME~1\Marijn\LOCALS~1\Temp\naecd.sys [] S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176] S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168] S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-03-12 709248] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2013-06-21 136904] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2013-06-21 17864] S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2013-06-21 153672] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\ssadserd.sys [2013-06-21 130248] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192] S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160] S3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192] S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbvideo;USB-videoapparaat (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 8c33f9f6;WinFilter; c:\docume~1\alluse~1\applic~1\winfil~1\WinFilterSvc.dll [2013-12-29 178000] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-26 55144] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-07 409600] R2 BackupStack;Computer Backup (MyPC Backup); C:\Program Files\MyPC Backup\BackupStack.exe [2013-09-19 38440] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504] R2 HTCMonitorService;HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2012-07-16 87368] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-07-29 153376] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208] R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2011-09-23 641832] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [2013-10-08 275696] R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2005-07-04 53307] R2 Wpm;Wpm Service; C:\Documents and Settings\All Users\Application Data\WPM\wprotectmanager.exe [2014-01-04 499856] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-06-07 520192] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-18 136176] S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416] S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-18 136176] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-15 194032] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

Hallo, Ik heb op mijn vaste PC een virus zitten (RandomPriCe 6.1) en ik krijg het er niet vanaf. Ook is de PC de laatste tijd erg sloom geworden. Ik weet niet of het daar mee te maken heeft?! Kan iemand mij helpen? Alvast bedankt!

Oke! nogmaals bedankt voor al je reacties en hulp!

Bedankt, Maxstar! Alle problemen zijn opgelost denk ik! Ik heb wel nog een andere PC waar wat virussen o.i.d. opzitten.

[ATTACH]29973[/ATTACH] HitmanPro_20140119_1935.log

Hier alvast het logbestand van de AdwCleaner. HitmanPro is nu bezig. [ATTACH]29972[/ATTACH] AdwCleaner[S0].txt

Emsisoft Emergency Kit - Versie 4.0 Laatste Update: 1/19/2014 3:14:18 PM Gebruikersaccount: Niek-PC\Niek Scaninstellingen: Scanmodus: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\ Detecteer PUPs: Aan Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 1/19/2014 3:14:57 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Ontdekt: Application.Win32.WSearch (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\BINGBAR_RASMANCS Ontdekt: Application.Win32.InstallExt (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEARCHPROTECT Ontdekt: Application.Win32.InstallExt (A) C:\zoek_backup\C_ProgramData_Browse2sauVe\settings.ini Ontdekt: Gen:Adware.MPlug.1 ( C:\zoek_backup\C_ProgramData_Network Acceleration\NetworkAcceleration.dll Ontdekt: Gen:Variant.Adware.BProtector.2 ( C:\zoek_backup\C_Users_Niek_AppData_Roaming_Enys\duqo.exe Ontdekt: Trojan.Generic.KDV.641977 ( C:\zoek_backup\C_Users_Niek_AppData_Roaming_Ewkose\sabie.exe Ontdekt: Trojan.Generic.KDV.646523 ( C:\zoek_backup\C_Users_Niek_AppData_Roaming_Fufuqu\ahysb.exe Ontdekt: Trojan.Generic.KDV.639288 ( C:\zoek_backup\C_Users_Niek_AppData_Roaming_Icnio\poasl.exe Ontdekt: Trojan.Generic.KDV.641977 ( C:\zoek_backup\C_Users_Niek_AppData_Roaming_Okumac\okesf.exe Ontdekt: Trojan.Generic.KDV.633319 ( Gescand: 327411 Gevonden: 10 Scan geëindigd: 1/19/2014 4:40:58 PM Scantijd: 1:26:01 C:\zoek_backup\C_Users_Niek_AppData_Roaming_Okumac\okesf.exe In quarantaine geplaatst Trojan.Generic.KDV.633319 ( C:\zoek_backup\C_Users_Niek_AppData_Roaming_Fufuqu\ahysb.exe In quarantaine geplaatst Trojan.Generic.KDV.639288 ( C:\zoek_backup\C_Users_Niek_AppData_Roaming_Ewkose\sabie.exe In quarantaine geplaatst Trojan.Generic.KDV.646523 ( C:\zoek_backup\C_Users_Niek_AppData_Roaming_Enys\duqo.exe In quarantaine geplaatst Trojan.Generic.KDV.641977 ( C:\zoek_backup\C_Users_Niek_AppData_Roaming_Icnio\poasl.exe In quarantaine geplaatst Trojan.Generic.KDV.641977 ( C:\zoek_backup\C_ProgramData_Network Acceleration\NetworkAcceleration.dll In quarantaine geplaatst Gen:Variant.Adware.BProtector.2 ( C:\zoek_backup\C_ProgramData_Browse2sauVe\settings.ini In quarantaine geplaatst Gen:Adware.MPlug.1 ( Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\BINGBAR_RASMANCS In quarantaine geplaatst Application.Win32.InstallExt (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEARCHPROTECT In quarantaine geplaatst Application.Win32.InstallExt (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} In quarantaine geplaatst Application.Win32.WSearch (A) In quarantaine geplaatst 10

Oke, heel hartelijk dank voor je hulp en ik ga dit laatste ook even proberen!

[ATTACH]29958[/ATTACH] zoek-results1.txt

[ATTACH]29955[/ATTACH] zoek-results.txt

[ATTACH]29954[/ATTACH] dds.txt

Bedankt voor je snelle reactie maar ik kom er niet aan uit. Ik heb DDS gedownload en ik krijg dan twee kladblok bestanden op mijn bureaublad. Wat moet ik daarmee doen?

Hallo, Sinds een paar dagen heb ik een virus op mijn laptop, namelijk SaVELots 6.3. Echter, ik krijg deze niet van mijn laptop af. Kan iemand mij hierbij helpen? Heel hartelijk dank alvast.