Malware Trace.Registry.C.O.B.R.A.Toolbar 1.5 (A)

[BJHM]

Goedenavond.

Sinds kort heb ik malware op mijn computer dat Emsisoft onder de noemer: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A) benoemt.

Ik zou u willen verzoeken mij te willen helpen bij het verwijderen van die malware. Heb geprobeerd deze via Emsisoft te verwijderen

of op zijn minst in quarantaire te plaatsen maar dat lukt slechts zeer gedeeltelijk.

Onderstaand het log van Emsisoft:

Emsisoft Anti-Malware - Versie 8.0

Laatste Update: 11-7-2013 14:22:27

Gebruikersaccount: DELL\Bart

Scaninstellingen:

Scanmodus: Diepe scan

Objecten: Rootkits, Geheugen, Sporen, C:\, E:\, Q:\

Detecteer riskware: Uit

Scan archieven: Aan

ADS Scan: Aan

Bestandsextensiefilter: Uit

Geavanceerde cache: Aan

Directe schijftoegang: Uit

Scan gestart: 11-7-2013 14:22:39

Value: HKEY_CLASSES_ROOT\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Gescand 585284

Gevonden 26

Scan geëindigd: 11-7-2013 18:21:52

Scantijd: 3:59:13

Ik hoop van u te mogen vernemen wat iki moet doen bij het verwijderen. Bij voorbaat dank.

Vriendelijke groet

BJHM

[kape]

Download MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• Update MalwareBytes' Anti-Malware
  
• Start MalwareBytes' Anti-Malware
  
• Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.
  

Klik daarna op "Voltooien".

Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Bij problemen!!! (Lees de onderstaande instructies)

• Malwarebytes' Anti-Malware Chameleon
  
• Problemen bij het installeren van Malwarebytes' Anti-Malware
  
• Problemen bij het updaten van Malwarebytes' Anti-Malware
  
• Problemen bij het starten van Malwarebytes' Anti-Malware
  

• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  
• Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  
• Druk vervolgens op "Scannen" om de scan te starten.
  
• Het scannen kan een tijdje duren, dus wees geduldig.
  
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  
• Herstart de computer indien nodig en post hierna de log in het volgende bericht.
  

[BJHM]

Goedenavond Kape.

Dank voor de instructies. Heb MBAM gedraaid, deze detecteerde geen malware,

Onderstaand het log:

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes : Free anti-malware download

Databaseversie: v2013.07.11.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

Bart :: DELL [administrator]

11-7-2013 20:36:52

mbam-log-2013-07-11 (20-36-52).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 246628

Verstreken tijd: 10 minuut/minuten, 4 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Vriendelijke groet

BJHM

[kape]

Vreemd dat Emsisoft dit aangeeft en Malwarebytes niet. We zoeken even verder:

Download ComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

• Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  
• Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  
• Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  
• Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  
• Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  
• Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  
• Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  
• Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  
• Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
  

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.

• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  
• Illegal operation attempted on a registry key that has been marked for deletion.
  

[BJHM]

Hallo Kape. ComboFix gedraaid, onderstaand het log: (Mag ik aannemen dat ik de uitschakeling van de diverse antivirus- en antispywareprogramma's weer ongedaan

kan maken?):

ComboFix 13-07-11.03 - Bart 11-07-2013 21:33:41.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4056.1907 [GMT 2:00]

Gestart vanuit: c:\users\Bart\Downloads\ComboFix.exe

AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\LoJackNotifier.txt

c:\users\Bart\javahelper.exe

c:\windows\SysWow64\muzapp.exe

c:\windows\SysWow64\System32\MASetupCleaner.exe

c:\windows\SysWow64\System32\muzapp.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_BCMWLTRY.EXE pid: 1992 578: c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

-------\Service_conhost.exe pid: 1968 24: c:\windows\System32\nl-NL\conhost.exe.mui

-------\Service_conhost.exe pid: 6660 24: c:\windows\System32\nl-NL\conhost.exe.mui

-------\Service_Copyright © 1997-2008 Mark Russinovich

-------\Service_Handle v3.42

-------\Service_lsm.exe pid: 872 250: c:\windows\System32\nl-NL\lsm.exe.mui

-------\Service_MsMpEng.exe pid: 1052 36C: c:\program files\Microsoft Security Client\MpCmdRun.exe

-------\Service_MsMpEng.exe pid: 1052 39C: c:\program files\Microsoft Security Client\NisSrv.exe

-------\Service_rundll32.exe pid: 2784 30: c:\windows\System32\nl-NL\rundll32.exe.mui

-------\Service_rundll32.exe pid: 2800 30: c:\windows\System32\nl-NL\rundll32.exe.mui

-------\Service_rundll32.exe pid: 2824 58: c:\windows\SysWOW64\nl-NL\rundll32.exe.mui

-------\Service_SftService.exe pid: 4208 A4: c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE.20130711130416_1.log

-------\Service_STService.exe pid: 4736 F4: c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STSERVICE.EXE.20130711130419_1.log

-------\Service_Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources

-------\Service_wlanext.exe pid: 1960 44: c:\windows\System32\nl-NL\wlanext.exe.mui

-------\Service_wmpnetwk.exe pid: 6200 3C: c:\program files\Windows Media Player\nl-NL\wmpnetwk.exe.mui

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-06-11 to 2013-07-11 ))))))))))))))))))))))))))))))

.

.

2013-07-11 19:48 . 2013-07-11 19:52 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp

2013-07-11 19:48 . 2013-07-11 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-11 11:00 . 2003-12-12 11:16 266240 ------w- c:\windows\Dit.DLL

2013-07-11 11:00 . 2003-07-11 08:31 61440 ----a-w- c:\windows\DitExp.exe

2013-07-11 10:07 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll

2013-07-11 10:07 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll

2013-07-11 09:50 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-11 09:50 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-11 09:50 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll

2013-07-11 09:50 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll

2013-07-11 09:50 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll

2013-07-11 09:50 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll

2013-07-11 09:50 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll

2013-07-11 09:49 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-11 09:49 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-07-11 09:49 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll

2013-07-11 09:49 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2013-07-11 09:49 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-07-11 09:49 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-07-11 09:49 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-07-11 09:49 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-11 09:49 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-11 09:49 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-11 09:49 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-11 09:49 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-06-28 09:51 . 2013-06-30 15:28 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2013-06-24 17:00 . 2012-08-23 09:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe

2013-06-24 17:00 . 2012-08-23 09:31 26488 ----a-w- c:\windows\system32\authuitu.dll

2013-06-24 17:00 . 2012-08-23 09:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll

2013-06-24 16:58 . 2013-06-24 17:00 -------- d-----w- c:\programdata\AVG

2013-06-24 16:57 . 2013-06-24 16:57 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-06-13 17:11 . 2013-06-13 17:11 -------- d-----w- c:\program files\iPod

2013-06-13 17:11 . 2013-06-13 17:12 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-06-13 17:11 . 2013-06-13 17:12 -------- d-----w- c:\program files\iTunes

2013-06-13 17:11 . 2013-06-13 17:12 -------- d-----w- c:\program files (x86)\iTunes

2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2013-06-13 17:04 . 2013-06-13 17:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

2013-06-13 17:03 . 2013-06-13 17:04 -------- d-----w- c:\program files (x86)\QuickTime

2013-06-12 17:51 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-06-12 17:51 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-11 12:12 . 2013-07-11 12:12 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8121BFCF-AA66-42C3-9AAF-78695A5C6A53}\offreg.dll

2013-07-11 10:10 . 2010-07-09 19:09 78185248 ----a-w- c:\windows\system32\MRT.exe

2013-07-11 08:38 . 2012-03-30 19:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-11 08:38 . 2011-05-21 11:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-21 14:47 . 2013-06-21 14:48 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CE04BD2-86DA-48EE-8BAD-2ABCAEB8AA70}\gapaengine.dll

2013-06-18 14:14 . 2012-10-09 10:31 236688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys

2013-06-12 03:08 . 2013-07-11 12:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8121BFCF-AA66-42C3-9AAF-78695A5C6A53}\mpengine.dll

2013-06-12 03:08 . 2013-07-11 10:48 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-23 06:13 . 2012-10-06 05:48 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-05-11 16:51 . 2012-07-12 12:59 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 15:29 . 2011-02-15 17:15 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2013-04-30 12:26 . 2013-04-30 12:26 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-30 12:26 . 2012-06-13 20:23 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-04-30 12:26 . 2010-07-04 10:05 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-04-30 12:19 . 2013-04-30 12:19 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-04-30 12:19 . 2013-04-30 12:20 311200 ----a-w- c:\windows\system32\javaws.exe

2013-04-30 12:19 . 2013-04-30 12:19 188832 ----a-w- c:\windows\system32\javaw.exe

2013-04-30 12:19 . 2013-04-30 12:19 188320 ----a-w- c:\windows\system32\java.exe

2013-04-30 12:19 . 2012-10-24 11:00 1092512 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-04-30 12:19 . 2010-07-04 10:06 971680 ----a-w- c:\windows\system32\deployJava1.dll

2013-04-13 05:49 . 2013-05-16 13:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-16 13:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-16 13:18 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-16 13:18 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-16 13:18 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-16 13:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296]

"Spotify Web Helper"="c:\users\Bart\Desktop\Toepassingen\Data\SpotifyWebHelper.exe" [2013-05-12 1105408]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]

"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]

"Spotify"="c:\users\Bart\Desktop\Toepassingen\Spotify.exe" [2013-05-12 4573184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"KMCONFIG"="c:\program files (x86)\Silvercrest OM1008 driver\StartAutorun.exe" [2008-05-29 212992]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]

"EMET Notifier"="c:\program files (x86)\EMET\EMET_notifier.exe" [2012-05-09 152152]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]

"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2012-04-14 131072]

"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]

"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]

"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2013-07-11 2928040]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-12 559616]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

NDAS Geräte-Manager.lnk - c:\program files\NDAS\System\ndasmgmt.exe /startup [2010-1-13 389608]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-16 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CallingID\CallingIDLinkAdvisor2.0\x86\LinkAdvisor\CIDLinkAdvisor.dll" [2013-06-26 3684888]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]

R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys;c:\windows\SYSNATIVE\DRIVERS\btcomport.sys [x]

R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys;c:\windows\SYSNATIVE\Drivers\btcombus.sys [x]

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]

R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys;c:\windows\SYSNATIVE\DRIVERS\aabed2.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]

S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]

S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]

S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys;c:\windows\SYSNATIVE\drivers\eufs.sys [x]

S0 ndasfs;ndasfs;c:\windows\system32\DRIVERS\ndasfs.sys;c:\windows\SYSNATIVE\DRIVERS\ndasfs.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]

S1 archlp;archlp;SysWOW64\drivers\archlp.sys;SysWOW64\drivers\archlp.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]

S1 ndasfat;NDAS FAT File System Service;c:\windows\system32\DRIVERS\ndasfat.sys;c:\windows\SYSNATIVE\DRIVERS\ndasfat.sys [x]

S1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\DRIVERS\ndasrofs.sys;c:\windows\SYSNATIVE\DRIVERS\ndasrofs.sys [x]

S1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [x]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]

S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [x]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]

S2 CIDLinkAdvisorService;CIDLinkAdvisorService;c:\program files\CallingID\CallingIDLinkAdvisor2.0\x86\LinkAdvisor\CIDLinkAdvisorService.exe;c:\program files\CallingID\CallingIDLinkAdvisor2.0\x86\LinkAdvisor\CIDLinkAdvisorService.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]

S2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe [x]

S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Silvercrest OM1008 driver\KMWDSrv.exe;c:\program files (x86)\Silvercrest OM1008 driver\KMWDSrv.exe [x]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\siteadvisor\mcsacore.exe;c:\progra~2\mcafee\siteadvisor\mcsacore.exe [x]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]

S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [x]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]

S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]

S3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys;c:\windows\SYSNATIVE\drivers\eudisk.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:38]

.

2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-11 17:40]

.

2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-11 17:40]

.

2013-07-11 c:\windows\Tasks\RMAutoUpdate.job

- c:\program files (x86)\Registry Mechanic\SULauncher.exe [2012-11-08 13:44]

.

2013-07-11 c:\windows\Tasks\RMSchedule.job

- c:\program files (x86)\Registry Mechanic\RegMech.exe [2012-11-08 13:43]

.

2013-01-29 c:\windows\Tasks\ROC_REG_JAN_DELETE.job

- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-28 21:16]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-06 384296]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll" [2013-06-26 4332056]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.upc.nl/live

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Free YouTube Download - c:\users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to Mp3 Converter - c:\users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

FF - ProfilePath - c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\

FF - prefs.js: browser.startup.homepage - UPC Live - UPC Nederland

FF - ExtSQL: 2013-06-13 05:46; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-AVG_TRAY - (no file)

SafeBoot-CleanHlp

SafeBoot-CleanHlp.sys

SafeBoot-SolutoService

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCMLogon]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCMWLTRY.EXE pid: 1992 578: C:]

--

"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe pid: 1968 24: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe pid: 6660 24: C:]

--

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe pid: 872 250: C:]

--

"ImagePath"="system32\drivers\MSKSSRV.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpEng.exe pid: 1052 36C: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpEng.exe pid: 1052 39C: C:]

--

"ImagePath"="System32\Drivers\RtsUStor.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rundll32.exe pid: 2784 30: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rundll32.exe pid: 2800 30: C:]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rundll32.exe pid: 2824 58: C:]

--

"ImagePath"="\"c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SftService.exe pid: 4208 A4: C:]

--

"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\STService.exe pid: 4736 F4: C:]

--

"ImagePath"="system32\DRIVERS\WinUsb.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlanext.exe pid: 1960 44: C:]

--

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe pid: 6200 3C: C:]

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Voltooingstijd: 2013-07-11 22:05:31 - machine werd herstart

ComboFix-quarantined-files.txt 2013-07-11 20:05

.

Pre-Run: 91.588.640.768 bytes beschikbaar

Post-Run: 90.807.947.264 bytes beschikbaar

.

- - End Of File - - 920F2B4A151A131B501C7EE4E0FD5524

D41D8CD98F00B204E9800998ECF8427E

Vriendelijke groet

BJHM

[kape]

Combofix mag je verwijderen. Dat doe je best zo:

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Antivirus en antispyware mag je terug inschakelen ... en laat dan Emsisoft eens opnieuw scannen.

[BJHM]

Hallo Kape.

Dank voor de info. Heb Emsisoft gedraaid en gezien dat de 26 bedreigingen (met gemiddeld risico) nog worden gedetecteerd. Onderstaand het log:

Emsisoft Anti-Malware - Versie 8.0

Laatste Update: 11-7-2013 22:50:52

Gebruikersaccount: DELL\Bart

Scaninstellingen:

Scanmodus: Snelle scan

Objecten: Rootkits, Geheugen, Sporen

Detecteer riskware: Uit

Scan archieven: Uit

ADS Scan: Aan

Bestandsextensiefilter: Uit

Geavanceerde cache: Aan

Directe schijftoegang: Uit

Scan gestart: 11-7-2013 22:51:05

Value: HKEY_CLASSES_ROOT\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_CLASSES_ROOT\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3C89A618-6472-4B2B-8B5B-C0FE2EA3F236}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4661410E-A88C-46EE-9FFB-F8DA8ADAAE65}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58279179-3E20-4DAC-802F-C16C94527553}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{69A00CC1-6CD6-4C08-A888-C19CF81E8B84}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85C5B5B0-2140-47BC-AC03-27FE689DD8DE} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{85E24D11-8EC4-4784-9D9D-16285A1D4248}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B7612F6D-C39D-4C69-AC47-815AF35EE6CB}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C912024A-C20F-4CB6-9B5B-2DD1268014E2} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D43DEE33-575E-412E-82DE-B064C7AC7FF8}\INPROCSERVER32 -> THREADINGMODEL Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E82070F7-4174-4F49-8DCF-C87F8DDF0BAA} -> APPID Ontdekt: Trace.Registry.C.O.B.R.A. Toolbar 1.5 (A)

Gescand 320474

Gevonden 26

Scan geëindigd: 11-7-2013 22:52:39

Scantijd: 0:01:34

Vriendelijke groet

BJHM

[BJHM]

Goedemorgen Kape.

Bij mijn bovenstaande reactie vergat ik te melden dat ik AVG en Microsoft Security Essentials wel uitgeschakeld kreeg maar MBAM en Emsisoft niet. Zou dit misschien de oorzaak kunnen zijn van het feit dat de malware niet verwijderd is? (Heb later wel MBAM uitgeschakeld gekregen maar Emsisoft niet).

Vriendelijke groet

BJHM

[kape]

Volgens deze gegevens zou Emsisoft die COBRA Toolbar moeten verwijderen ... maar dat blijkt dus niet het geval te zijn. Bovendien zijn het allemaal registeringangen die besmet zouden zijn en geen mappen of bestanden ?

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
  
  • Running processes
    
  • Recently Created
    
  • Startup Information
    
  • Installed Programs
    
  • Firefox Look
    
  • Chrome Look
    
  • Firefox Defaults
    
  • Reset Chrome
    
  • Shortcut Fix
    
  • IE Defaults
    
  • Auto Clean
    

  [*] Klik nu op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

[BJHM]

Hallo Kape. Dank voor de info. Aansluitend het log van zoek.exe:

Zoek.exe Version 4.0.0.4 Updated 10-July-2013

Tool run by Bart on vr 12-07-2013 at 7:24:18,93.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\x86\LinkAdvisor\CIDLinkAdvisorService.exe

C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Silvercrest OM1008 driver\KMWDSrv.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\NDAS\System\ndassvc.exe

C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe

C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Users\Bart\Desktop\Toepassingen\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Silvercrest OM1008 driver\StartAutorun.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files (x86)\EMET\EMET_notifier.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files\NDAS\System\ndasmgmt.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Silvercrest OM1008 driver\KMConfig.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files (x86)\Silvercrest OM1008 driver\KMProcess.exe

C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

c:\PROGRA~2\mcafee\siteadvisor\saui.exe

C:\Windows\system32\taskhost.exe

C:\Users\Bart\Downloads\zoek(2).exe

C:\Windows\system32\conhost.exe

==== System Restore Info ======================

12-7-2013 7:25:48 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample_12-07-2013_0738.zip ======================

Process firefox.exe killed

Process rundll32.exe killed

Copied file C:\Users\Bart\AppData\Roaming\LoJackSetup.exe to sample\LoJackSetup.exe

Copied file C:\Users\Bart\ctmweb.exe to sample\ctmweb.exe

Copied file C:\Users\Bart\ntagent.exe to sample\ntagent.exe

sample\ctmweb.exe renamed to 4C663D9819F666339D250852392C9679

sample\LoJackSetup.exe renamed to 31DB773CB9FCA16AA016F876D4417F08

sample\ntagent.exe renamed to 4417F64111FECC0E767A68A6C830E626

C:\Users\Public\Desktop\sample_12-07-2013_0738.zip created successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

7-Zip 9.20

ABN AMRO e.dentifier2 software

ACSI Camp Site Guide Europe 2011

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03) - Nederlands

Advertising Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft WebCam Companion 3

AVG 2013

AVG PC TuneUp

AVG PC TuneUp Language Pack (nl-NL)

AviSynth 2.5

Bonjour

calibre

CallingID LinkAdvisor 2.0 (2.0.0.295)

Canon Easy-WebPrint EX

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 3.0

Canon MP250 series MP Drivers

Canon MP270 series MP Drivers

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

CardRecovery 5.20

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibiliteitspakket voor het 2007 Microsoft Office system

CVE-2012-1889

D3DX10

Dell DataSafe Local Backup - Support Software

Dell DataSafe Local Backup

Dell DataSafe Online

Dell Dock

Dell Driver Download Manager

Dell Edoc Viewer

Dell Getting Started Guide

Dell Touchpad

Dell Wireless WLAN Card Utility

EASEUS Partition Master 9.0.0 Home Edition

EASEUS Todo Backup Free 2.5.1

eBook Reader

EMET

Emsisoft Anti-Malware

FastStone Photo Resizer 3.1

FileASSASSIN

Free Studio version 4.8

Free YouTube Download version 3.1.42.1212

Gebruikersregistratie voor Canon MP250 series

Gebruikersregistratie voor Canon MP270 series

GemistDownloader

Google Earth

Google Update Helper

HiJackThis

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

iCloud

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

Intel© Matrix Storage Manager

iTunes

Java 7 Update 21

Java 7 Update 21 (64-bit)

Java 6 Update 45

Junk Mail filter update

K-Lite Codec Pack 5.9.0 (Basic)

Malwarebytes Anti-Malware versie 1.75.0.1300

McAfee Security Scan Plus

McAfee SiteAdvisor

Memeo AutoSync

Memeo Instant Backup

Mesh Runtime

Messenger Companion

Microsoft-invoegtoepassing Opslaan als PDF voor 2007 Microsoft Office-programma's

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft Antimalware Service NL-NL Language Pack

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Klik-en-Klaar 2010

Microsoft Office PowerPoint Viewer 2007 (Dutch)

Microsoft Office Starter 2010 - Nederlands

Microsoft Office Word Viewer 2003

Microsoft PowerPoint Viewer

Microsoft Security Client

Microsoft Security Client NL-NL Language Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MioMore Desktop 7.30

MobileMe Control Panel

Moyea FLV Player version: 2.0.2.96

Mozilla Firefox 21.0 (x86 nl)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.7 (x86 nl)

MSVCRT

MSVCRT_amd64

Multi-Card Reader & Flash Disk

MyFreeCodec

NDAS-Software 3.72.2080

Nero ControlCenter

Nero Installer

Nero MediaHome 4

Nero MediaHome 4 Essentials

Nero MediaHome 4 Help

Nero Online Upgrade

Newsoft H264 Decoder

Nitro PDF Reader

Nokia Connectivity Cable Driver

OLYMPUS CAMEDIA Master 4.2

Opera 12.15

PC Connectivity Solution

PC Tools Registry Mechanic 11.1

PCHand Media Converter Free 1.3.0.1

Picasa 3

Quickset64

QuickTime

Rapport

Roxio Burn

Safari

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Seagate Dashboard

Secunia PSI (3.0.0.4001)

Secure Eraser

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)

Ship Simulator 2006

Silvercrest OM1008 driver

Simnet UnInstaller 2011

SmartSound Quicktracks Plugin

Speccy

Spelling Dictionaries Support For Adobe Reader 9

Spotify

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

TomTom HOME

TomTom HOME Visual Studio Merge Modules

Ulead VideoStudio 11 SE DVD

Uninstall 1.0.0.1

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

VideoStudio

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

Youtube Downloader HD v. 2.2

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\prefs.js:

Added to C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\prefs.js:

Added to C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\prefs.js:

user_pref("browser.startup.homepage", "www.upc.nl/live");

Added to C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js:

Added to C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Default User\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Default User\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js:

Added to C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\SafeSearch.xml" deleted

"C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted

"C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted

"C:\Windows\Syswow64\sho437A.tmp" deleted

"C:\Windows\Syswow64\sho9BD1.tmp" deleted

"C:\Windows\Syswow64\shoA7A7.tmp" deleted

"C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default\searchplugins\SafeSearch.xml" deleted

"C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\y8x42h1d.default\searchplugins\SafeSearch.xml" deleted

"C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\searchplugins\SafeSearch.xml" deleted

"C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\default\searchplugins\SafeSearch.xml" deleted

"C:\Users\Default User\AppData\Roaming\Mozilla\Firefox\Profiles\default\searchplugins\SafeSearch.xml" deleted

"C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Mozilla\Firefox\Profiles\default\searchplugins\SafeSearch.xml" deleted

"C:\Users\Bart\AppData\Roaming\LoJackSetup.exe" deleted

"C:\Users\Bart\ctmweb.exe" deleted

"C:\Users\Bart\ntagent.exe" deleted

"C:\Users\Bart\AppData\Roaming\Temp" deleted

"C:\Program Files (x86)\Uninstall Information\ib_uninst_567" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted

"C:\Users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers" deleted

"C:\Users\Bart\AppData\Local\CRE" deleted

"C:\Users\Bart\AppData\Local\PackageAware" deleted

"C:\Windows\SysWow64\searchplugins" deleted

"C:\Windows\SysWow64\Extensions" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-07-11 11:00:41 AA87D8963C094E83D879BC2F60DAE09D 260 ------w- C:\Windows\Dit.INI

2013-07-11 11:00:41 14EAAE5F968F8CB2195AF1899080D88D 266240 ------w- C:\Windows\Dit.DLL

2013-07-11 11:00:39 B24E5AA43071071AF839783A6CF9C4AD 61440 ----a-w- C:\Windows\DitExp.exe

2013-07-11 10:59:06 99EF409FED5B34CF62A47A72000FE7BF 507 ------w- C:\Windows\ICCLR.INF

====== C:\Users\Bart\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

2013-07-11 10:08:18 BF1D2CFAE91C1E835902ECA27F8F7470 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2013-07-11 10:08:17 6A32A12A2C76B729D6485D04FCFB2175 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll

2013-07-11 10:08:15 B6A67646BD7E3A0AF2515703CBBD9A1C 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2013-07-11 10:08:14 F4A608A800C1BB6838797390CBBC1269 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2013-07-11 10:08:14 0D2F075863C2FA4F84FB95AC00B95151 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-11 10:08:13 FE29131E35902038066C924CF9C59DF8 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-07-11 10:08:13 DED7DCF831A05D21F49510EA03F8F2C5 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll

2013-07-11 10:08:10 EED047A0C528813D6AAF4F4F8B2C40C4 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-07-11 10:08:09 52F71A5790E1B6FFC34648F3B311EEE1 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-07-11 10:08:07 CB811C14C225DD07B98E676DFB0221E6 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-07-11 10:08:06 225D276C730DF08CC83EABAC407F0D75 1141248 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-07-11 10:08:03 AC9A9B64AF7005E488390E38AE00D117 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2013-07-11 10:08:02 9BF7C7654EFD098EE3A27B49492A382A 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-07-11 10:07:59 CC3FD6DEEE458D0BE9A69241E0749717 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2013-07-11 10:07:51 AF31E7D2C385F647ADFD5F5736B3BA64 14329856 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-07-11 09:49:48 56D61BE56DA22334829E14CDE6A8C1FE 1620480 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-11 09:49:47 674EB817CF6E43B7DF3EC26E06E98D98 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll

2013-07-11 09:49:28 1C0E369575F387460E2A5F28269B2CC4 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-07-11 10:08:19 C9EC09E4BF3290331C25F0D12C93CEBF 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2013-07-11 10:08:17 17B4359BB4BD72F8EB4F92B1DC4E4EB5 526336 ----a-w- C:\Windows\Sysnative\ieui.dll

2013-07-11 10:08:14 CDB7670A5C0F7D230ADC72F542D41AD8 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll

2013-07-11 10:08:14 AC127B02DD2C8FD41AC4162BA738F2ED 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll

2013-07-11 10:08:14 34EACF2330282CCABA61F8DC43F16FD5 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2013-07-11 10:08:13 6E1803473B6BCBA4C2FB31582DE12D7D 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe

2013-07-11 10:08:13 557F4ACCA6426112E28F19AAD734C971 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll

2013-07-11 10:08:12 9E0D8010D7368856617D3FE0FA5DA58F 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-07-11 10:08:10 5A41FA3CB4E47560A26B183429F41D73 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-07-11 10:08:10 4A3D82F996C5B700D42ACCA94C2B9ABD 855552 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-07-11 10:08:08 BEFD16482A3859071F563D2614EE2484 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-07-11 10:08:05 792685A9538424CC1F3FA6A816FE147C 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-07-11 10:08:03 B7B4D3A39BE24D7ABC69C06F44FCC5B1 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2013-07-11 10:08:01 FAF6EC2460AD5FBBD38D8E1AE28B0D77 2241024 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-07-11 10:07:56 391CD109EF28629644C267C855314DEE 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll

2013-07-11 10:07:55 9586EC4E1CC39CCBA26A5E7DFE774C9E 19238912 ----a-w- C:\Windows\Sysnative\mshtml.dll

2013-07-11 09:49:48 8B6CBE2FA2BAEDE2A3F5C96733481911 1887744 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL

2013-07-11 09:49:47 A3EC566925BEC505E2418C1AC14E541E 624128 ----a-w- C:\Windows\Sysnative\qedit.dll

2013-07-11 09:49:28 DD85F00EC31F77315AE992B7B0411D65 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll

2013-07-11 09:49:25 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys

====== C:\Windows\Sysnative\drivers =====

2013-06-12 17:52:47 9849EA3843A2ADBDD1497E97A85D8CAE 1910632 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys

====== C:\Windows\Tasks ======

2013-06-26 15:45:45 E7169BF52C33D1B083F40E7EF64C22EE 2762 ----a-w- C:\Windows\Sysnative\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012

2013-06-24 17:08:10 772096B1533565D97B73C65131B7AA23 3694 ----a-w- C:\Windows\Sysnative\Tasks\Adobe-online actualiseringsprogramma

2013-06-24 17:08:09 DABB44E391D3E3726A365C14BDB27809 3762 ----a-w- C:\Windows\Sysnative\Tasks\ArcSoft Connect Daemon

2013-06-15 06:49:34 0FE564B98FC4089E2E26815A80C888B7 2968 ----a-w- C:\Windows\Sysnative\Tasks\{4C08762B-BCB7-4FEC-BB18-F56B801FEB33}

2013-06-15 06:49:22 0FE564B98FC4089E2E26815A80C888B7 2968 ----a-w- C:\Windows\Sysnative\Tasks\{2067DFCE-FF33-437B-835A-5890DCB6AFFE}

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-06-13 17:11:17 -------- d-----w- C:\Program Files\iPod

2013-06-13 17:11:16 -------- d-----w- C:\Program Files\iTunes

======= C:\Program Files (x86) =====

2013-06-28 09:51:01 -------- d-----w- C:\Program Files (x86)\Mozilla Thunderbird

2013-06-13 17:11:16 -------- d-----w- C:\Program Files (x86)\iTunes

2013-06-13 17:03:49 -------- d-----w- C:\Program Files (x86)\QuickTime

======= C: =====

====== C:\Users\Bart\AppData\Roaming ======

2013-07-11 20:05:35 -------- d-----w- C:\users\Public\AppData\Local\temp

2013-07-11 20:05:35 -------- d-----w- C:\users\NeroMediaHomeUser.4\AppData\Local\temp

2013-07-11 20:05:35 -------- d-----w- C:\users\Default\AppData\Local\temp

2013-07-11 20:05:35 -------- d-----w- C:\users\Default User\AppData\Local\temp

2013-07-11 20:05:35 -------- d-----w- C:\users\AppData\AppData\Local\temp

====== C:\Users\Bart ======

2013-07-11 20:05:35 -------- d-----w- C:\Users\Public\AppData

2013-07-11 20:05:35 -------- d-----w- C:\Users\AppData\AppData

2013-07-11 11:00:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi-Card Reader & Flash Disk

2013-07-08 17:34:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2013-06-24 17:00:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp

2013-06-24 16:58:39 -------- d-----w- C:\ProgramData\AVG

2013-06-24 16:57:35 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-06-13 17:12:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2013-06-13 17:11:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-06-13 17:04:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

====== C: exe-files ==

2013-07-11 11:00:38 1AEB989E361AF85F5099DE3DA25457F4 56320 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe

2013-07-11 10:08:11 98C6F2A9A981A54222602B87C6310BDE 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-07-11 10:08:11 30E7CA4620500FE012EB464F0E1DE91E 770648 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2013-07-10 16:47:54 C3190BA6ED6220369EEEED081A14DDFC 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe

2013-07-10 16:47:54 1017788353D8349BF6086B9CDDC8CB7B 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateBroker.exe

2013-07-10 16:47:52 5F42FBCE3A8D9ED552E9852A23CA382F 800024 ----a-w- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateSetup.exe

2013-07-10 16:47:35 CA35155F6B4C4DB2513AAAA868BAFF47 324488 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exe

2013-07-10 16:47:34 09C87F376507122A5FE1CBE06E015512 239496 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe

2013-07-10 16:47:33 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdate.exe

2013-07-10 16:47:28 5F42FBCE3A8D9ED552E9852A23CA382F 800024 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.149\GoogleUpdateSetup.exe

2013-07-08 17:28:52 0E10142276BE74CF0D6E91C0140F1274 7626512 ----a-w- C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe

=== C: other files ==

2013-07-12 05:38:28 E1A2482774B313CE34F827D7F5F3A8E6 10976040 ----a-w- C:\Users\Public\Desktop\sample_12-07-2013_0738.zip

2013-07-11 11:06:24 21CA1F2CD8D5D64F07E8740E6BF1D228 38629 ----a-w- C:\ProgramData\AVG2013\IDS\quarantine\de493fdd-dc28-47d3-923f-d15cc5f14ae3.zip

2013-07-11 09:49:25 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-07-08 17:35:20 D3191AD18930121834D0BF89A7AB9568 1389145 ----a-w- C:\Program Files (x86)\AVG\AVG2013\banners\banners.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Nero MediaHome 4"="C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN"

"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"Spotify Web Helper"="C:\Users\Bart\Desktop\Toepassingen\Data\SpotifyWebHelper.exe"

"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"

"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"

"Spotify"="C:\Users\Bart\Desktop\Toepassingen\Spotify.exe /uri spotify:autostart"

@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

[HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1003\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe /m"

"KMCONFIG"="C:\Program Files (x86)\Silvercrest OM1008 driver\StartAutorun.exe KMConfig.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"SSDMonitor"="C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"

"EMET Notifier"="C:\Program Files (x86)\EMET\EMET_notifier.exe"

"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY"

"Memeo Instant Backup"="C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui"

"Memeo AutoSync"="C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent"

"Seagate Dashboard"="C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui"

"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"

"emsisoft anti-malware"="C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe /d=60"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Nero MediaHome 4"="C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN"

"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"Spotify Web Helper"="C:\Users\Bart\Desktop\Toepassingen\Data\SpotifyWebHelper.exe"

"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"

"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"

"Spotify"="C:\Users\Bart\Desktop\Toepassingen\Spotify.exe /uri spotify:autostart"

@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\DellTPad\Apoint.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"Broadcom Wireless Manager UI"="C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon"

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"ArcSoft Connection Service"="C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe"

"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

"QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

"hkey"="HKLM"

"item"="Adobe ARM"

"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]

"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

"hkey"="HKLM"

"item"="Adobe Reader Speed Launcher"

"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier]

"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe"

"hkey"="HKLM"

"item"="AppleSyncNotifier"

"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desktop Disc Tool]

"command"="\"c:\\Program Files (x86)\\Roxio\\Roxio Burn\\RoxioBurnLauncher.exe\""

"hkey"="HKLM"

"item"="Desktop Disc Tool"

"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Tray]

"command"="\"C:\\Program Files (x86)\\EASEUS\\Todo Backup\\bin\\TrayNotify.exe\""

"hkey"="HKLM"

"item"="EaseUs Tray"

"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Watch]

"command"="\"C:\\Program Files (x86)\\EASEUS\\Todo Backup\\bin\\EuWatch.exe\""

"hkey"="HKLM"

"item"="EaseUs Watch"

"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif]

"command"="C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"

"hkey"="HKLM"

"item"="IAAnotif"

"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

"hkey"="HKLM"

"item"="iTunesHelper"

"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nero MediaHome 4]

"command"="\"C:\\Program Files (x86)\\Nero\\Nero MediaHome 4\\NeroMediaHome.exe\" /AUTORUN"

"hkey"="HKLM"

"item"="Nero MediaHome 4"

"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

"hkey"="HKLM"

"item"="QuickTime Task"

"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]

"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\""

"hkey"="HKCU"

"item"="TomTomHOME.exe"

"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UVS11 Preload]

"command"="C:\\Program Files (x86)\\Ulead Systems\\Ulead VideoStudio 11 SE DVD\\uvPL.exe"

"hkey"="HKLM"

"item"="UVS11 Preload"

"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Bart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]

"backup"="C:\\Windows\\pss\\Dell Dock.lnkStartup"

"command"="C:\\Program Files (x86)\\Dell\\DellDock\\DellDock.exe "

"item"="Dell Dock"

"path"="C:\\Users\\Bart\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dell Dock.lnk"

"backupExtension"="Startup"

==== Startup Folders ======================

2010-07-04 10:25:44 2000 ----a-w- C:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

2010-07-04 10:25:44 2000 ----a-w- C:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

2012-02-28 16:08:31 2000 ----a-w- C:\users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

2012-03-18 15:16:14 2251 ----a-w- C:\users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk

2012-05-05 05:36:14 2056 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11-07-2013 10:38]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-07-2010 19:40]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-07-2010 19:40]

C:\Windows\tasks\RMAutoUpdate.job --a------ C:\Program Files (x86)\Registry Mechanic\SULauncher.exe [21-08-2012 15:44]

C:\Windows\tasks\RMSchedule.job --a------ C:\Program Files (x86)\Registry Mechanic\RegMech.exe [21-08-2012 15:43]

C:\Windows\tasks\ROC_REG_JAN_DELETE.job --a------ [undetermined Task]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\udd9yx7c.default

- Undetermined - %ProfilePath%\extensions\{72cabc40-64b2-46ed-8648-26d831761150}

ProfilePath: C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922

- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Undetermined - %AppDir%\extensions\staged

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922

0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash

ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

abdnighfgafbeighondbgepoenlnpcef - No path found[]

fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[22-05-2013 10:24]

gkeciodhggpcngbhlhiiphbhlddbaafl - No path found[]

jmfkcklnlgedgbglfkkgedjfmejoahla - No path found[]

ndibdjnfmopecpmkdieinmbadjfpblof - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[12-12-2012 19:51]

CallingID LinkAdvisor 2.0 Toolbar - Bart - Default\Extensions\abdnighfgafbeighondbgepoenlnpcef

SiteAdvisor - Bart - Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho

CallingID LinkAdvisor 2.0 - Bart - Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl

DVDVideoSoft Browser Extension - Bart - Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp

==== Chrome Fix ======================

C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef deleted successfully

C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.upc.nl/live"

"Default_Search_URL"="http://www.google.com/ie"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://www.google.com/search?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://www.google.com/ie"

"Default_Search_URL"="http://www.google.com/ie"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.upc.nl/live"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{78BABCD0-C71F-405E-9E6F-BBAAE6B92462} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta="

{8564538E-B1C7-4B8B-B8A7-DA57A7C7FA1A} Unknown Url="Not_Found"

{8A8DE9FB-091D-4EB5-BDAF-3BFF98F11202} Unknown Url="Not_Found"

{AE59E6A3-2679-4D6B-A3D0-5D31FFDCC8DE} CallingID Safe Search Url="http://search.callingid.com/search.aspx?q={searchTerms}&cx=000976018278371213697:d_pbn3nwah0&l={language}&ie={inputEncoding}&oe={outputEncoding}&cl=ie&p=bi&cid=yes"

{BE28C22E-F666-424d-B5FD-125C4AFEE34E} Zoeken Url="http://search.myheritage.com?orig=ds&q={searchTerms}"

{EB898A1F-3EC7-423C-9A3E-48BCE4242339} Secure-zoeken Url="http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}"

==== Reset Google Chrome ======================

C:\users\Bart\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully

HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully

HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully

HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully

HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully

HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8564538E-B1C7-4B8B-B8A7-DA57A7C7FA1A} deleted successfully

HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8A8DE9FB-091D-4EB5-BDAF-3BFF98F11202} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-856372219-1926774386-1365263749-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Bart\Desktop\ACSI Campinggids Europa 2011 - Snelkoppeling.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACSI Campinggids Europa 2011

C:\Users\Bart\Desktop\DELL - Snelkoppeling.lnk - \\DELL

C:\Users\Bart\Desktop\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe

C:\Users\Bart\Desktop\Free YouTube Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe

C:\Users\Bart\Desktop\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\Bart\Desktop\Browsers\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Bart\Desktop\Browsers\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Users\Bart\Desktop\Browsers\Opera.lnk - C:\Program Files (x86)\Opera\opera.exe

C:\Users\Bart\Desktop\Browsers\Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

C:\Users\Bart\Desktop\Cleaning\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Users\Bart\Desktop\Cleaning\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe

C:\Users\Bart\Desktop\Cleaning\Emsisoft Anti-Malware.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe

C:\Users\Bart\Desktop\Cleaning\FileASSASSIN.lnk - C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe

C:\Users\Bart\Desktop\Cleaning\HiJackThis.lnk - C:\Users\Bart\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\Bart\Desktop\Cleaning\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Bart\Desktop\Cleaning\McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\mcuicnt.exe SecurityScanner.dll

C:\Users\Bart\Desktop\Cleaning\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe

C:\Users\Bart\Desktop\Cleaning\PC Tools Registry Mechanic.lnk - C:\Program Files (x86)\Registry Mechanic\RegMech.exe

C:\Users\Bart\Desktop\Cleaning\Secure Eraser.lnk - C:\Program Files (x86)\ASCOMP Software\Secure Eraser\sEraser.exe

C:\Users\Bart\Desktop\Printer 250\Canon Easy-PhotoPrint EX.lnk - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE

C:\Users\Bart\Desktop\Printer 250\Canon MP Navigator EX 3.0.lnk - C:\Program Files (x86)\Canon\MP Navigator EX 3.0\mpnex30.exe

C:\Users\Bart\Desktop\Printer 250\Canon MP250 series Online handleiding.lnk - C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MP250 SERIES\Dutch\Info.egv"

C:\Users\Bart\Desktop\Printer 250\Canon My Printer.lnk - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE /dt

C:\Users\Bart\Desktop\Printer 250\Canon Solution Menu.lnk - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE

C:\Users\Bart\Desktop\Printer 250\Gebruikersregistratie voor Canon MP250 series.LNK - C:\Program Files (x86)\Canon\IJEREG\MP250 series\IJEREG.exe

C:\Users\Bart\Desktop\Printer 270\Canon Easy-PhotoPrint EX.lnk - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE

C:\Users\Bart\Desktop\Printer 270\Canon MP Navigator EX 3.0.lnk - C:\Program Files (x86)\Canon\MP Navigator EX 3.0\mpnex30.exe

C:\Users\Bart\Desktop\Printer 270\Canon MP270 series Online handleiding.lnk - C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MP270 SERIES\Dutch\Info.egv"

C:\Users\Bart\Desktop\Printer 270\Canon My Printer.lnk - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE /dt

C:\Users\Bart\Desktop\Printer 270\Canon Solution Menu.lnk - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE

C:\Users\Bart\Desktop\Printer 270\Gebruikersregistratie voor Canon MP270 series.LNK - C:\Program Files (x86)\Canon\IJEREG\MP270 series\IJEREG.exe

C:\Users\Bart\Desktop\Toepassingen\7-Zip File Manager.lnk - C:\Program Files (x86)\7-Zip\7zFM.exe

C:\Users\Bart\Desktop\Toepassingen\Adobe Digital Editions.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions\digitaleditions.exe

C:\Users\Bart\Desktop\Toepassingen\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Users\Bart\Desktop\Toepassingen\calibre - E-book management.lnk - C:\Program Files (x86)\Calibre2\calibre.exe

C:\Users\Bart\Desktop\Toepassingen\CAMEDIA Master.lnk - C:\Program Files (x86)\OLYMPUS\CAMEDIA Master 4.1\CAMEDIA Master.exe

C:\Users\Bart\Desktop\Toepassingen\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe

C:\Users\Bart\Desktop\Toepassingen\EASEUS Partition Master 9.0.0 Home Edition.lnk - C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.0.0 Home Edition\bin\epm0.exe

C:\Users\Bart\Desktop\Toepassingen\EASEUS Todo Backup Free 2.5.1.lnk - C:\Program Files (x86)\EASEUS\Todo Backup\bin\Loader.exe

C:\Users\Bart\Desktop\Toepassingen\GemistDownloader.lnk - C:\Program Files (x86)\GemistDownloader\GemistDownloader.exe

C:\Users\Bart\Desktop\Toepassingen\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe

C:\Users\Bart\Desktop\Toepassingen\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe

C:\Users\Bart\Desktop\Toepassingen\Microsoft PowerPoint Viewer .lnk - C:\Windows\Installer\{95140000-00AF-0413-0000-0000000FF1CE}\ppvwicon.exe

C:\Users\Bart\Desktop\Toepassingen\MioMore Desktop 7.30.lnk - C:\Program Files (x86)\Mio\MioMore Desktop 7.30\MioMore.exe

C:\Users\Bart\Desktop\Toepassingen\Moyea FLV Player.lnk - C:\Program Files (x86)\Moyea\FLV Player\FLV Player.exe

C:\Users\Bart\Desktop\Toepassingen\Nero MediaHome 4.lnk - C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe -ScParameter=30005

C:\Users\Bart\Desktop\Toepassingen\Nitro PDF Reader.lnk - C:\Program Files (x86)\Nitro PDF\Reader\NitroPDFReader.exe

C:\Users\Bart\Desktop\Toepassingen\PCHand Media Converter Free.lnk - C:\Program Files (x86)\PCHand\Media Converter Free\MediaConverter.exe

C:\Users\Bart\Desktop\Toepassingen\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\Bart\Desktop\Toepassingen\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe

C:\Users\Bart\Desktop\Toepassingen\Roxio - Snelkoppeling.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio

C:\Users\Bart\Desktop\Toepassingen\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite

C:\Users\Bart\Desktop\Toepassingen\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe

C:\Users\Bart\Desktop\Toepassingen\Ship Simulator 2006.lnk - C:\Program Files (x86)\Vstep\ShipSim2006\ShipSim.exe

C:\Users\Bart\Desktop\Toepassingen\Simnet UnInstaller 2011.lnk - C:\Program Files (x86)\Simnet\UnInstaller\UnInstaller.exe

C:\Users\Bart\Desktop\Toepassingen\Snelkoppeling naar photorescue.lnk - C:\Users\Bart\Desktop\Toepassingen\Photorescue\photorescue.exe

C:\Users\Bart\Desktop\Toepassingen\Speccy.lnk - C:\Program Files (x86)\Speccy\Speccy.exe

C:\Users\Bart\Desktop\Toepassingen\TomTom HOME 2.lnk - C:\Program Files (x86)\TomTom HOME 2\TomTomHOME.exe ""

C:\Users\Bart\Desktop\Toepassingen\Ulead VideoStudio 11 SE DVD.lnk - C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE DVD\vstudio.exe

C:\Users\Bart\Desktop\Toepassingen\Windows DVD Maker.lnk -

C:\Users\Bart\Desktop\Toepassingen\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe

C:\Users\Bart\Desktop\Toepassingen\Youtube Downloader HD.lnk - C:\Program Files (x86)\Youtube Downloader HD\YouTubeDownloaderHD.exe

C:\Users\Bart\Desktop\Toepassingen\Google Earth\Google Earth starten in DirectX-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX

C:\Users\Bart\Desktop\Toepassingen\Google Earth\Google Earth starten in OpenGL-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setOGL

C:\Users\Bart\Desktop\Toepassingen\Google Earth\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe

C:\Users\Bart\Desktop\VAN STICK\Windows Easy Transfer.lnk - C:\Users\Bart\Desktop\VAN STICK\Windows Easy Transfer\x86\MigSetup.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AVG 1-klik Onderhoud.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe

C:\Users\Public\Desktop\AVG PC TuneUp.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe

C:\Users\Public\Desktop\CardRecovery.lnk - C:\Program Files (x86)\CardRecovery\CardRecovery.exe

C:\Users\Public\Desktop\FastStone Photo Resizer.lnk - C:\Program Files (x86)\FastStone Photo Resizer\FSResizer.exe

C:\Users\Public\Desktop\Seagate Dashboard.lnk - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe

C:\Users\Public\Desktop\WebCam Companion 3.lnk - C:\Program Files (x86)\ArcSoft\WebCam Companion 3\uWebCam.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\AVG PC TuneUp.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Help AVG PC TuneUp.lnk - C:\ProgramData\AVG\AWL2012\nl-NL\main_vista_7.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG 1-klik Onderhoud.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Disk Doctor.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DiskDoctor.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Disk Space Explorer.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DiskExplorer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Drive Defrag.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DriveDefrag.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Economy-modus.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\EnergyOptimizer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Gain Disk Space.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe /gaindiskspace

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Live-optimalisatie.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SettingCenter.exe /live

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Process Manager.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\ProcessManager.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Program Deactivator.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\ProgramDeactivator.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Registry Cleaner.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RegistryCleaner.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Registry Defrag.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RegistryDefrag.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Registry Editor.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RegistryEditor.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Repair Wizard.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RepairWizard.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Rescue Center.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RescueCenter.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Setting Center.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SettingCenter.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Shortcut Cleaner.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\ShortcutCleaner.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Shredder.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Shredder.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG StartUp Manager.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\StartUpManager.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG StartUp Optimizer.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\StartupOptimizer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Styler.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Styler.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG System Control.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SystemControl.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG System Information.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SystemInformation.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Undelete.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Undelete.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Uninstall Manager.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\UninstallManager.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG Update Wizard.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\UpdateWizard.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp\Alle functies\AVG-optimalisatierapport.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Report.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files (x86)\CCleaner\uninst.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\Silverlight.Configuration.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi-Card Reader & Flash Disk\Uninstall Multi-Card Reader & Flash Disk.lnk - C:\Program Files (x86)\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe -wShortCut

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Over QuickTime.lnk - C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\RichText.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk - C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\PictureViewer.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime deïnstalleren.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\QTPlayer.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport\Rapport Console.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -config

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport\Rapport starten.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -userstart

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport\Rapport stoppen.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -shutdown

==== shortcuts in Quick Launch ======================

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions\digitaleditions.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Moyea FLV Player.lnk - C:\Program Files (x86)\Moyea\FLV Player\FLV Player.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG PC TuneUp.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Nero MediaHome 4.lnk - C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe -ScParameter=30005

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera11.50 1074.lnk - C:\Program Files (x86)\Opera\opera.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Secunia PSI.lnk - C:\Program Files (x86)\Secunia\PSI\psi.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk - C:\Users\Bart\Desktop\Toepassingen\spotify.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Moyea FLV Player.lnk - C:\Program Files (x86)\Moyea\FLV Player\FLV Player.exe

C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\abdnighfgafbeighondbgepoenlnpcef deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Bart\AppData\Local\Mozilla\Firefox\Profiles\zuc5ciyr.default-1371095820922\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Bart\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Bart\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on vr 12-07-2013 at 8:01:27,54 ======================

Vriendelijke groet

BJHM