Startpagina wijzigen lukt niet meer

[Lelt]

Hallo allemaal,

Ik heb vanmiddag een update van BitTorrent gedaan. Sindsdien heb ik als startpagina Zoeken.

Ik krijg het niet meer gewijzigd bij de instellingen.

Ik neem aan dat dit spyware is, zou iemand mij kunnen helpen.

Met vriendelijke groet,

Jelle Klaver

[Jion]

Hoi Jelle,

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• 
  
• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• 
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

[Lelt]

Bij deze:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Jelle at 2013-09-16 14:54:21

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 3 GB (3%) free of 122 GB

Total RAM: 4007 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:54:36, on 16-9-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16506)

Boot mode: Normal

Running processes:

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE

C:\Program Files (x86)\F-Secure\fshoster32.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Users\Jelle\AppData\Roaming\BitTorrent\BitTorrent.exe

C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe

C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe

C:\Games\World_of_Tanks\WorldOfTanks.exe

C:\Program Files\trend micro\Jelle.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll

O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll

O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

O4 - HKLM\..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure Hoster (54599)] "C:\Program Files (x86)\F-Secure\fshoster32.exe" -app -hosterid:1

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll C:\Windows\SysWOW64\nvinit.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\fshoster32.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12648 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Windows\system32\FBAgent.exe"

"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"

C:\Windows\system32\WLANExt.exe 19804272

\??\C:\Windows\system32\conhost.exe "-74106357870191674515321672742096358033143543600015492312351389847361325462441

"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"

C:\Windows\system32\nvvsvc.exe -session -first

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files\Bonjour\mDNSResponder.exe"

"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\F-Secure\fshoster32.exe" -hosterid:0

"C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe"

"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"

"C:\Windows\AsScrPro.exe"

taskeng.exe {E3503FC8-BE05-40B9-AA9F-BE18A032AF4D}

"C:\Program Files\P4G\BatteryLife.exe"

taskeng.exe {86F9D762-F888-4065-BB83-81620C8D1609}

"C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE" /service /stopevent=712 /ipcexch=964

"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"

"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"

C:\Windows\SysWOW64\PnkBstrA.exe

"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"

ATKOSD.exe

"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

"C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe"

"C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3

"C:\Program Files\Elantech\ETDCtrl.exe"

"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

KBFiltr.exe

"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"

"C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe"

WDC.exe

"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

"C:\Program Files\Intel\TurboBoost\TurboBoost.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

"C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe"

"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"

"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"

"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

"C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash

"C:\Program Files (x86)\F-Secure\fshoster32.exe" -app -hosterid:1

"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"

WLIDSvcM.exe 3816

"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1

"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files\Elantech\ETDCtrlHelper.exe"

"C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE"

"C:\Program Files\iPod\bin\iPodService.exe"

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

oid 1.3.6.1.4.1.2213.11.1.27.64 HosterGroupType 0

"C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe" 3 928 912 936

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE" "Microsoft Excel Starter 2010 9014006604130000"

"C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe" /start IDLE_APP_EVENT_{90140011-0066-0413-0000-0000000FF1CE}

"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

BitTorrent.exe /NOINSTALL /BRINGTOFRONT /BRINGTOFRONT

C:\Windows\system32\wbem\wmiprvse.exe

C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe

"C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe"

"C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe"

"C:\Games\World_of_Tanks\WorldOfTanks.exe" wot_wait_for_mutex

"C:\Program Files\Internet Explorer\iexplore.exe"

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4848 CREDAT:203009

C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_174_ActiveX.exe -Embedding

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2521610771-4007929080-1142802741-100182_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2521610771-4007929080-1142802741-100182 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"

"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4848 CREDAT:334081

"C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJIC3XJR\RSITx64.exe"

C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\Scheduled scanning task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-11 553384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-11 210856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

Babylon toolbar helper - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll [2012-08-23 264192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]

Funmoods Helper Object - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll [2012-09-03 243664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-16 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-16 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll [2012-08-23 288256]

{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - Funmoods Toolbar - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll [2012-09-03 251856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-05-17 2226280]

"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2011-04-12 2589992]

"IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-05-02 1935120]

"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-10-10 171040]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-10-10 399392]

"Persistence"=C:\Windows\system32\igfxpers.exe [2012-10-10 441888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]

C:\Windows\AsScrPro.exe [2011-10-10 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-05-17 11855976]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"=C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [2008-11-03 328992]

"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2011-04-13 2018032]

"ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [2011-02-23 731472]

"SonicMasterTray"=C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [2010-07-10 984400]

"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 5732992]

"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]

"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]

"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-09-24 1601536]

"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

"F-Secure Manager"=C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [2012-10-18 310992]

"F-Secure Hoster (54599)"=C:\Program Files (x86)\F-Secure\fshoster32.exe [2012-11-26 183864]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-05-31 152392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2012-10-10 441856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=0

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-09-16 14:54:22 ----D---- C:\Program Files\trend micro

2013-09-16 14:54:21 ----D---- C:\rsit

2013-09-16 13:58:42 ----D---- C:\Program Files (x86)\SearchProtect

2013-09-13 03:28:23 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2013-09-13 03:28:23 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2013-09-13 03:28:23 ----A---- C:\Windows\system32\mshtmled.dll

2013-09-13 03:28:21 ----A---- C:\Windows\SYSWOW64\wininet.dll

2013-09-13 03:28:21 ----A---- C:\Windows\SYSWOW64\url.dll

2013-09-13 03:28:21 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2013-09-13 03:28:21 ----A---- C:\Windows\SYSWOW64\ieui.dll

2013-09-13 03:28:21 ----A---- C:\Windows\system32\wininet.dll

2013-09-13 03:28:21 ----A---- C:\Windows\system32\ieUnatt.exe

2013-09-13 03:28:21 ----A---- C:\Windows\system32\ieui.dll

2013-09-13 03:28:20 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2013-09-13 03:28:20 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2013-09-13 03:28:20 ----A---- C:\Windows\system32\urlmon.dll

2013-09-13 03:28:20 ----A---- C:\Windows\system32\url.dll

2013-09-13 03:28:20 ----A---- C:\Windows\system32\msfeeds.dll

2013-09-13 03:28:20 ----A---- C:\Windows\system32\jsproxy.dll

2013-09-13 03:28:19 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2013-09-13 03:28:19 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2013-09-13 03:28:19 ----A---- C:\Windows\SYSWOW64\jscript.dll

2013-09-13 03:28:19 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2013-09-13 03:28:19 ----A---- C:\Windows\system32\vbscript.dll

2013-09-13 03:28:19 ----A---- C:\Windows\system32\jscript9.dll

2013-09-13 03:28:19 ----A---- C:\Windows\system32\jscript.dll

2013-09-13 03:28:19 ----A---- C:\Windows\system32\iertutil.dll

2013-09-13 03:28:17 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2013-09-13 03:28:17 ----A---- C:\Windows\system32\mshtml.dll

2013-09-13 03:28:16 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2013-09-13 03:28:16 ----A---- C:\Windows\system32\ieframe.dll

2013-09-12 23:42:31 ----D---- C:\Users\Jelle\AppData\Roaming\{90140011-0066-0413-0000-0000000FF1CE}

2013-09-12 23:42:25 ----D---- C:\ProgramData\Virtualized Applications

2013-09-12 20:06:00 ----D---- C:\Program Files (x86)\S.W.A.T. 4

2013-09-12 18:46:19 ----A---- C:\Windows\system32\drivers\ataport.sys

2013-09-12 18:46:02 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2013-09-12 18:46:01 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2013-09-12 18:46:00 ----A---- C:\Windows\SYSWOW64\ntdll.dll

2013-09-12 18:46:00 ----A---- C:\Windows\system32\ntoskrnl.exe

2013-09-12 18:46:00 ----A---- C:\Windows\system32\ntdll.dll

2013-09-12 18:46:00 ----A---- C:\Windows\system32\KernelBase.dll

2013-09-12 18:45:59 ----A---- C:\Windows\SYSWOW64\KernelBase.dll

2013-09-12 18:45:59 ----A---- C:\Windows\SYSWOW64\kernel32.dll

2013-09-12 18:45:59 ----A---- C:\Windows\system32\wow64win.dll

2013-09-12 18:45:59 ----A---- C:\Windows\system32\wow64cpu.dll

2013-09-12 18:45:59 ----A---- C:\Windows\system32\wow64.dll

2013-09-12 18:45:59 ----A---- C:\Windows\system32\winsrv.dll

2013-09-12 18:45:59 ----A---- C:\Windows\system32\smss.exe

2013-09-12 18:45:59 ----A---- C:\Windows\system32\kernel32.dll

2013-09-12 18:45:59 ----A---- C:\Windows\system32\csrsrv.dll

2013-09-12 18:45:59 ----A---- C:\Windows\system32\conhost.exe

2013-09-12 18:45:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 18:45:58 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-12 18:45:58 ----A---- C:\Windows\SYSWOW64\wow32.dll

2013-09-12 18:45:58 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll

2013-09-12 18:45:58 ----A---- C:\Windows\system32\ntvdm64.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 18:45:57 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 18:45:56 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 18:45:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-12 18:45:55 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-12 18:45:55 ----A---- C:\Windows\SYSWOW64\setup16.exe

2013-09-12 18:45:55 ----A---- C:\Windows\SYSWOW64\instnm.exe

2013-09-12 18:45:55 ----A---- C:\Windows\SYSWOW64\apisetschema.dll

2013-09-12 18:45:55 ----A---- C:\Windows\system32\apisetschema.dll

2013-09-12 18:45:54 ----A---- C:\Windows\SYSWOW64\user.exe

2013-09-12 18:45:52 ----A---- C:\Windows\system32\win32k.sys

2013-09-12 18:45:43 ----A---- C:\Windows\system32\shell32.dll

2013-09-12 18:45:41 ----A---- C:\Windows\SYSWOW64\shell32.dll

2013-09-12 18:45:40 ----A---- C:\Windows\SYSWOW64\shdocvw.dll

2013-09-12 18:45:40 ----A---- C:\Windows\system32\shdocvw.dll

2013-09-11 23:23:43 ----A---- C:\Windows\system32\javaws.exe

2013-09-11 23:23:39 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll

2013-09-11 23:23:39 ----A---- C:\Windows\system32\javaw.exe

2013-09-11 23:23:39 ----A---- C:\Windows\system32\java.exe

2013-09-11 23:23:34 ----D---- C:\Program Files\Java

2013-08-19 14:32:00 ----A---- C:\ProgramData\IpodRescue.ini

2013-08-19 14:18:27 ----D---- C:\ProgramData\WindSolutions

======List of files/folders modified in the last 1 month======

2013-09-16 14:54:36 ----D---- C:\Windows\Prefetch

2013-09-16 14:54:34 ----D---- C:\Users\Jelle\AppData\Roaming\BitTorrent

2013-09-16 14:54:22 ----RD---- C:\Program Files

2013-09-16 14:50:32 ----D---- C:\Windows\Temp

2013-09-16 13:58:42 ----RD---- C:\Program Files (x86)

2013-09-16 11:56:31 ----D---- C:\Windows\system32\config

2013-09-15 16:20:19 ----D---- C:\Windows\rescache

2013-09-15 00:22:59 ----D---- C:\Windows\system32\Tasks

2013-09-15 00:22:18 ----D---- C:\Windows\SysWOW64

2013-09-13 20:29:25 ----D---- C:\Users\Jelle\AppData\Roaming\vlc

2013-09-13 20:08:10 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2013-09-13 11:58:58 ----D---- C:\Windows\Microsoft.NET

2013-09-13 11:58:41 ----RSD---- C:\Windows\assembly

2013-09-13 11:30:56 ----A---- C:\Windows\system32\acovcnt.exe

2013-09-13 11:30:48 ----D---- C:\Windows\winsxs

2013-09-13 11:29:41 ----SHD---- C:\Config.Msi

2013-09-13 04:03:57 ----D---- C:\Program Files (x86)\Internet Explorer

2013-09-13 04:03:56 ----D---- C:\Windows\SYSWOW64\migration

2013-09-13 04:03:55 ----D---- C:\Windows\system32\migration

2013-09-13 04:03:55 ----D---- C:\Windows\System32

2013-09-13 04:03:54 ----D---- C:\Program Files\Internet Explorer

2013-09-13 04:03:47 ----D---- C:\Windows\AppPatch

2013-09-13 04:03:43 ----D---- C:\Windows\SYSWOW64\nl-NL

2013-09-13 04:03:43 ----D---- C:\Windows\system32\nl-NL

2013-09-13 04:03:41 ----D---- C:\Windows\system32\DriverStore

2013-09-13 04:03:41 ----D---- C:\Windows\system32\drivers

2013-09-13 04:03:11 ----D---- C:\Users\Jelle\AppData\Roaming\SoftGrid Client

2013-09-13 03:33:38 ----SHD---- C:\Windows\Installer

2013-09-13 03:33:35 ----D---- C:\Windows\inf

2013-09-13 03:33:35 ----D---- C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-09-13 03:33:35 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

2013-09-13 03:30:28 ----D---- C:\Windows\system32\MRT

2013-09-13 03:30:24 ----A---- C:\Windows\system32\MRT.exe

2013-09-13 03:29:26 ----D---- C:\Windows\system32\catroot

2013-09-13 03:29:25 ----D---- C:\Windows\system32\catroot2

2013-09-13 03:27:52 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-09-13 03:00:43 ----SHD---- C:\System Volume Information

2013-09-12 23:42:25 ----HD---- C:\ProgramData

2013-09-11 23:45:50 ----D---- C:\Windows

2013-09-11 23:40:55 ----D---- C:\Windows\Downloaded Program Files

2013-09-11 23:23:35 ----A---- C:\Windows\system32\npDeployJava1.dll

2013-09-11 23:23:35 ----A---- C:\Windows\system32\deployJava1.dll

2013-09-11 23:18:55 ----D---- C:\Windows\Logs

2013-08-29 02:06:35 ----D---- C:\Users\Jelle\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fsbts;fsbts; C:\Windows\system32\Drivers\fsbts.sys [2012-09-27 56016]

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-09-13 437272]

R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-01-11 834544]

R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2013-06-28 68928]

R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2012-10-18 14032]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-04-17 13832]

R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]

R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]

R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2011-04-12 142632]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2013-07-10 202176]

R3 fsni;fsni; \??\C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [2013-01-30 71680]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-10-10 5343584]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-05-17 2872680]

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]

R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]

R3 MEIx64;Intel® Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]

R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]

R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]

R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]

R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]

S3 aumgeren;aumgeren; C:\Windows\system32\drivers\aumgeren.sys []

S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]

S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]

S3 fsccsys1348774309;F-Secure Content Control Driver; \??\C:\Windows\System32\drivers\fsccsys.sys [2012-09-28 58424]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]

S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []

S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []

S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2010-08-03 290920]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]

S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]

S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2011-03-04 379520]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]

R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]

R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 CltMngSvc;Search Protect by Conduit Service; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2013-09-01 1736024]

R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-05-02 1517328]

R2 fshoster;F-Secure Dll Hoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [2012-11-26 183864]

R2 FSORSPClient;F-Secure ORSP Client; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [2013-06-28 60352]

R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 891240]

R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-05-31 75136]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-05-02 844560]

R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]

R3 FSMA;FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [2012-10-18 208592]

R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-05-31 641352]

R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13 257416]

S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-10-10 277024]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

[Jion]

Download Zoek.zip naar het bureaublad.

• 
  
• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

C:\Program Files (x86)\SearchProtect;fs
{2EECD738-5844-4a99-B4B6-146BF802613B};c
C:\Program Files (x86)\BabylonToolbar;fs
{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7};c
C:\PROGRA~2\Funmoods;fs
{98889811-442D-49dd-99D7-DC866BE87DBC};c
{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3};c
CltMngSvc;s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
autoclean;
startupall; 
filesrcm;

• 
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[Lelt]

Ik zat net nog even bij het configuratiescherm te kijken en daar stond een programmatje tussen wat ik niet kende. Denk ik meegekomen met Bittorrent. Misschien heb ik per ongeluk iets aangevinkt laten staan en heeft ie het geinstaleerd. Ik heb het verwijderd en het probleem is verholpen. Toch bedankt voor je hulp!

[Jion]

Ik wil je niet teleurstellen, maar er is wel wat meer aan de hand dan dat ene malafide programmatje.

Indien we daar niets aan doen, mag je binnen de kortste keren terug een topic starten in de malware sectie.

Ik raad je daarom ook aan om bovenstaande instructie toch uit te voeren (+ de eventueel daarop volgende)

[Lelt]

Heb het vannochtend gedaan.

Zoek.exe Version 4.0.0.4 Updated 14-September-2013

Tool run by Jelle on di 17-09-2013 at 7:37:33,87.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Jelle\Desktop\zoek.exe [script inserted]

==== System Restore Info ======================

17-9-2013 7:39:44 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6D0917B1-3DEA-ADAA-E81D-4C13A5DF99D2} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} deleted successfully

HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default

---- Lines BabylonToolbar removed from prefs.js ----

user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112546");

user_pref("extensions.BabylonToolbar_i.hardId", "2484ebdd00000000000078929c3b9233");

user_pref("extensions.BabylonToolbar_i.id", "2484ebdd00000000000078929c3b9233");

user_pref("extensions.BabylonToolbar_i.instlDay", "15452");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "Babylon Search");

user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");

user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:38:40");

user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

---- Lines BabylonToolbar modified from prefs.js ----

---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar_i.id", "2484ebdd00000000000078929c3b9233");

user_pref("extensions.BabylonToolbar_i.hardId", "2484ebdd00000000000078929c3b9233");

user_pref("extensions.BabylonToolbar_i.instlDay", "15452");

user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "Babylon Search=");

user_pref("extensions.BabylonToolbar.id", "2484ebdd00000000000078929c3b9233");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.instlDay", "15586");

user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1219:24:31");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar.tlbrId", "base");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=115300&tt=3612_8");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");

---- Lines incredibar removed from prefs.js ----

user_pref("extensions.incredibar_i.aflt", "orgnl");

user_pref("extensions.incredibar_i.dfltLng", "");

user_pref("extensions.incredibar_i.did", "10643");

user_pref("extensions.incredibar_i.excTlbr", false);

user_pref("extensions.incredibar_i.id", "2484ebdd00000000000078929c3b9233");

user_pref("extensions.incredibar_i.installerproductid", "26");

user_pref("extensions.incredibar_i.instlDay", "15453");

user_pref("extensions.incredibar_i.instlRef", "");

user_pref("extensions.incredibar_i.ms_url_id", "");

user_pref("extensions.incredibar_i.newTab", false);

user_pref("extensions.incredibar_i.ppd", "1");

user_pref("extensions.incredibar_i.prdct", "incredibar");

user_pref("extensions.incredibar_i.productid", "26");

user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

user_pref("extensions.incredibar_i.smplGrp", "none");

user_pref("extensions.incredibar_i.tlbrId", "base");

user_pref("extensions.incredibar_i.tlbrSrchUrl", "MyStart by IncrediBar.com=");

user_pref("extensions.incredibar_i.upn2", "6PQviIdum7");

user_pref("extensions.incredibar_i.upn2n", "92542766573001643");

user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1423:17:58");

user_pref("keyword.URL", "MyStart by IncrediBar.com=");

---- Lines incredibar modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"litmus-ff@f-secure.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\F-Secure\\\\NRS\\\\litmus-ff@f-secure.com\",\"mtime\":1335181585449}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1335216453580}}},{\"name\":\"winreg-app-user\",\"addons\":{\"mozillaextension@somud.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\SoMud\\\\scripts\\\\mozilla\",\"mtime\":1336058310621}}},{\"name\":\"app-profile\",\"addons\":{\"4f9059cb1cd04@4f9059cb1cd05.info\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\4f9059cb1cd04@4f9059cb1cd05.info\",\"mtime\":1335196976724},\"ffxtlbr@incredibar.com\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\ffxtlbr@incredibar.com\",\"mtime\":1335215877984},\"{3628D7BD-FD0D-47b8-8C8B-865CEB7DD779}\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\{3628D7BD-FD0D-47b8-8C8B-865CEB7DD779}.xpi\",\"mtime\":1335299035451},\"{75656794-AB59-4712-BFBC-5D816D56F3BC}\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\{75656794-AB59-4712-BFBC-5D816D56F3BC}\",\"mtime\":1335219032694},\"{7F23E3F4-F72E-4f4f-8761-854C8942708F}\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi\",\"mtime\":1328039380000},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1335196004287}}}]");

---- Lines incredibar removed from user.js ----

user_pref("extensions.incredibar_i.newTab", false);

user_pref("extensions.incredibar_i.tlbrSrchUrl", "MyStart by IncrediBar.com=");

user_pref("extensions.incredibar_i.id", "2484ebdd00000000000078929c3b9233");

user_pref("extensions.incredibar_i.instlDay", "15453");

user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1423:17:58");

user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

user_pref("extensions.incredibar_i.prdct", "incredibar");

user_pref("extensions.incredibar_i.aflt", "orgnl");

user_pref("extensions.incredibar_i.smplGrp", "none");

user_pref("extensions.incredibar_i.tlbrId", "base");

user_pref("extensions.incredibar_i.instlRef", "");

user_pref("extensions.incredibar_i.dfltLng", "");

user_pref("extensions.incredibar_i.excTlbr", false);

user_pref("extensions.incredibar_i.ms_url_id", "");

user_pref("extensions.incredibar_i.upn2", "6PQviIdum7");

user_pref("extensions.incredibar_i.upn2n", "92542766573001643");

user_pref("extensions.incredibar_i.productid", "26");

user_pref("extensions.incredibar_i.installerproductid", "26");

user_pref("extensions.incredibar_i.did", "10643");

user_pref("extensions.incredibar_i.ppd", "1");

---- Lines funmoods removed from prefs.js ----

user_pref("browser.startup.homepage", "Funmoods Search");

---- Lines funmoods modified from prefs.js ----

---- Lines funmoods removed from user.js ----

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hmpgUrl", "Funmoods Search");

user_pref("extensions.funmoods.dfltSrch", true);

user_pref("extensions.funmoods.srchPrvdr", "Search");

user_pref("extensions.funmoods.dnsErr", true);

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods.newTabUrl", "Funmoods Search");

user_pref("extensions.funmoods.tlbrSrchUrl", "Funmoods Search=");

user_pref("extensions.funmoods.id", "78929C3B9233EBDD");

user_pref("extensions.funmoods.instlDay", "15586");

user_pref("extensions.funmoods.vrsn", "1.5.23.22");

user_pref("extensions.funmoods.vrsni", "1.5.23.22");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:26:28");

user_pref("extensions.funmoods.prtnrId", "funmoods");

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.aflt", "ironpub");

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods.tlbrId", "base");

user_pref("extensions.funmoods.instlRef", "ironpub");

user_pref("extensions.funmoods.dfltLng", "");

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.autoRvrt", false);

user_pref("extensions.funmoods.envrmnt", "production");

user_pref("extensions.funmoods.isdcmntcmplt", true);

user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

---- Lines mystart removed from prefs.js ----

user_pref("backup.old.browser.search.defaultenginename", "MyStart Search");

---- Lines mystart modified from prefs.js ----

---- Lines Search removed from prefs.js ----

user_pref("browser.search.order.1", "Search the web (Babylon)");

---- Lines Search modified from prefs.js ----

---- Lines 75656794-AB59-4712-BFBC-5D816D56F3BC removed from prefs.js ----

---- Lines 75656794-AB59-4712-BFBC-5D816D56F3BC modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"litmus-ff@f-secure.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\F-Secure\\\\NRS\\\\litmus-ff@f-secure.com\",\"mtime\":1335181585449}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1335216453580}}},{\"name\":\"winreg-app-user\",\"addons\":{\"mozillaextension@somud.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\SoMud\\\\scripts\\\\mozilla\",\"mtime\":1336058310621}}},{\"name\":\"app-profile\",\"addons\":{\"4f9059cb1cd04@4f9059cb1cd05.info\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\4f9059cb1cd04@4f9059cb1cd05.info\",\"mtime\":1335196976724},\"ffxtlbr@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\ffxtlbr@disabled.com\",\"mtime\":1335215877984},\"{3628D7BD-FD0D-47b8-8C8B-865CEB7DD779}\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\{3628D7BD-FD0D-47b8-8C8B-865CEB7DD779}.xpi\",\"mtime\":1335299035451},\"{75656794-AB59-4712-BFBC-5D816D56F3BC}\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\{75656794-AB59-4712-BFBC-5D816D56F3BC}\",\"mtime\":1335219032694},\"{7F23E3F4-F72E-4f4f-8761-854C8942708F}\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi\",\"mtime\":1328039380000},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1335196004287}}}]");

---- Lines crossrider removed from prefs.js ----

user_pref("extensions.crossriderapp3491.adsOldValue", -1);

---- Lines crossrider modified from prefs.js ----

---- Lines EEE6C361-6118-11DC-9C72-001320C79847 removed from prefs.js ----

---- Lines EEE6C361-6118-11DC-9C72-001320C79847 modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"litmus-ff@f-secure.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\F-Secure\\\\NRS\\\\litmus-ff@f-secure.com\",\"mtime\":1335181585449}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1335216453580}}},{\"name\":\"winreg-app-user\",\"addons\":{\"mozillaextension@somud.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\SoMud\\\\scripts\\\\mozilla\",\"mtime\":1336058310621}}},{\"name\":\"app-profile\",\"addons\":{\"4f9059cb1cd04@4f9059cb1cd05.info\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\4f9059cb1cd04@4f9059cb1cd05.info\",\"mtime\":1335196976724},\"ffxtlbr@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\ffxtlbr@disabled.com\",\"mtime\":1335215877984},\"{3628D7BD-FD0D-47b8-8C8B-865CEB7DD779}\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\{3628D7BD-FD0D-47b8-8C8B-865CEB7DD779}.xpi\",\"mtime\":1335299035451},\"{disabled}\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\{disabled}\",\"mtime\":1335219032694},\"{7F23E3F4-F72E-4f4f-8761-854C8942708F}\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi\",\"mtime\":1328039380000},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\Jelle\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tw93kk1w.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1335196004287}}}]");

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 1);

---- Lines browser.startup.page modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

user_17-09-2013_0744_.backup

prefs_17-09-2013_0744_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

"C:\Users\Jelle\AppData\Local\{123AC1EC-B2AD-4B1A-8CD9-044D7FD4AE4C}" deleted

"C:\Users\Jelle\AppData\Local\{24B938F5-D25F-4212-ACBB-0DCF1DEA01AB}" deleted

"C:\Users\Jelle\AppData\Local\{2BAA16B8-E12D-469D-80A0-611BBE8CA327}" deleted

"C:\Users\Jelle\AppData\Local\{AE7C58CA-8DA4-4330-97F9-FD9FC4323A33}" deleted

"C:\Users\Jelle\AppData\Local\{D221B4C3-9EA2-41F1-9873-C881D2222E7D}" deleted

"C:\Users\Jelle\AppData\Local\{DB81B860-F854-4376-833D-D4DEEDEF1D03}" deleted

"C:\user.js" deleted

"C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\searchplugins\MyStart Search.xml" deleted

"C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi" deleted

"C:\Program Files (x86)\GUTA739.tmp" deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted

"C:\Users\Jelle\AppData\Local\funmoods-speeddial.crx" deleted

"C:\Users\Jelle\AppData\Local\funmoods.crx" deleted

"C:\user.js" deleted

"C:\Windows\Syswow64\sho2410.tmp" deleted

"C:\Windows\Syswow64\sho5D7B.tmp" deleted

"C:\Windows\Syswow64\sho60F5.tmp" deleted

"C:\Windows\Syswow64\shoB60A.tmp" deleted

"C:\Windows\Syswow64\shoD6CF.tmp" deleted

"C:\Windows\Syswow64\shoF0B4.tmp" deleted

"C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\searchplugins\MyStart Search.xml" deleted

"C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\searchplugins\Search.xml" deleted

"C:\Users\Jelle\AppData\Roaming\Samsung" deleted

"C:\Program Files (x86)\SearchProtect" deleted

"C:\Program Files (x86)\BabylonToolbar" deleted

"C:\PROGRA~2\Funmoods" deleted

"C:\Program Files (x86)\GUMA738.tmp" deleted

"C:\Program Files (x86)\BabylonToolbar" deleted

"C:\Program Files (x86)\SearchProtect" deleted

"C:\Program Files (x86)\Funmoods" deleted

"C:\Program Files (x86)\Conduit" deleted

"C:\found.000" deleted

"C:\Users\Jelle\AppData\Roaming\Babylon" deleted

"C:\Users\Jelle\AppData\Roaming\BabylonToolbar" deleted

"C:\ProgramData\Browser Manager" deleted

"C:\ProgramData\StarApp" deleted

"C:\ProgramData\ADDICT-THING" deleted

"C:\ProgramData\Partner" deleted

"C:\ProgramData\boost_interprocess" deleted

"C:\ProgramData\APSuggestor" deleted

"C:\ProgramData\InstallMate" deleted

"C:\ProgramData\Premium" deleted

"C:\ProgramData\Babylon" deleted

"C:\Users\Jelle\AppData\Local\Ilivid Player" deleted

"C:\Users\Jelle\AppData\Local\CRE" deleted

"C:\Users\Jelle\AppData\Local\Conduit" deleted

"C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}" deleted

"C:\Users\Administrator\AppData\LocalLow\BabylonToolbar" deleted

"C:\Users\Administrator\AppData\LocalLow\Funmoods" deleted

"C:\Users\Jelle\AppData\LocalLow\BittorrentBar_NL" deleted

"C:\Users\Jelle\AppData\LocalLow\DataMngr" deleted

"C:\Users\Jelle\AppData\LocalLow\Conduit" deleted

"C:\Users\Jelle\AppData\LocalLow\Toolbar4" deleted

"C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\extensions\ffxtlbr@babylon.com" deleted

"C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\koyotesofttoolbarnew" deleted

"C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\extensions\ffxtlbr@incredibar.com" deleted

"C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\extensions\ffxtlbr@funmoods.com" deleted

"C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}" deleted

"C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\extensions\crossriderapp3491@crossrider.com" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Jelle\AppData\Local\Temp ====

2013-09-16 11:58:37 9FB9D49C2DB7EDD1084AB765D619F5C6 66368 ----a-w- C:\Users\Jelle\AppData\Local\Temp\utt777C.tmp.exe

2013-09-16 11:57:46 B3226558386FDAA192A3412B175363E2 1127000 ----a-w- C:\Users\Jelle\AppData\Local\Temp\uttB48B.tmp.exe

2013-09-13 19:46:30 CC5769E40529D19494325AEC7939304D 24744 ----a-w- C:\Users\Jelle\AppData\Local\Temp\SIntfNT.dll

2013-09-13 19:46:30 C40527C6EEA07741FE4F534E7BDEAC62 20016 ----a-w- C:\Users\Jelle\AppData\Local\Temp\SIntf32.dll

2013-09-13 19:46:30 7DB4F105F12A2B4D7EEE292A13078F14 12305 ----a-w- C:\Users\Jelle\AppData\Local\Temp\SIntf16.dll

====== Java Cache =====

2013-08-31 09:28:30 3989AE70716DCDCF58139D0C2222E548 600 ----a-w- C:\Users\Jelle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\f139258-775cd47b

2013-09-11 21:24:23 581BE739266C1901E6AE268C34DBA438 6180 ----a-w- C:\Users\Jelle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\46b1c29b-653308e3

2013-08-31 09:28:47 5282387F4ABAF06C63F0E44315E1C12C 106666 ----a-w- C:\Users\Jelle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\671922de-226cd9c0

2013-09-11 21:24:23 7F5135B0644F36A9791B615B0993C6EC 651 ----a-w- C:\Users\Jelle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\1ef0b265-369e33bf

2013-09-12 19:04:36 744D827EE5B57267348AEB8EB39760A0 557 ----a-w- C:\Users\Jelle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3aab322a-10486c83

2013-09-11 21:24:27 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Jelle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\14a148ef-29132a67

2013-09-10 02:12:18 2BD4DE9702150E1E9490BA3A7E218A13 579 ----a-w- C:\Users\Jelle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\66bf3131-6bc38190

====== C:\Windows\SysWOW64 =====

2013-09-13 01:28:23 24BEF006E8A79457172084FD24395509 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2013-09-13 01:28:23 1416E2CBA99B8B85F7007DF8D4FBE347 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2013-09-13 01:28:23 0381DAD42485BBC0B2BEF9DC163086FE 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2013-09-13 01:28:21 90270F2060EB2F6F1C1C7A3DB6DC941F 231936 ----a-w- C:\Windows\SysWOW64\url.dll

2013-09-13 01:28:21 7610640A56A5D1599EA5841B65103CFA 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll

2013-09-13 01:28:21 5062CDE3660C96ADC4A1702AA13D972A 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2013-09-13 01:28:21 21A5424935A32080A58DD40F2712212C 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-09-13 01:28:20 57EFDDDA9A057C3F868409D4FD9655EC 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2013-09-13 01:28:20 51059C99C8432519A8416BD8252940CA 1104896 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-09-13 01:28:20 314C2F90B4D337527AD0231F44BA88F9 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-09-13 01:28:19 F21A5999C6354AC042D42D687EC027F1 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-09-13 01:28:19 C019B0A82FDF2AA2A8627704685D4D53 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-09-13 01:28:19 67E8C37D929EE30016C17ACE1379E047 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2013-09-13 01:28:19 490107BF073A44A54E39BDB6C2077D5A 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-09-13 01:28:17 6DB41C70A74B420A0ADC55A9862DDAD9 12335104 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-09-13 01:28:16 4EA7E90932BEBB21F1B5A5666A807C1F 9738752 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2013-09-12 16:46:02 1A9E4EE88B31750E5CA207424143F99C 3968960 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-12 16:46:01 5D0325AEF9DE48330908EC2E2DB0359F 3913664 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-12 16:46:00 0184CC60AB10C8124D69AFB332C6AF1C 1292192 ----a-w- C:\Windows\SysWOW64\ntdll.dll

2013-09-12 16:45:59 365A5034093AD9E04F433046C4CDF6AB 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll

2013-09-12 16:45:59 1B7343C3765638D4D17CB925F84F8ABE 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll

2013-09-12 16:45:58 73EF27E157855E3CB18B021BC9622E4C 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll

2013-09-12 16:45:58 57EC6102661E0E1D156C1EC251E7CAF8 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll

2013-09-12 16:45:55 B83592F532FB320F0001F8099ECC192B 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe

2013-09-12 16:45:55 812A161FC470FA832C3F0CC3D7ACA2F9 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll

2013-09-12 16:45:55 3808FD7522646BEB1CCEA94C45D4228C 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe

2013-09-12 16:45:54 8489D083E46BFD2096A6CECFF6C7C227 2048 ----a-w- C:\Windows\SysWOW64\user.exe

2013-09-12 16:45:41 E02781D4871844DCD30DF1D69A650F78 12872704 ----a-w- C:\Windows\SysWOW64\shell32.dll

2013-09-12 16:45:40 2C4A87CA8C00E98EFDCFA2E8EC9A3503 180224 ----a-w- C:\Windows\SysWOW64\shdocvw.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-09-13 01:28:24 BEB92344FA389165F7EF176C1E5A64B9 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2013-09-13 01:28:23 98DF7A4F37DAC235669E25B2FCB33E6D 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2013-09-13 01:28:21 C14A0FF11B62A5EF0B8D6A0B279D7C5A 248320 ----a-w- C:\Windows\Sysnative\ieui.dll

2013-09-13 01:28:21 8EC338F23E7F47C238B22687F3E89F2A 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe

2013-09-13 01:28:21 75F110F4005DAE430AECA787FDEA9CBB 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-09-13 01:28:20 EF62FA19B98CAE172ADF0D192D1142C6 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2013-09-13 01:28:20 CCD5A2BD321DB1A5E4149EFF459E5387 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-09-13 01:28:20 B183FD8733EA4E85A5B46C9847B843C7 1346560 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-09-13 01:28:20 1DD2ABC7D7BA682E1F0A911DB94B66D2 237056 ----a-w- C:\Windows\Sysnative\url.dll

2013-09-13 01:28:20 0915A57884928B449E4F6919963B09BA 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2013-09-13 01:28:19 E987EDAC6CF90B61AD8B55E91C90D325 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll

2013-09-13 01:28:19 64311FE4F9FDAE6FF41867BFC8B6F9B1 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-09-13 01:28:19 47430888120714277E58A1FD0E9C4B74 816640 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-09-13 01:28:19 2D4FBF61A69D524C4E35311C1290CD6B 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-09-13 01:28:17 DA908B28F07804BD648756B8FFAE9305 17833472 ----a-w- C:\Windows\Sysnative\mshtml.dll

2013-09-13 01:28:16 7C5B60847B127F00EFBE0C4906E9DA04 10926080 ----a-w- C:\Windows\Sysnative\ieframe.dll

2013-09-12 16:46:00 B22C00ED0491FD7B8803D7DDE2849F4C 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll

2013-09-12 16:46:00 63B563F1FC047AB3E21530DBBE773260 5550528 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe

2013-09-12 16:46:00 5B79D52A0388D8DEC5BF68411EA05A02 1732032 ----a-w- C:\Windows\Sysnative\ntdll.dll

2013-09-12 16:45:59 F0970A4BC8395659C22BF53D0FADF16F 112640 ----a-w- C:\Windows\Sysnative\smss.exe

2013-09-12 16:45:59 D8973E71F1B35CD3F3DEA7C12D49D0F0 1161216 ----a-w- C:\Windows\Sysnative\kernel32.dll

2013-09-12 16:45:59 BF95EA5809E3BBF55370F7CB309FEBD0 338432 ----a-w- C:\Windows\Sysnative\conhost.exe

2013-09-12 16:45:59 AA913C4E63B6F3F52E20BC9932205BCC 243712 ----a-w- C:\Windows\Sysnative\wow64.dll

2013-09-12 16:45:59 9209EA3F29DFC339A87EFD604E035FE4 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll

2013-09-12 16:45:59 88EDD0B34EED542745931E581AD21A32 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll

2013-09-12 16:45:59 659D71E315FB40FFE9AD46CB0588BEB1 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll

2013-09-12 16:45:59 216BABD555BC550952320EEA89C25DDF 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll

2013-09-12 16:45:58 49CEA3942A2B99A906EAFC94B853EDBD 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll

2013-09-12 16:45:55 70A1D465390C393AA118D9764E065B06 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll

2013-09-12 16:45:52 42A88ECF903BFE11411D188DCE830E84 3155456 ----a-w- C:\Windows\Sysnative\win32k.sys

2013-09-12 16:45:43 AD662B34B161198B9D66A564EDDA7D43 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll

2013-09-12 16:45:40 23B001185B7C3CB1F4BDEB143E6B45B7 197120 ----a-w- C:\Windows\Sysnative\shdocvw.dll

2013-09-11 21:23:43 DE41397FE7E6DCC4F6CD04142B43B9BD 312744 ----a-w- C:\Windows\Sysnative\javaws.exe

2013-09-11 21:23:39 E397199142033E8F8FFF6E62503B8374 108968 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll

2013-09-11 21:23:39 DD810672CB822E2BF7DC90CB066736BB 189352 ----a-w- C:\Windows\Sysnative\javaw.exe

2013-09-11 21:23:39 3C8551AF90B3B5E77046DAEBAB10C25D 189352 ----a-w- C:\Windows\Sysnative\java.exe

====== C:\Windows\Sysnative\drivers =====

2013-09-12 16:46:19 059F00DEF82BF41E433B7ED465847726 155584 ----a-w- C:\Windows\Sysnative\drivers\ataport.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-09-16 12:54:22 -------- d-----w- C:\Program Files\trend micro

2013-09-11 21:23:34 -------- d-----w- C:\Program Files\Java

======= C:\Program Files (x86) =====

2013-09-12 18:06:00 -------- d-----w- C:\Program Files (x86)\S.W.A.T. 4

======= C: =====

====== C:\Users\Jelle\AppData\Roaming ======

2013-09-16 18:31:57 -------- d-----w- C:\Users\Jelle\AppData\Local\F-Secure

2013-09-14 22:22:37 53E76A0B5460C03534AF3D86809202AA 8388608 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-S-1-5-21-2521610771-4007929080-1142802741-1001.dat

2013-09-14 22:22:09 54EA53699CA6115348B52F676E733E43 376748 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-System.dat

2013-09-12 21:42:31 -------- d-----w- C:\Users\Jelle\AppData\Roaming\{90140011-0066-0413-0000-0000000FF1CE}

2013-09-11 21:39:32 -------- d-----w- C:\Users\Jelle\AppData\Locallow\Adobe

====== C:\Users\Jelle ======

2013-09-13 19:30:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.W.A.T. 4

2013-09-12 21:42:25 -------- d-----w- C:\ProgramData\Virtualized Applications

2013-09-11 21:23:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2013-09-02 12:15:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2013-08-19 12:32:00 8694F120F7470F28D334ACAA85163406 376 ----a-w- C:\ProgramData\IpodRescue.ini

2013-08-19 12:19:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EphPod

2013-08-19 12:18:27 -------- d-----w- C:\ProgramData\WindSolutions

====== C: exe-files ==

2013-09-16 12:54:31 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Jelle.exe

2013-09-16 12:54:08 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJIC3XJR\RSITx64.exe

2013-09-16 11:58:37 9FB9D49C2DB7EDD1084AB765D619F5C6 66368 ----a-w- C:\Users\Jelle\AppData\Local\Temp\utt777C.tmp.exe

2013-09-16 11:58:04 B3226558386FDAA192A3412B175363E2 1127000 ----a-w- C:\Users\Jelle\AppData\Roaming\BitTorrent\updates\7.8.1_30016.exe

2013-09-16 11:57:46 B3226558386FDAA192A3412B175363E2 1127000 ----a-w- C:\Users\Jelle\AppData\Local\Temp\uttB48B.tmp.exe

2013-09-13 19:43:54 0F1D83805860F7379D6DDC4A0E651073 2265088 ----a-w- C:\Program Files (x86)\S.W.A.T. 4\Content\System\Swat4.exe

2013-09-13 19:30:44 DDBDB20B1E7411C3132DB1575499B306 290816 ----a-w- C:\Program Files (x86)\S.W.A.T. 4\Content\System\CreateLocalizationPackage.exe

2013-09-13 19:30:44 A3E04A16409E94F8B42ABA08100DA2A6 36864 ----a-w- C:\Program Files (x86)\S.W.A.T. 4\Content\System\ShaderPackager.exe

2013-09-13 19:30:44 8A26160752993DEF82DCF3B0B9FF5CAC 249856 ----a-w- C:\Program Files (x86)\S.W.A.T. 4\Content\System\IGEffectsConfigurator.exe

2013-09-13 19:30:44 7D030A794315D7DFD922367C1B142390 102400 ----a-w- C:\Program Files (x86)\S.W.A.T. 4\Content\System\UCC.exe

2013-09-13 19:30:44 500035AE0C48529865669F6371977F63 180224 ----a-w- C:\Program Files (x86)\S.W.A.T. 4\Content\System\Swat4DedicatedServer.exe

2013-09-13 19:30:44 3A6EE2993DACDDC22FD2796D8F3B0B06 2486272 ----a-w- C:\Program Files (x86)\S.W.A.T. 4\Content\System\SwatEd.exe

2013-09-13 19:28:29 6D6DFC8EBCA2C2CC12B723BAD4E8705C 649642 ----a-w- C:\Program Files (x86)\S.W.A.T. 4\unins000.exe

2013-09-13 01:28:21 8EC338F23E7F47C238B22687F3E89F2A 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-09-13 01:28:20 AA9CBDCD4675A48755DDA3A73BE3E283 757400 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2013-09-13 01:28:20 A818D637533302BA58C685F332388FC0 763544 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-09-12 22:34:50 D527D7B1E5AD99D0941B543DD89C18A6 15851888 ----a-w- C:\Games\World_of_Tanks\WorldOfTanks.exe

2013-09-12 16:46:00 63B563F1FC047AB3E21530DBBE773260 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-09-12 16:45:59 F0970A4BC8395659C22BF53D0FADF16F 112640 ----a-w- C:\Windows\System32\smss.exe

2013-09-12 16:45:59 BF95EA5809E3BBF55370F7CB309FEBD0 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-09-11 21:23:43 DE41397FE7E6DCC4F6CD04142B43B9BD 312744 ----a-w- C:\Windows\System32\javaws.exe

2013-09-11 21:23:39 DD810672CB822E2BF7DC90CB066736BB 189352 ----a-w- C:\Windows\System32\javaw.exe

2013-09-11 21:23:39 3C8551AF90B3B5E77046DAEBAB10C25D 189352 ----a-w- C:\Windows\System32\java.exe

2013-09-11 21:23:36 FBCA2A88EB7B31EDB7CF621E9120BA99 16296 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe

2013-09-11 21:23:36 F5FDE31D7C2963A3EE986CB81B239BC9 15784 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe

2013-09-11 21:23:36 F5850DFCEB8DB5CD0FA4286889BC0E76 15784 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe

2013-09-11 21:23:36 F5413E91B66CD31AF031E7BC37F54707 64424 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe

2013-09-11 21:23:36 E8407C8C789436C89558838A531A6B27 67496 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe

2013-09-11 21:23:36 DE41397FE7E6DCC4F6CD04142B43B9BD 312744 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe

2013-09-11 21:23:36 DD810672CB822E2BF7DC90CB066736BB 189352 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe

2013-09-11 21:23:36 C5647175845365E416AC1191C4E7EAE8 15784 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe

2013-09-11 21:23:36 A718331B818F7F865BDB29D8373F813F 15784 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe

2013-09-11 21:23:36 A342198AFFD921790E95E1CA812862A6 181160 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe

2013-09-11 21:23:36 98FE368626A7F9325442A15737E1D648 55720 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe

2013-09-11 21:23:36 92F579D7DADD3B8E6796BD4A1C682491 15784 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe

2013-09-11 21:23:36 8BA02E0870385C8C1088F318426D6F60 15784 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe

2013-09-11 21:23:36 82323901BE3D6A02114D7CF7BBCBD05F 16296 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe

2013-09-11 21:23:36 7BCACE1B1528AB12243286708CE7F139 15784 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe

2013-09-11 21:23:36 5BF4B76437CDDF0F1277D70733774AA6 15784 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe

2013-09-11 21:23:36 43029706D9D2D68116C2CD6A2E826354 15784 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe

2013-09-11 21:23:36 4051798C8A3EF97C3CA918AED5E3BE62 15784 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe

2013-09-11 21:23:36 3C8551AF90B3B5E77046DAEBAB10C25D 189352 ----a-w- C:\Program Files\Java\jre7\bin\java.exe

2013-09-11 21:23:36 36680B7C776A3E1540A6F1A0CC5E379B 76200 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe

=== C: other files ==

2013-09-16 11:58:34 376CFDD15014704E2D4556A0183D2C0F 101 ----a-w- C:\Users\Jelle\AppData\Local\Temp\utt6E76.tmp.bat

2013-09-16 11:58:03 E3E5BA81D31367EA782B9D76B1E989DD 95 ----a-w- C:\Users\Jelle\AppData\Local\Temp\uttF5CE.tmp.bat

2013-09-13 19:28:49 835D171DFD40D9CCCEBEB28C31084943 301 ----a-w- C:\Program Files (x86)\S.W.A.T. 4\Content\System\ConvertFonts.bat

2013-09-12 16:46:19 059F00DEF82BF41E433B7ED465847726 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys

2013-09-12 16:45:52 42A88ECF903BFE11411D188DCE830E84 3155456 ----a-w- C:\Windows\System32\win32k.sys

2013-09-11 21:23:37 4A6EE72411CC73861AAC49D66D16D692 18243 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2521610771-4007929080-1142802741-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

"ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S"

"SonicMasterTray"="C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe"

"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"

"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"

"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"

"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5"

"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0"

"F-Secure Manager"="C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE /splash"

"F-Secure Hoster (54599)"="C:\Program Files (x86)\F-Secure\fshoster32.exe -app -hosterid:1"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SpUninstallCleanUp"="REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 "

"IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PAN Tray"

"IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]

"command"="C:\\Windows\\AsScrPro.exe"

"hkey"="HKLM"

"item"="ASUS Screen Saver Protector"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer]

"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""

"hkey"="HKLM"

"item"="CLMLServer"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EA Core]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EA Core"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Electronic Arts\\EADM\\Core.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]

"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

"hkey"="HKLM"

"item"="RtHDVCpl"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

==== Startup Folders ======================

2013-01-06 22:23:22 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13-09-2013 20:08]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13-04-2011 04:33]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13-04-2011 04:33]

C:\Windows\tasks\Scheduled scanning task.job --a------ C:\PROGRA2\F-Secure\apps\COMPUT1\ANTI-V1\fsav.exe []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default

- ADDICT-THING - %ProfilePath%\extensions\4f9059cb1cd04@4f9059cb1cd05.info

- BittorrentBar_NL Community Toolbar - %ProfilePath%\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}

- AP Suggestor - %ProfilePath%\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default

D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17

D4EE19A43A672D5617DBDE36F28262BA - C:\Users\Jelle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

96059D94D053961A791D70110CC81055 - C:\Users\Jelle\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll - Game Face Plugin

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Deleting Files \ Folders ======================

"C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\extensions\4f9059cb1cd04@4f9059cb1cd05.info" deleted

"C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\Jelle\AppData\Local\funmoods.crx[]

cjpglkicenollcignonpgiafdgfeehoj - C:\Users\Jelle\AppData\Local\funmoods-speeddial.crx[]

dheijbecgbfgpbnmjaibpfpmipjjppml - C:\ProgramData\APSuggestor\ap10013.crx[]

dhkplhfnhceodhffomolpfigojocbpcb - C:\Users\Jelle\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx[]

ibnmbpihhamedhophbnjjpidokcknoid - C:\Program Files (x86)\AP Suggestor\APSuggestor.crx[]

jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Jelle\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

oheebbchchokcgnbppnbegcjpajfipab - C:\ProgramData\ADDICT-THING\oheebbchchokcgnbppnbegcjpajfipab.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\Jelle\AppData\Local\funmoods.crx[]

cjpglkicenollcignonpgiafdgfeehoj - C:\Users\Jelle\AppData\Local\funmoods-speeddial.crx[]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Jelle\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

Funmoods - Jelle - Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

AP Suggestor - Jelle - Default\Extensions\dheijbecgbfgpbnmjaibpfpmipjjppml

SweetIM for Facebook - Jelle - Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

BittorrentBar_NL - Jelle - Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn

Chrome In-App Payments service - Jelle - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

ADDICT-THING - Jelle - Default\Extensions\oheebbchchokcgnbppnbegcjpajfipab

==== Chrome Fix ======================

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage-journal deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage-journal deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheijbecgbfgpbnmjaibpfpmipjjppml deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dheijbecgbfgpbnmjaibpfpmipjjppml_0.localstorage deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dheijbecgbfgpbnmjaibpfpmipjjppml_0.localstorage-journal deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage-journal deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0 deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\oheebbchchokcgnbppnbegcjpajfipab deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oheebbchchokcgnbppnbegcjpajfipab_0.localstorage deleted successfully

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oheebbchchokcgnbppnbegcjpajfipab_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="PlayStation Only - De game community van de Benelux"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="PlayStation Only - De game community van de Benelux"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dheijbecgbfgpbnmjaibpfpmipjjppml deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ibnmbpihhamedhophbnjjpidokcknoid deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oheebbchchokcgnbppnbegcjpajfipab deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jelle\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jelle\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0MTOYQD6 will be deleted at reboot

C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0XCMOWPV will be deleted at reboot

C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\21GTZEGY will be deleted at reboot

C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\38LEM3O0 will be deleted at reboot

C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EU70WRK4 will be deleted at reboot

C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5QK8G8F will be deleted at reboot

C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWFQ2UYH will be deleted at reboot

C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z18MFICS will be deleted at reboot

C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini will be deleted at reboot

C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Jelle\AppData\Local\Mozilla\Firefox\Profiles\tw93kk1w.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Jelle\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini" not found

"C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat" not found

"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0MTOYQD6" not found

"C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0XCMOWPV" not found

"C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\21GTZEGY" not found

"C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\38LEM3O0" not found

"C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EU70WRK4" not found

"C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5QK8G8F" not found

"C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWFQ2UYH" not found

"C:\Users\Jelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z18MFICS" not found

==== EOF on di 17-09-2013 at 7:56:49,17 ======================

[Jion]

1.

Download MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• 
  
• Update MalwareBytes' Anti-Malware
  
• Start MalwareBytes' Anti-Malware
  
• Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.
  

Klik daarna op "Voltooien".

Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

• 
  
• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  
• Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  
• Druk vervolgens op "Scannen" om de scan te starten.
  
• Het scannen kan een tijdje duren, dus wees geduldig.
  
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  
• Herstart de computer indien nodig en post hierna de log in het volgende bericht.
  

2.

Download AdwCleaner by Xplode naar je bureaublad.

• 
  
• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op Scan.
  
• Klik vervolgens op Clean als er items zijn gevonden.
  
• Klik bij Herstarten Noodzakelijk op OK
  

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[R1].txt.

Post aansluitend de inhoud van dit log in je volgende bericht.

[Lelt]

MalwareBytes logje:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Databaseversie: v2013.09.21.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jelle :: JELLE-PC [administrator]

21-9-2013 11:40:31

mbam-log-2013-09-21 (11-40-31).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 245622

Verstreken tijd: 5 minuut/minuten, 20 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 36

HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\escort.escortIEPane (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\b (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\f (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 3

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 1P1H1M1H1G1R1Q1I1EtGzrtFzt -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {78CC799B-8D5B-11E1-9863-5404A617E94A} -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {78CC799B-8D5B-11E1-9863-5404A617E94A} -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

- - - Updated - - -

AdwCleaner Logje:

# AdwCleaner v3.004 - Report created 21/09/2013 at 11:51:44

# Updated 15/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Jelle - JELLE-PC

# Running from : C:\Users\Jelle\Desktop\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\searchplugins\SweetIm.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer

Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849859

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_revo-uninstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_revo-uninstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_somud_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_somud_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_windows-live-messenger_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_windows-live-messenger_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{026BA6E0-1B57-45AA-B713-685593C610B3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{026BA6E0-1B57-45AA-B713-685593C610B3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C94A033-8C4F-4461-916C-3E08000A19A2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC2929CF-DD16-4BAC-A29F-F6BFE2B14EF4}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2D8D9ACC-F6D7-4362-8876-A275CA929591}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{2D8D9ACC-F6D7-4362-8876-A275CA929591}]

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Babylon

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Somoto Toolbar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\Smart Suggestor

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\BittorrentBar_NL

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Funmoods

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\Software\SearchquSRTB

Key Deleted : HKLM\Software\BittorrentBar_NL

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71277DC4-4217-462A-9FF4-62D7815B2C69}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods

Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506

-\\ Mozilla Firefox v

[ File : C:\Users\Jelle\AppData\Roaming\Mozilla\Firefox\Profiles\tw93kk1w.default\prefs.js ]

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "isearch.babylon.com");

Line Deleted : user_pref("CT2849859.autoDisableScopes", 0);

Line Deleted : user_pref("extensions.SmartSuggestor.aid", "20049");

Line Deleted : user_pref("extensions.SmartSuggestor.ppi", true);

Line Deleted : user_pref("extensions.SmartSuggestor.uid", "65a9bfeb73b962b1f1cb01630d62c86e");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Jelle\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [15646 octets] - [21/09/2013 11:51:06]

AdwCleaner[s0].txt - [14771 octets] - [21/09/2013 11:51:44]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14832 octets] ##########

[Jion]

Laatste stap: schoonmaak tijd xD

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• 
  
• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.