laptop loop vast (zelfs bij veilige modus, virusscan, malware scan en backup)

[DygOzl]

Dag beste mensen,

Het academiejaar is zopas van start gegaan en als studente zit ik onmiddellijk met gebakken peren. Mijn laptop loop vast bij het minste dat ik doe. Ik heb zelfs mijn berichtje moeten onderbreken om via de gsm opnieuw te beginnen.

Om een lang verhaal kort te houden: Hij loopt dus constant vast zonder ook al maar een secondje opnieuw te reageren. Ik heb zo talloze keren een geforceerde reboot moeten doen.

Bij het opstarten in veilige modus geraakt ie ook niet verder dan het zwarte schermpje met witte tekst.

Tijdens de virusscan loopt hij na 20 min vast. (20 min als ik geluk heb weliswaar)

Malware scan idem ditto.

Ik probeerde een backup te maken omdat ik me er bij had gelegd dat er niets anders op zat dan hem te laten formatteren, helaas liep ie toen ook vast.

Nu is mijn vraag of iemand mij verder kan helpen? Ik lees vanalle methoden op verschillende fora, maar omdat ik nergens mee vertrouwd ben schrikt het me een beetje af om het alleen te doen.

Ik heb een Dell XPS M1530 met Vista

Intel core 2 duo cpu T5750 2.00 GHz

3.00 GB RAM

32-bits besturingssysteem

Ik hoop dat iemand mij kan helpen, omdat ik mijn laptop toch niet kan missen wegens mijn opleiding.

Alvast bedankt!

[DygOzl]

Logfile of random's system information tool 1.09 (written by random/random)

Run by Ramcom at 2013-09-30 15:05:20

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 81 GB (36%) free of 226 GB

Total RAM: 3069 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:06:40, on 30/09/2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16506)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\system32\conime.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Users\Ramcom\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Users\Ramcom\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Ramcom\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Ramcom\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Users\Ramcom\AppData\Local\Akamai\netsession_win.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Users\Ramcom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ramcom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ramcom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ramcom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ramcom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ramcom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ramcom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ramcom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ramcom\Downloads\RSIT.exe

C:\Program Files\trend micro\Ramcom.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=c27e32ca-07d0-11e1-8880-001fe2d9d939

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (file missing)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (file missing)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll

O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll

O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll

O3 - Toolbar: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (file missing)

O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (file missing)

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [lxeamon.exe] "C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ramcom\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKCU\..\Run: [Google Update] "C:\Users\Ramcom\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Ramcom\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [atmxmld9] rundll32.exe "C:\Users\Ramcom\AppData\Local\atmxmld9\atmxmld9.dll", DllInit

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1166321317-2856568384-716361271-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1166321317-2856568384-716361271-1004\..\RunOnce: [burnImage] regsvr32 /s c:\windows\IMAPIShellExt.dll (User 'UpdatusUser')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Startup: Dropbox.lnk = Ramcom\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - MSN Games - Free Online Games

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - MSN Games - Free Online Games

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab

O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/game/ggsecure.cab

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast-data.com/data/objects/NpFp415.dll

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - MSN Games - Free Online Games

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\MP3 Skype Recorder\Skype4COM.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe

O23 - Service: lxea_device - - C:\Windows\system32\lxeacoms.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe

O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)

--

End of file - 15052 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1166321317-2856568384-716361271-1000Core.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1166321317-2856568384-716361271-1000UA.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1166321317-2856568384-716361271-1000Core1cc90ae648ab3b3.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1166321317-2856568384-716361271-1000UA.job

C:\Windows\tasks\ParetoLogic Registration.job

C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

C:\Windows\tasks\SystemToolsDailyTest.job

C:\Windows\tasks\User_Feed_Synchronization-{3B37E3E5-53F3-412E-B5FE-E65FE9181644}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "browser.startup.homepage" - "http://www.google.be/"

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, firefox@tvunetworks.com:2, 4, 9, 1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

prefs.js - "keyword.URL" - "http://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"ShopperReports@ShopperReports.com"=C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar\extensions

"HBLite@HBLite.com"=C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.8.800.168 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]

"Description"=DivX Plus Web Player

"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]

"Description"=DivX® Player Plugin for VOD Content

"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]

"Description"=DivX VOD Helper Plug-in

"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]

"Description"=Yahoo Messenger State Plugin

"Path"=C:\Program Files\Yahoo!\Shared\npYState.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4]

"Description"=Office Live Update v1.4

"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nitropdf.com/NitroPDF]

"Description"=NitroPDF Web Browser Plugin

"Path"=C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@soe.sony.com/installer,version=1.0.3]

"Description"=Free Realms Installer

"Path"=C:\PROGRA~1\SONYON~1\npsoe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP]

"Description"=Viewpoint Media Player for Mozilla

"Path"=C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

{F0E1168A-B4B5-484C-B77E-0D28E6B64096}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

GoogleDesktopMozilla.dll

GoogleDesktopMozillaStub.js

GoogleDesktopMozillaStub.xpt

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

np-mswmp.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

npunagi2.dll

npunagi2.xpt

npvsharetvplg.dll

npwachk.dll

QuickTimePlugin.class

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\

babylon.xml

bing.xml

bolcom-nl.xml

google.xml

googledesktop.xml

marktplaats-nl.xml

wikipedia-nl.xml

C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\extensions\

ffxtlbr@delta.com

firefox@tvunetworks.com

foxyproxy@eric.h.jung

{20a82645-c095-46ed-80e3-08825760534b}

{3697b17c-b572-4862-a5e6-7f922c0f3403}

{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\searchplugins\

askcom.xml

delta.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]

Lexmark Werkbalk - C:\Program Files\Lexmark Toolbar\toolband.dll [2011-08-19 528384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]

DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-04 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]

IE5BarLauncherBHO Class - C:\Program Files\vShare.tv plugin\BarLcher.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]

delta Helper Object - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccec60fc-2608-4e58-9659-3ffc159e8ea9}]

SHOUTcast Loader - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll [2008-09-17 1275176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}]

Lexmark - C:\Program Files\Lexmark Printable Web\bho.dll [2008-05-22 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-04 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2C688203-7EB3-4327-9995-1CB417BA23F9} - BS.Player ControlBar - C:\Program Files\BS.Player ControlBar\BSToolbar.dll [2008-10-08 859592]

{0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - SHOUTcast Radio Toolbar - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll [2008-09-17 1275176]

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Werkbalk - C:\Program Files\Lexmark Toolbar\toolband.dll [2011-08-19 528384]

{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - VShareToolBar - C:\Program Files\vShare.tv plugin\BarLcher.dll []

{82E1477C-B154-48D3-9891-33D83C26BCD3} - Delta Toolbar - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2008-03-04 36864]

"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2012-12-21 551408]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-02-15 405504]

"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]

"lxeamon.exe"=C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe [2010-05-05 770728]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"=C:\Users\Ramcom\AppData\Local\Akamai\netsession_win.exe [2013-06-05 4489472]

"AdobeBridge"= []

"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -scheduler []

"Google Update"=C:\Users\Ramcom\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-21 133104]

"Facebook Update"=C:\Users\Ramcom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

"atmxmld9"=C:\Users\Ramcom\AppData\Local\atmxmld9\atmxmld9.dll, DllInit []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-12-19 41208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]

C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]

C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

C:\Dell\E-Center\EULALauncher.exe [2008-02-29 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

C:\Program Files\Lexmark S300-S400 Series\ezprint.exe [2010-05-05 148280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-24 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]

C:\Program Files\Fingerprint Reader Suite\launcher.exe [2007-04-16 49168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]

C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2010-10-22 836896]

C:\Users\Ramcom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

Dropbox.lnk - C:\Users\Ramcom\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]

C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-08-21 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]

C:\Windows\system32\psqlpwd.dll [2007-04-16 86528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableCAD"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"VIDC.I420"=lvcodec2.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"MSVideo8"=VfWWDM32.dll

"MSVideo"=vfwwdm32.dll

"wave3"=wdmaud.drv

"mixer3"=wdmaud.drv

"wave4"=wdmaud.drv

"mixer4"=wdmaud.drv

"VIDC.FMVC"=fmcodec.dll

"msacm.siren"=sirenacm.dll

"vidc.DIVX"=DivX.dll

"vidc.yv12"=DivX.dll

"vidc.XVID"=xvidvfw.dll

"wave5"=wdmaud.drv

"mixer5"=wdmaud.drv

"wave6"=wdmaud.drv

"mixer6"=wdmaud.drv

"wave7"=wdmaud.drv

"mixer7"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"wave2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"wave8"=wdmaud.drv

"mixer8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-09-30 15:05:21 ----D---- C:\Program Files\trend micro

2013-09-30 15:05:20 ----D---- C:\rsit

2013-09-29 18:10:06 ----D---- C:\AdwCleaner

2013-09-29 12:56:49 ----SHD---- C:\found.003

2013-09-28 14:46:59 ----D---- C:\Users\Ramcom\AppData\Roaming\Malwarebytes

2013-09-28 14:46:48 ----D---- C:\ProgramData\Malwarebytes

2013-09-28 14:46:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2013-09-28 14:46:43 ----A---- C:\Windows\system32\drivers\mbam.sys

2013-09-28 13:57:36 ----SHD---- C:\found.002

2013-09-14 21:18:24 ----A---- C:\Windows\system32\mshtmled.dll

2013-09-14 21:18:23 ----A---- C:\Windows\system32\vbscript.dll

2013-09-14 21:18:21 ----A---- C:\Windows\system32\jsproxy.dll

2013-09-14 21:18:21 ----A---- C:\Windows\system32\ieUnatt.exe

2013-09-14 21:18:21 ----A---- C:\Windows\system32\ieui.dll

2013-09-14 21:18:20 ----A---- C:\Windows\system32\wininet.dll

2013-09-14 21:18:20 ----A---- C:\Windows\system32\msfeeds.dll

2013-09-14 21:18:19 ----A---- C:\Windows\system32\jscript.dll

2013-09-14 21:18:18 ----A---- C:\Windows\system32\jscript9.dll

2013-09-14 21:18:17 ----A---- C:\Windows\system32\url.dll

2013-09-14 21:18:16 ----A---- C:\Windows\system32\iertutil.dll

2013-09-14 21:18:14 ----A---- C:\Windows\system32\urlmon.dll

2013-09-14 21:18:10 ----A---- C:\Windows\system32\mshtml.dll

2013-09-14 21:18:08 ----A---- C:\Windows\system32\ieframe.dll

2013-09-11 20:54:40 ----A---- C:\Windows\system32\themeui.dll

2013-09-11 20:54:17 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2013-09-30 15:05:21 ----D---- C:\Program Files

2013-09-30 15:04:33 ----D---- C:\Users\Ramcom\AppData\Roaming\Dropbox

2013-09-30 15:02:44 ----D---- C:\Windows\Temp

2013-09-30 14:29:04 ----D---- C:\Windows\system32\drivers

2013-09-29 22:24:18 ----D---- C:\Windows

2013-09-29 22:24:18 ----D---- C:\ProgramData\AVAST Software

2013-09-29 22:22:50 ----D---- C:\Windows\inf

2013-09-29 22:21:39 ----D---- C:\Windows\System32

2013-09-29 22:21:39 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-09-29 22:19:44 ----A---- C:\Windows\ricdb.ini

2013-09-29 19:51:00 ----D---- C:\Windows\pss

2013-09-29 19:36:51 ----D---- C:\Windows\Minidump

2013-09-29 18:38:24 ----HD---- C:\ProgramData

2013-09-29 18:13:05 ----D---- C:\Program Files\Common Files

2013-09-29 13:20:16 ----SHD---- C:\System Volume Information

2013-09-28 14:47:20 ----D---- C:\Windows\Prefetch

2013-09-28 14:46:47 ----SHD---- C:\Windows\Installer

2013-09-28 14:43:33 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2013-09-28 14:31:03 ----D---- C:\Windows\SoftwareDistribution

2013-09-26 23:27:05 ----D---- C:\Users\Ramcom\AppData\Roaming\Skype

2013-09-26 14:31:33 ----D---- C:\Users\Ramcom\AppData\Roaming\BitTorrent

2013-09-26 14:31:31 ----D---- C:\Windows\Debug

2013-09-26 12:44:46 ----D---- C:\Program Files\AV Vcs 7.0 DIAMOND

2013-09-24 21:08:56 ----D---- C:\ProgramData\Skype

2013-09-24 21:08:51 ----RD---- C:\Program Files\Skype

2013-09-24 06:56:42 ----D---- C:\ProgramData\Lx_cats

2013-09-19 15:44:47 ----D---- C:\Windows\system32\catroot2

2013-09-17 14:36:41 ----D---- C:\Windows\system32\WDI

2013-09-15 00:59:12 ----D---- C:\Windows\system32\migration

2013-09-15 00:59:11 ----D---- C:\Program Files\Internet Explorer

2013-09-14 21:22:14 ----D---- C:\ProgramData\Microsoft Help

2013-09-14 21:18:59 ----D---- C:\Windows\winsxs

2013-09-14 21:18:51 ----D---- C:\Windows\system32\catroot

2013-09-14 21:01:23 ----D---- C:\Windows\system32\MRT

2013-09-14 20:47:13 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-07 304920]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2011-03-04 45648]

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-12-18 428088]

R1 eusk2par;Aladdin SmartKey Parallel Driver; \??\C:\Windows\system32\Drivers\eusk2par.sys [2008-12-18 25680]

R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 50704]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-06-25 48128]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-06-25 44544]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-06-25 38400]

R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2009-09-17 92712]

R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x86; C:\Windows\system32\DRIVERS\Apfiltr.sys [2012-12-20 401352]

R3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]

R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2013-05-12 9053984]

R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]

R3 RTL8192cu;TP-LINK 300Mbps Mini Wireless N USB Adapter; C:\Windows\system32\DRIVERS\RTL8192cu.sys [2011-04-08 764520]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]

R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-04-16 46992]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]

R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2009-03-18 311808]

S3 a53af0rd;a53af0rd; C:\Windows\system32\drivers\a53af0rd.sys []

S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]

S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]

S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2000-01-01 300584]

S3 btwaudio;Bluetooth-audioapparaat; C:\Windows\system32\drivers\btwaudio.sys [2000-01-01 93224]

S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2000-01-01 114728]

S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33320]

S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2000-01-01 18728]

S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2012-09-20 83168]

S3 Dot4;Microsoft IEEE-1284.4-stuurprogramma; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]

S3 Dot4Print;Stuurprogramma voor printerklasse voor IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]

S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 e1express;Stuurprogramma voor Intel® PRO/1000 PCI Express-netwerkverbinding; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\Windows\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\Windows\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]

S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 netr73;TL-WN321G USB Wireless Adapter; C:\Windows\system32\DRIVERS\netr73.sys [2008-10-21 497152]

S3 NETw4v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]

S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-04-30 2687512]

S3 QCDonner;Logitech QuickCam Express(PID_0840); C:\Windows\system32\DRIVERS\LVCD.sys [2004-04-26 474304]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]

S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 181344]

S3 STHDA;@%SystemRoot%\system32\stlang.dll,-10305; C:\Windows\system32\drivers\stwrt.sys []

S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 15872]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

S3 WINUSB;WinUsb-stuurprogramma; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 34944]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk62x86.sys [2009-05-20 314368]

S4 iaNvStor;Intel® Turbo Memory Controller; C:\Windows\system32\drivers\ianvstor.sys [2007-09-07 209408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-10-22 656672]

R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-10-24 870672]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]

R2 lxea_device;lxea_device; C:\Windows\system32\lxeacoms.exe [2010-04-14 598696]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 MySql;MySql; C:\mysql\bin\mysqld-nt.exe [2002-08-14 1130496]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2011-12-20 196904]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-05-12 640288]

R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-01-31 1259296]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-10-24 481552]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]

R2 yksvc;Marvell Yukon Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-18 136176]

S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [2010-04-14 193192]

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-06-21 162408]

S2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter []

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-23 72704]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-28 257416]

S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-09-25 1044816]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-24 30192]

S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-08-21 16680]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-18 136176]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 268512]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-16 755880]

S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2011-08-05 6363872]

S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-08-05 444640]

S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[kape]

Download Zoek.zip naar het bureaublad.

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

chromelook; 
firefoxlook; 
startupall; 
{14f0d511-36a2-41ca-ae01-ba4f87282c97};c
 C:\Program Files\SHOUTcast Radio Toolbar;fs
 {02478D38-C3F9-4efb-9B51-7695ECA05670};c
 {78F3A323-798E-4AEA-9A57-88F4B05FD5DD};c
 C:\Program Files\vShare.tv plugin;fs
 {C1AF5FA5-852C-4C90-812E-A7F75E011D87};c
 C:\Program Files\Delta;fs
 {ccec60fc-2608-4e58-9659-3ffc159e8ea9};c
 {2C688203-7EB3-4327-9995-1CB417BA23F9};c
 C:\Program Files\BS.Player ControlBar;fs
 {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8};c
 {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5};c
 {82E1477C-B154-48D3-9891-33D83C26BCD3};c
 atmxmld9;s
 {F4430FE8-2638-42e5-B849-800749B94EED};c
 C:\Programs\PartyGaming.Net;fs
 C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096};fs
 C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml;f
 C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\extensions\[email="ffxtlbr@delta.com"]ffxtlbr@delta.com[/email];ff
 C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\extensions\firefox@tvunetworks.com;ff
 C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403};fs
 C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\searchplugins\delta.xml;f
 C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\searchplugins\askcom.xml;f
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccec60fc-2608-4e58-9659-3ffc159e8ea9}];r
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
 "atmxmld9"=-;r
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r
 "AppInit_DLLs"=-;r
 C:\found.003;fs
 C:\found.002;fs
 filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• HijackThis Log
  
• Firefox Defaults
  
• Reset Chrome
  
• IE Defaults
  
• Auto Clean
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post nu de inhoud van het geopende logje in het volgende bericht.
  

[DygOzl]

Hij is nu bezig, al een dik halfuur trouwens.

Maar plots krijg ik ook het volgende te zien:

pevz.exe - beschadigd bestand

Voer het hulpprogramma CHKDSK uit

etc...

- - - Updated - - -

Zoek.exe Version 4.0.0.4 Updated 24-September-2013

Tool run by Ramcom on ma 30/09/2013 at 18:33:50,21.

Windows Vista Home Premium 6.0.6002 Service Pack 2 x86 WMI=failure

Running in: Normal Mode No Internet Access Detected

Launched: C:\Users\Ramcom\Downloads\zoek\zoek.exe [script inserted] [Checkboxes used]

==== System Restore Info ======================

30/09/2013 18:39:08 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14f0d511-36a2-41ca-ae01-ba4f87282c97} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ccec60fc-2608-4e58-9659-3ffc159e8ea9} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ccec60fc-2608-4e58-9659-3ffc159e8ea9} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ccec60fc-2608-4e58-9659-3ffc159e8ea9} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ccec60fc-2608-4e58-9659-3ffc159e8ea9} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C688203-7EB3-4327-9995-1CB417BA23F9} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C688203-7EB3-4327-9995-1CB417BA23F9} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C688203-7EB3-4327-9995-1CB417BA23F9} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C688203-7EB3-4327-9995-1CB417BA23F9} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4430FE8-2638-42e5-B849-800749B94EED} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4430FE8-2638-42e5-B849-800749B94EED} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Internet Explorer\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{14f0d511-36a2-41ca-ae01-ba4f87282c97} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{ccec60fc-2608-4e58-9659-3ffc159e8ea9} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccec60fc-2608-4e58-9659-3ffc159e8ea9} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{2C688203-7EB3-4327-9995-1CB417BA23F9} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{14f0d511-36a2-41ca-ae01-ba4f87282c97} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2C688203-7EB3-4327-9995-1CB417BA23F9} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{14f0d511-36a2-41ca-ae01-ba4f87282c97} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2C688203-7EB3-4327-9995-1CB417BA23F9} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.be/");

user_pref("browser.newtab.url", "http://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=d0666b9800000000000000215c4e67d3");

user_pref("browser.search.defaultengine", "Ask.com");

user_pref("browser.search.defaultenginename", "Ask.com");

user_pref("browser.search.selectedEngine", "Delta Search");

user_pref("browser.search.order.1", "Ask.com");

user_pref("keyword.URL", "http://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=");

user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default

---- Lines C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\extensions\ffxtlbr@delta.com removed from prefs.js ----

---- Lines C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\extensions\ffxtlbr@delta.com modified from prefs.js ----

---- Lines C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\extensions\ffxtlbr@delta.com removed from user.js ----

---- Lines C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\extensions\firefox@tvunetworks.com removed from prefs.js ----

---- Lines C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\extensions\firefox@tvunetworks.com modified from prefs.js ----

---- Lines C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\extensions\firefox@tvunetworks.com removed from user.js ----

---- Lines BabylonToolbar removed from prefs.js ----

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=d0666b9800000000000000215c4e67d3");

---- Lines BabylonToolbar modified from prefs.js ----

---- Lines BabylonToolbar removed from user.js ----

---- Lines ask.com removed from prefs.js ----

---- Lines ask.com modified from prefs.js ----

---- Lines ask.com removed from user.js ----

---- Lines search.com removed from prefs.js ----

---- Lines search.com modified from prefs.js ----

---- Lines search.com removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user_20133009_1846_.backup

prefs_20133009_1846_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccec60fc-2608-4e58-9659-3ffc159e8ea9}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"atmxmld9"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"bProtector Start Page"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"bProtectorDefaultScope"=-

==== Deleting Files \ Folders ======================

"C:\Program Files\vShare.tv plugin" not found

"C:\Program Files\Delta" not found

"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" deleted

"C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\searchplugins\delta.xml" deleted

"C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\searchplugins\askcom.xml" deleted

"C:\Users\Ramcom\AppData\Roaming\Generic" deleted

"C:\Users\Ramcom\AppData\Roaming\.ptbt1" deleted

"C:\ProgramData\Fruit" deleted

"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" deleted

"C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll" deleted

"C:\ProgramData\UpdaterLog.txt" deleted

"C:\ProgramData\SPL144.tmp" deleted

"C:\ProgramData\SPL3916.tmp" deleted

"C:\ProgramData\SPL3F9F.tmp" deleted

"C:\ProgramData\SPL7593.tmp" deleted

"C:\ProgramData\SPLA801.tmp" deleted

"C:\ProgramData\SPLBB9.tmp" deleted

"C:\ProgramData\SPLCA7F.tmp" deleted

"C:\Users\Ramcom\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted

"C:\Users\Ramcom\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted

"C:\Windows\tasks\ParetoLogic Registration.job" deleted

"C:\Windows\system32\Tasks\BrowserProtect" deleted

"C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\searchplugins\askcom.xml" deleted

"C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\bProtector_extensions.rdf" deleted

"C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\bProtector_extensions.sqlite" deleted

"C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\bprotector_prefs.js" deleted

"C:\Users\Ramcom\AppData\Roaming\tmp" deleted

"C:\Users\Ramcom\AppData\Roaming\FMZilla" deleted

"C:\Users\Ramcom\AppData\Roaming\Samsung" deleted

"C:\Program Files\SHOUTcast Radio Toolbar" deleted

"C:\Program Files\BS.Player ControlBar" deleted

"C:\Programs\PartyGaming.Net" deleted

"C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}" deleted

"C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}" deleted

"C:\found.003" deleted

"C:\found.002" deleted

"C:\Program Files\GUMB481.tmp" deleted

"C:\Program Files\FoxTabPDFConverter" deleted

"C:\found.000" deleted

"C:\found.001" deleted

"C:\found.002" deleted

"C:\found.003" deleted

"C:\Users\Ramcom\AppData\Roaming\VshareComplete" deleted

"C:\Users\Ramcom\AppData\Roaming\Systweak" deleted

"C:\Users\Ramcom\AppData\Roaming\OpenCandy" deleted

"C:\ProgramData\InstallMate" deleted

"C:\Users\Ramcom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-09-29 17:36:45 34ACBBE218F3B6F1A73E983CD42C4762 387158333 ----a-w- C:\Windows\MEMORY.DMP

====== C:\Users\Ramcom\AppData\Local\Temp ====

2013-09-28 12:33:29 F509E86EFCBA242200E4C2AFF917D2FC 38912 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwaveform.dll

2013-09-28 12:33:29 D7139E04B44274C71B3C1C5DBF3F5F52 835584 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\gstreamer\gstreamer.dll

2013-09-28 12:33:29 C400199CE866C00A806B0EEBB9E5326C 73728 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwavparse.dll

2013-09-28 12:33:29 942F3F023712605AF4B0BCC87111046B 201728 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\mapi\OperaMAPI.dll

2013-09-28 12:33:29 8331A35D0797249A88A3DEED26AD1F59 16192864 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\opera.dll

2013-09-28 12:33:29 0ACDD4EC0A2A2944EEDBD83815226FE5 101888 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwebmdec.dll

2013-09-28 12:33:28 E39BAE9F813632AC6B434D6BC01A1A6C 93696 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioconvert.dll

2013-09-28 12:33:28 D48156B954D8E8974D35CA27628FA623 57344 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstautodetect.dll

2013-09-28 12:33:28 747F73CD83367B287899CE3A41DD04F0 158208 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstffmpegcolorspace.dll

2013-09-28 12:33:28 50E5B61B4BDE3CB0335801F57C7BAE40 312832 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstoggdec.dll

2013-09-28 12:33:28 4C938B92F6E389CC22BDE03BE140F43C 62976 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdecodebin2.dll

2013-09-28 12:33:28 4125C4D8D5F0DB304B42D0F0AA9E9485 96256 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstcoreplugins.dll

2013-09-28 12:33:28 330922836B5424869DB8597F48CFE1B3 94208 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioresample.dll

2013-09-28 12:33:28 2880FF5DAABA68431C9CF056786A10FB 67072 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdirectsound.dll

2013-09-28 12:33:28 1C9B45E87528B8BB8CFA884EA0099A85 2106216 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\D3DCompiler_43.dll

2013-09-28 12:33:27 FFC67949EF7C2BF307ED91B293581DD2 879456 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\opera.exe

2013-09-28 12:33:27 EB788245CC6675F57F6B7D010F2A8176 1197920 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\updatechecker\opera_autoupdate.exe

2013-09-28 12:33:22 C5520FEB7AD5F6E3692B6DE41F6A1A27 879456 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\OperaUpgrader.exe

2013-09-28 12:33:22 00849D0BA007AE8ECBC3EA32846DFF97 13156112 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\Opera-12.16-1860.i386.autoupdate.exe

====== Java Cache =====

====== C:\Windows\system32 =====

====== C:\Windows\system32\drivers =====

2013-09-28 12:46:43 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-09-30 13:05:21 -------- d-----w- C:\Program Files\trend micro

======= C: =====

====== C:\Users\Ramcom\AppData\Roaming ======

====== C:\Users\Ramcom ======

2013-09-30 16:35:51 EBBB7499429AF3F8645E19EDAF40EE08 1262592 ----a-w- C:\Users\Ramcom\Desktop\Z-Analyse.exe

2013-09-30 13:18:23 4754539F6D178B84DE28DBCBE7CDA23A 2092792 ----a-w- C:\Users\Ramcom\Downloads\avira_free_antivirus.exe

2013-09-30 13:04:45 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Ramcom\Downloads\RSIT (1).exe

2013-09-30 13:04:45 4460C6E048EF955C9CDF19458AFF98A8 131918888 ----a-w- C:\Users\Ramcom\Downloads\avast_free_antivirus_setup (1).exe

2013-09-30 13:03:40 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Ramcom\Downloads\RSIT.exe

2013-09-29 16:51:11 17C8BF490CA207D06EF2A0EC84F47191 1042066 ----a-w- C:\Users\Ramcom\Downloads\adwcleaner (1).exe

2013-09-29 16:09:21 17C8BF490CA207D06EF2A0EC84F47191 1042066 ----a-w- C:\Users\Ramcom\Downloads\adwcleaner.exe

====== C: exe-files ==

2013-09-30 13:05:21 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Ramcom.exe

=== C: other files ==

2013-09-30 16:34:34 AEA2C9F12478F48227F4D7C3606BBB1C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1166321317-2856568384-716361271-1000\$I3A6ARW.zip

2013-09-30 16:34:26 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\scripttest.vbs

2013-09-30 16:28:45 A601B58B1F4235E606ED9F36F75C458C 2053967 ----a-w- C:\$Recycle.Bin\S-1-5-21-1166321317-2856568384-716361271-1000\$R3A6ARW.zip

2013-09-28 12:46:43 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-09-28 12:33:24 C10E20FCB710BB1EC6034DDB681262D8 1444127 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\skin\standard_skin.zip

2013-09-28 12:33:24 4A72C050936BF35B374C817924DB9F0E 241062 ----a-w- C:\Users\Ramcom\AppData\Local\Temp\CProgram FilesOpera\locale\en\en.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="C:\Users\Ramcom\AppData\Local\Akamai\netsession_win.exe"

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -scheduler"

"Google Update"="C:\Users\Ramcom\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Facebook Update"="C:\Users\Ramcom\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

[HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1004\Software\Microsoft\Windows\CurrentVersion\Run]

"ooVoo"="C\ooVoo.exe /minimized"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1004\Software\Microsoft\Windows\CurrentVersion\Runonce]

"BurnImage"="regsvr32 /s c:\windows\IMAPIShellExt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe"

"Apoint"="C:\Program Files\DellTPad\Apoint.exe"

"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

"SigmatelSysTrayApp"="%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe"

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe"

"lxeamon.exe"="C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe"

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="C:\Users\Ramcom\AppData\Local\Akamai\netsession_win.exe"

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -scheduler"

"Google Update"="C:\Users\Ramcom\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Facebook Update"="C:\Users\Ramcom\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe Reader Speed Launcher"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeAAMUpdater-1.0"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeCS6ServiceManager"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="APSDaemon"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DAEMON Tools Lite"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivX Download Manager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DivX Download Manager"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\DivX\\DivX Plus Web Player\\DDmService.exe\" start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DivXUpdate"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ECenter]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ECenter"

"hkey"="HKLM"

"command"="C:\\Dell\\E-Center\\EULALauncher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EzPrint]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EzPrint"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Lexmark S300-S400 Series\\ezprint.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Google Desktop Search"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP Software Update"

"hkey"="HKLM"

"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Messenger (Yahoo!)"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MsnMsgr"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSQLLauncher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PSQLLauncher"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Fingerprint Reader Suite\\launcher.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QuickTime Task"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Windows Mobile Device Center"

"hkey"="HKLM"

"command"="%windir%\\WindowsMobile\\wmdc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk"

"backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe "

"item"="Bluetooth"

==== Startup Folders ======================

2008-08-21 00:00:10 1835 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

2008-08-21 00:00:10 1835 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

2011-12-16 21:59:19 1815 ----a-w- C:\Users\Ramcom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

2013-06-18 20:05:46 992 ----a-w- C:\Users\Ramcom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2013-07-13 16:27:51 1835 ----a-w- C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1166321317-2856568384-716361271-1000Core.job --a------ C:\Users\Ramcom\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/07/2012 00:19]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1166321317-2856568384-716361271-1000UA.job --a------ C:\Users\Ramcom\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/07/2012 00:19]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18/05/2010 21:11]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18/05/2010 21:11]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1166321317-2856568384-716361271-1000Core1cc90ae648ab3b3.job --a------ C:\Users\Ramcom\AppData\Local\Google\Update\GoogleUpdate.exe [21/09/2009 20:59]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1166321317-2856568384-716361271-1000UA.job --a------ C:\Users\Ramcom\AppData\Local\Google\Update\GoogleUpdate.exe [21/09/2009 20:59]

C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job --a------ C:\Program Files\Dell Support Center\uaclauncher.exe [06/10/2011 22:31]

C:\Windows\tasks\SystemToolsDailyTest.job --a------ C:\Program Files\Dell Support Center\uaclauncher.exe [06/10/2011 22:31]

C:\Windows\tasks\User_Feed_Synchronization-{3B37E3E5-53F3-412E-B5FE-E65FE9181644}.job --ah----- C:\Windows\system32\msfeedssync.exe [16/12/2011 23:43]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default

- Delta Toolbar - %ProfilePath%\extensions\ffxtlbr@delta.com

- TVU Web Player - %ProfilePath%\extensions\firefox@tvunetworks.com

- FoxyProxy Basic - %ProfilePath%\extensions\foxyproxy@eric.h.jung

- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

- vshare Add-On - %ProfilePath%\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ramcom\AppData\Roaming\Mozilla\Firefox\Profiles\n2spnneo.default

ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25

D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17

7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

667CB7D2CAF917608421E5250462C0AA - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat

0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Ramcom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

4D653377CB26B03A8EEA5E494DA98B8A - C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll - Nitro PDF Plug-In

A66A630E101E7B5CF0946F34935660CC - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player

CF381F81FA2A050A8EA73BAB995F3002 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.1

D72CC3C02764E28C691DBA9751FF8A86 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.1

BC405F582CAAC78AEDE4488E8A259FA1 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.1

C560D8A34A372EE10235938FD2D34CC3 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.1

AF28C98E0897F0475833D02D3CCFFF77 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.1

CABA1A399C7C7471DEBA73CB3BA5AADB - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.1

1D10BD2720963F6B6DB25ACB1F5CF8E9 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.1

F9AE1AD5CC7F73827B64A05A44902B07 - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll - Winamp Application Detector

B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in

32A783FE8D78DB883368CA851E274DBE - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

075394F75303286C2FA91908CB781609 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox

89DEEFEFFF3B30A0D76627CEEADD6470 - C:\Windows\system32\NpFv501.dll - Flatcast Viewer Plugin 5.0.356

AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

4B0E1AD13E44536BFA0D995E474C3EFC - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll - AOL Media Playback Plugin

99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin

E627C000BBB9F3148A1522AF1D6663CC - C:\Windows\system32\NpFv415.dll - Flatcast

CF381F81FA2A050A8EA73BAB995F3002 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.1

D72CC3C02764E28C691DBA9751FF8A86 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.1

BC405F582CAAC78AEDE4488E8A259FA1 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.1

C560D8A34A372EE10235938FD2D34CC3 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.1

AF28C98E0897F0475833D02D3CCFFF77 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.1

CABA1A399C7C7471DEBA73CB3BA5AADB - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.1

1D10BD2720963F6B6DB25ACB1F5CF8E9 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.1

667CB7D2CAF917608421E5250462C0AA - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat

667CB7D2CAF917608421E5250462C0AA - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

67077DC01744DC010AC978B9885A3D08 - C:\Program Files\Nitro PDF\Reader 2\npdf.dll - Nitro PDF Library

DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dlfienamagdnkekbbbocojppncdambda - C:\Program Files\VshareComplete\chrome\VshareCompleteChrome.crx[]

eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\Ramcom\AppData\Roaming\Delta\delta.crx[]

kpionmjnkbpcdpcflammlgllecmejgjj - C:\Program Files\vShare.tv plugin\vshareplg.crx[]

nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 15:13]

pgafcinpmmpklohkojmllohd****efph - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx[]

8 Ball Pool - Ramcom - Default\Extensions\bhljoejlbnebcpflalenbmpnanjbikof

Last updated at time on date - Ramcom - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Pixlr-o-matic - Ramcom - Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj

Google Calendar - Ramcom - Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn

3D Bowling - Ramcom - Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm

eBuddy Chat - Ramcom - Default\Extensions\giacidpcfkbjnapjaklcdchjmmnajmpm

AdBlock - Ramcom - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

FlyOrDie Backgammon - Ramcom - Default\Extensions\jjajfipfoldnngmddjicblncidmijama

Stencil Graffiti Creator - Ramcom - Default\Extensions\kamlhhebdhbhbnekgdbpfheacleljimo

Autodesk Homestyler - Ramcom - Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb

Nokia Maps 3D browser plugin - Ramcom - Default\Extensions\lilolcmoknakbgobboojdpbnggkhkibk

Chat Undetected - Ramcom - Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa

WGT Golf Game - Ramcom - Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb

Chrome In-App Payments service - Ramcom - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

20-20 3D Viewer for IKEA - Ramcom - Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm

DivX Plus Web Player HTML5 \u003Cvideo\u003E - Ramcom - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm

Psykopaint - Ramcom - Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://startsear.ch/?aff=1&cf=c27e32ca-07d0-11e1-8880-001fe2d9d939"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{40439b93-f815-4122-8073-d03bed94c303}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{0B4A10D1-FBD6-451d-BFDA-F03252B05984} Unknown Url="Not_Found"

{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Unknown Url="Not_Found"

{19FBAABA-7590-4C80-AB64-440D92CF6512} Unknown Url="Not_Found"

{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=cUEpBlw88RklbkTLLgiYBpmxuZY?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Ramcom\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Ramcom\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Internet Explorer\SearchScopes\{19FBAABA-7590-4C80-AB64-440D92CF6512} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

HKEY_USERS\S-1-5-21-1166321317-2856568384-716361271-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [lxeamon.exe] "C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ramcom\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKCU\..\Run: [Google Update] "C:\Users\Ramcom\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Ramcom\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1166321317-2856568384-716361271-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1166321317-2856568384-716361271-1004\..\RunOnce: [burnImage] regsvr32 /s c:\windows\IMAPIShellExt.dll (User 'UpdatusUser')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Startup: Dropbox.lnk = Ramcom\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab

O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/game/ggsecure.cab

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast-data.com/data/objects/NpFp415.dll

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\MP3 Skype Recorder\Skype4COM.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe

O23 - Service: lxea_device - - C:\Windows\system32\lxeacoms.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe

O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ramcom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ramcom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Ramcom\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Ramcom\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Ramcom\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Ramcom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on ma 30/09/2013 at 18:58:43,30 ======================

[kape]

Hiermee is een flinke dosis rotzooi van de PC verwijderd. Hoe gedraagt hij zich nu ?

[DygOzl]

Ik ben nu eventjes aan het testen met een snelle scan op Malwarebytes. Als hij vast loopt, weet ik het je te zeggen.

Bedankt voor je hulp trouwens.

- - - Updated - - -

Hij hangt weer vast... CTRL+ALT+DELETE reageert ook niet.

Malwarebytes had wel na 5min 24 objecten gedetecteerd.

[kape]

Download ComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

• Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  
• Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  
• Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  
• Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  
• Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  
• Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  
• Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  
• Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  
• Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
  

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.

• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  
• Illegal operation attempted on a registry key that has been marked for deletion.
  

[DygOzl]

Eerste poging= Laptop liep alweer volledig vast bij:

Zoeken naar besmette bestanden . . .

Dit duurt gewoonlijk niet langer dan 10 minuten

De scantijd voor zwaar besmette computers kunnen dubbel zo lang duren

Voltooid Deel_1

Voltooid Deel_2

Tweede poging:

Zoeken naar besmette bestanden . . .

Dit duurt gewoonlijk niet langer dan 10 minuten

De scantijd voor zwaar besmette computers kunnen dubbel zo lang duren

Voltooid Deel_1

Voltooid Deel_2

Nou loopt mijn startbalk vast. (Klok op laptop staat op 20:33, het is nu 20:43, ben begonnen met scannen om 20:30)

Ik wacht geduldig op voortgang...

Voor het vastlopen flikkerde hij wel een aantal keren, alsof ie wou opnieuw opstarten. Maar keerde uiteindelijk terug naar het bureaublad met blauw schermpje.

[kape]

Hierdoor hoef je niet te wanhopen ... bij een eerste gebruik van Combofix (en afhankelijk van de inhoud op de PC), kan dit behoorlijk lang duren. En dan heb ik het niet over minuten, maar dat kan in de uurtjes lopen. Geduld is een mooie deugd bij dit degelijke programma

[DygOzl]

Ik laat hem gewoon aan staan tot de ochtend. Hij zegt nog steeds:

Zoeken naar besmette bestanden . . .

Dit duurt gewoonlijk niet langer dan 10 minuten

De scantijd voor zwaar besmette computers kunnen dubbel zo lang duren

Voltooid Deel_1

Voltooid Deel_2

Ondertussen 2tal uurtjes later.. Taakbalk en Bureaublad wel actief nu, alsook het blauw schermpje.

Ik zal je morgen wel op de hoogte houden hoe het is verlopen.