vervelende reclame

[johnnykaty]

ik heb een probleempje. als ik mijn website open heb ik op sommige pagina's last van reclame waar ik helemaal niet om gevraagd heb.

kan er iemand van jullie mij daar afhelpen aub?

hieronder het log bestand van RSIT.

Logfile of random's system information tool 1.09 (written by random/random)

Run by johnny at 2013-10-08 22:37:06

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 462 GB (97%) free of 477 GB

Total RAM: 3053 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:37:11, on 8/10/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2014\avgrsx.exe

C:\Program Files\AVG\AVG2014\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2014\avgui.exe

C:\Program Files\AVG Nation toolbar\vprot.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\johnny\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2014\avgfws.exe

C:\Program Files\AVG\AVG2014\avgidsagent.exe

C:\Program Files\AVG\AVG2014\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG2014\avgnsx.exe

C:\Program Files\AVG\AVG2014\avgemcx.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AVG\AVG2014\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

K:\downloads\Registry Repair Wizard\RCHelper.exe

C:\Documents and Settings\johnny\Mijn documenten\Downloads\RSIT.exe

C:\Program Files\trend micro\johnny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search-Gol

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Nation toolbar\vprot.exe"

O4 - HKCU\..\Run: [D98A654CBC3DD4B1587618D1760AD0F8DBCB39FC._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Dropbox.lnk = C:\Documents and Settings\johnny\Application Data\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - K:\downloads\poker\PokerStarsUpdate.exe (HKCU)

O15 - Trusted IP range: http://192.168.1.1

O15 - ESC Trusted IP range: http://192.168.1.1

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1356552191484

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: vToolbarUpdater17.0.12 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe

--

End of file - 8867 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{F9C4DAAE-187A-43C9-AC20-60F6213B6A8A}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\0t1a57fy.default

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"belgiumeid@eid.belgium.be"=C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

"avg@toolbar"=C:\Documents and Settings\All Users\Application Data\AVG Nation toolbar\FireFoxExt\17.0.1.12

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.9.900.117 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]

"Description"=

"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]

"Description"=Office Live Update v1.3

"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

ffxtlbr@babylon.com

C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\0t1a57fy.default\searchplugins\

conduit-search.xml

nation-secure-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-22 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-22 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-09-07 19573352]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-05-31 152392]

"AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2013-09-15 4851760]

"vProt"=C:\Program Files\AVG Nation toolbar\vprot.exe [2013-10-07 2403144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"D98A654CBC3DD4B1587618D1760AD0F8DBCB39FC._service_run"=C:\Program Files\Google\Chrome\Application\chrome.exe [2013-10-03 844752]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beidsccertprop]

C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe [2012-02-21 31768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-05-10 49208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler]

K:\downloads\Registry Repair Wizard\RCHelper.exe [2012-03-06 1540480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2008-10-16 214360]

C:\Documents and Settings\johnny\Menu Start\Programma's\Opstarten

Dropbox.lnk - C:\Documents and Settings\johnny\Application Data\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\devolo\informer\devinf.exe"="C:\Program Files\devolo\informer\devinf.exe:*:Enabled:devolo Informer"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"K:\downloads\JDownloader\jre\bin\javaw.exe"="K:\downloads\JDownloader\jre\bin\javaw.exe:*:Enabled:Java Platform SE binary"

"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java Platform SE binary"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Documents and Settings\johnny\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\johnny\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"

"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour-service"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Documents and Settings\johnny\Application Data\BitTorrent\BitTorrent.exe"="C:\Documents and Settings\johnny\Application Data\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\AVG\AVG2014\avgnsx.exe"="C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield"

"C:\Program Files\AVG\AVG2014\avgdiagex.exe"="C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014"

"C:\Program Files\AVG\AVG2014\avgmfapx.exe"="C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:Installer voor AVG"

"C:\Program Files\AVG\AVG2014\avgemcx.exe"="C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Persoonlijke e-mailscanner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\Simple Port Forwarding\spf.exe"="C:\Program Files\Simple Port Forwarding\spf.exe:*:Enabled:Simple Port Forwarding By PcWinTech.com"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"vidc.xvid"=xvidvfw.dll

"vidc.lags"=lagarith.dll

"msacm.ac3filter"=ac3filter.acm

"msacm.siren"=sirenacm.dll

"VIDC.FPS1"=frapsvid.dll

======List of files/folders created in the last 1 month======

2013-10-08 22:32:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2013-10-08 22:21:41 ----D---- C:\rsit

2013-10-08 21:31:34 ----SHD---- C:\RECYCLER

2013-10-08 21:29:20 ----A---- C:\ComboFix.txt

2013-10-08 21:18:39 ----A---- C:\WINDOWS\zip.exe

2013-10-08 21:18:39 ----A---- C:\WINDOWS\SWXCACLS.exe

2013-10-08 21:18:39 ----A---- C:\WINDOWS\SWSC.exe

2013-10-08 21:18:39 ----A---- C:\WINDOWS\SWREG.exe

2013-10-08 21:18:39 ----A---- C:\WINDOWS\sed.exe

2013-10-08 21:18:39 ----A---- C:\WINDOWS\PEV.exe

2013-10-08 21:18:39 ----A---- C:\WINDOWS\MBR.exe

2013-10-08 21:18:39 ----A---- C:\WINDOWS\grep.exe

2013-10-08 21:17:50 ----D---- C:\Qoobox

2013-10-08 21:04:42 ----D---- C:\Documents and Settings\johnny\Application Data\Systweak

2013-10-08 20:41:46 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2013-10-08 20:41:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2013-10-08 20:41:40 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2013-10-08 20:22:31 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys

2013-10-08 19:43:12 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe

2013-10-06 20:52:19 ----D---- C:\Documents and Settings\johnny\Application Data\mojosoft

2013-10-06 20:18:09 ----D---- C:\Documents and Settings\johnny\Application Data\AVG2014

2013-10-06 20:17:25 ----D---- C:\Documents and Settings\johnny\Application Data\TuneUp Software

2013-10-06 20:17:17 ----D---- C:\Documents and Settings\johnny\Application Data\AVG Nation toolbar

2013-10-06 20:17:13 ----A---- C:\WINDOWS\system32\drivers\avgtpx86.sys

2013-10-06 20:17:09 ----D---- C:\Program Files\Common Files\AVG Secure Search

2013-10-06 20:17:09 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Nation toolbar

2013-10-06 20:17:08 ----D---- C:\Program Files\AVG Nation toolbar

2013-10-06 20:16:09 ----D---- C:\Documents and Settings\All Users\Application Data\AVG2014

2013-10-06 20:16:09 ----D---- C:\$AVG

2013-10-06 20:15:53 ----D---- C:\Program Files\AVG

2013-10-06 20:12:00 ----D---- C:\Documents and Settings\All Users\Application Data\Registry Helper

2013-10-06 20:09:19 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files

2013-10-06 20:09:19 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData

2013-09-26 17:44:19 ----D---- C:\Documents and Settings\johnny\Application Data\OmegaT

2013-09-18 21:11:42 ----D---- C:\Program Files\Mozilla Firefox

2013-09-16 17:07:51 ----D---- C:\Program Files\Mozilla Maintenance Service

2013-09-16 17:03:24 ----A---- C:\WINDOWS\nsreg.dat

2013-09-16 17:03:23 ----D---- C:\Documents and Settings\johnny\Application Data\DefaultTab

2013-09-13 00:34:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$

2013-09-13 00:34:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$

2013-09-13 00:34:47 ----A---- C:\WINDOWS\imsins.BAK

2013-09-13 00:34:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$

2013-09-10 22:11:44 ----A---- C:\WINDOWS\system32\drivers\avgidsshimx.sys

======List of files/folders modified in the last 1 month======

2013-10-08 22:37:09 ----D---- C:\WINDOWS\Temp

2013-10-08 22:37:09 ----D---- C:\Program Files\Trend Micro

2013-10-08 22:30:41 ----RD---- C:\Program Files

2013-10-08 22:26:49 ----D---- C:\Documents and Settings\johnny\Application Data\HPAppData

2013-10-08 22:22:05 ----SHD---- C:\WINDOWS\Installer

2013-10-08 22:17:26 ----D---- C:\WINDOWS\system32\CatRoot2

2013-10-08 21:54:10 ----D---- C:\WINDOWS\system32

2013-10-08 21:37:02 ----D---- C:\Documents and Settings\johnny\Application Data\Dropbox

2013-10-08 21:31:51 ----A---- C:\WINDOWS\SchedLgU.Txt

2013-10-08 21:29:38 ----D---- C:\WINDOWS

2013-10-08 21:29:28 ----D---- C:\WINDOWS\system32\drivers

2013-10-08 21:28:46 ----SD---- C:\WINDOWS\Tasks

2013-10-08 21:26:03 ----A---- C:\WINDOWS\system.ini

2013-10-08 21:25:51 ----SHD---- C:\System Volume Information

2013-10-08 21:25:51 ----D---- C:\WINDOWS\system32\Restore

2013-10-08 21:25:39 ----D---- C:\WINDOWS\system32\drivers\etc

2013-10-08 21:23:45 ----D---- C:\WINDOWS\system32\config

2013-10-08 21:23:35 ----D---- C:\WINDOWS\erdnt

2013-10-08 21:21:18 ----D---- C:\WINDOWS\AppPatch

2013-10-08 21:21:17 ----D---- C:\Program Files\Common Files

2013-10-08 21:17:55 ----D---- C:\WINDOWS\Prefetch

2013-10-08 21:09:15 ----D---- C:\Documents and Settings\johnny\Application Data\BitTorrent

2013-10-08 19:43:14 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2013-10-06 20:49:26 ----D---- C:\Documents and Settings\johnny\Application Data\vlc

2013-10-06 20:18:01 ----D---- C:\Config.Msi

2013-10-06 20:16:40 ----HD---- C:\WINDOWS\inf

2013-10-06 20:11:57 ----RSHDC---- C:\WINDOWS\system32\dllcache

2013-10-06 20:01:44 ----D---- C:\Documents and Settings\All Users\Application Data\Norton

2013-09-26 17:59:11 ----D---- C:\Documents and Settings\johnny\Application Data\PhotoScape

2013-09-26 00:56:29 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache

2013-09-16 17:04:52 ----D---- C:\Documents and Settings\johnny\Application Data\Mozilla

2013-09-15 23:20:32 ----D---- C:\Program Files\Garmin

2013-09-15 23:20:15 ----DC---- C:\WINDOWS\system32\DRVSTORE

2013-09-15 22:30:01 ----D---- C:\Program Files\BitTorrent

2013-09-15 16:33:31 ----D---- C:\Documents and Settings\johnny\Application Data\Vso

2013-09-13 00:36:03 ----D---- C:\Program Files\Internet Explorer

2013-09-13 00:33:58 ----A---- C:\WINDOWS\win.ini

2013-09-13 00:33:06 ----D---- C:\WINDOWS\system32\MRT

2013-09-13 00:31:41 ----D---- C:\WINDOWS\Debug

2013-09-13 00:31:36 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2013-09-02 145720]

R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2013-09-02 223032]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2013-08-20 102200]

R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2013-09-08 27448]

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

R1 Avgdiskx;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiskx.sys [2013-08-01 120120]

R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2013-09-02 209208]

R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22840]

R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2013-09-02 176952]

R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]

R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []

R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2010-04-28 54760]

R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2012-09-15 15781]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo); C:\WINDOWS\system32\drivers\npf_devolo.sys [2009-07-13 35840]

R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2012-01-12 30944]

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2010-03-26 243928]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-07-09 49920]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-07-09 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-09 21568]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-09-07 6141544]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]

R3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]

R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

R3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

R3 usbstor;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S3 ACSSCR;ACR38 Smart Card Reader; C:\WINDOWS\system32\DRIVERS\a38usb.sys [2012-09-20 33536]

S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\WINDOWS\System32\Drivers\ssadadb.sys [2013-04-03 32064]

S3 Arp1394;1394 ARP-clientprotocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]

S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []

S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2012-01-12 30944]

S3 BthEnum;Stuurprogramma voor Bluetooth-aanvraagblok; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]

S3 BthPan;Bluetooth-apparaat (PAN - Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]

S3 BTHPORT;Poortstuurprogramma voor Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272640]

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio's; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []

S3 cpuz134;cpuz134; \??\C:\DOCUME~1\johnny\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys []

S3 cpuz135;cpuz135; \??\K:\pc spellen\Nieuwe map\PC Wizard 2012\pcwiz_x32.sys []

S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys []

S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []

S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []

S3 mbamchameleon;mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys []

S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]

S3 NIC1394;1394-stuurprogramma; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]

S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2013-02-12 47360]

S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]

S3 RT2500USB;ASUS USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-08-13 140544]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2013-04-03 136904]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2013-04-03 17864]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2013-04-03 153672]

S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys []

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]

R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG2014\avgfws.exe [2013-09-22 1358944]

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2013-09-03 3538480]

R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2013-09-22 301152]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-06-22 182184]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-06 1733448]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-05-31 553288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-04 116648]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 fsssvc;De service Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-04 116648]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-18 118680]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-16 755880]

S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

alvast dank

johnny

[kape]

Download Zoek.zip naar het bureaublad.

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

chromelook; 
firefoxlook; 
 C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com;f
 C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\0t1a57fy.default\searchplugins\conduit-search.xml;f
 C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\0t1a57fy.default\searchplugins\nation-secure-search.xml;f
 C:\Documents and Settings\All Users\Application Data\AVG Nation toolbar;fs
 C:\Program Files\AVG Nation toolbar;fs
 C:\Documents and Settings\johnny\Application Data\DefaultTab;fs
 emptyfolderscheck;
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• IE Defaults
  
• Auto Clean
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post nu de inhoud van het geopende logje in het volgende bericht.
  

[johnnykaty]

Hier de gevraagde log.

Zoek.exe Version 4.0.0.5 Updated 07-October-2013

Tool run by johnny on wo 09/10/2013 at 16:59:57,17.

Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\DOCUME~1\JOHNNY\MIJNDO~1\DOWNLO~1\ZOEK.COM [script inserted] [Checkboxes used]

==== System Restore Info ======================

9/10/2013 17:01:44 Zoek.exe System Restore Point Created Succesfully.

==== Possible Rootkit Infection ======================

\system32\services.exe Possible Infected!

==== Empty Folders Check ======================

C:\PROGRA~1\dumps

C:\PROGRA~1\MSXML 4.0

C:\PROGRA~1\MyFree Codec

C:\PROGRA~1\Uninstall Information

C:\PROGRA~1\WindowsUpdate

C:\PROGRA~1\Xenocode

C:\Documents and Settings\All Users\Application Data\AVAST Software

C:\Documents and Settings\All Users\Application Data\Big Fish Games

C:\Documents and Settings\All Users\Application Data\BigFishGamesCache

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1214440339-162531612-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully

HKEY_USERS\S-1-5-21-1214440339-162531612-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

HKEY_USERS\S-1-5-21-1214440339-162531612-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-1214440339-162531612-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{A0C6B9D3-BA62-4C33-8BC3-B4BB65505E59} deleted successfully

HKEY_USERS\S-1-5-21-1214440339-162531612-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully

HKEY_USERS\S-1-5-21-1214440339-162531612-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\0t1a57fy.default

---- Lines delta removed from prefs.js ----

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta.aflt", "orgnl");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.dfltLng", "nl");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.id", "9cfb4fef000000000000001cc060ac6e");

user_pref("extensions.delta.instlDay", "15974");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.newTab", false);

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.vrsn", "1.8.24.6");

user_pref("extensions.delta.vrsnTs", "1.8.24.60:44:30");

user_pref("extensions.delta.vrsni", "1.8.24.6");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=5006");

user_pref("extensions.delta_i.srcExt", "ss");

---- Lines delta modified from prefs.js ----

---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.id", "9cfb4fef000000000000001cc060ac6e");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.instlDay", "15974");

user_pref("extensions.delta.vrsn", "1.8.24.6");

user_pref("extensions.delta.vrsni", "1.8.24.6");

user_pref("extensions.delta.vrsnTs", "1.8.24.60:44:30");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.aflt", "orgnl");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.dfltLng", "nl");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta_i.babTrack", ""affID=66899&tsp=5017" srcExt=def");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.srcExt", "");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.newTab", false);

---- Lines incredibar removed from prefs.js ----

---- Lines incredibar modified from prefs.js ----

---- Lines incredibar removed from user.js ----

---- Lines babylon removed from prefs.js ----

---- Lines babylon modified from prefs.js ----

---- Lines babylon removed from user.js ----

---- Lines Web Search removed from prefs.js ----

---- Lines Web Search modified from prefs.js ----

---- Lines Web Search removed from user.js ----

---- Lines defaulttab removed from prefs.js ----

---- Lines defaulttab modified from prefs.js ----

---- Lines defaulttab removed from user.js ----

---- Lines OneClickDownload removed from prefs.js ----

---- Lines OneClickDownload modified from prefs.js ----

---- Lines OneClickDownload removed from user.js ----

---- Lines browser.startup.page removed from prefs.js ----

---- Lines browser.startup.page modified from prefs.js ----

---- Lines browser.startup.page removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user_20130910_1706_.backup

prefs_20130910_1706_.backup

ProfilePath: C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\1woa8qus.Standaardgebruiker

---- Lines delta removed from prefs.js ----

---- Lines delta modified from prefs.js ----

---- Lines delta removed from user.js ----

---- Lines incredibar removed from prefs.js ----

---- Lines incredibar modified from prefs.js ----

---- Lines incredibar removed from user.js ----

---- Lines babylon removed from prefs.js ----

---- Lines babylon modified from prefs.js ----

---- Lines babylon removed from user.js ----

---- Lines Web Search removed from prefs.js ----

user_pref("browser.search.defaultengine", "Web Search");

user_pref("browser.search.defaultenginename", "Web Search");

user_pref("browser.search.order.1", "Web Search");

---- Lines Web Search modified from prefs.js ----

---- Lines Web Search removed from user.js ----

---- Lines defaulttab removed from prefs.js ----

---- Lines defaulttab modified from prefs.js ----

---- Lines defaulttab removed from user.js ----

---- Lines OneClickDownload removed from prefs.js ----

---- Lines OneClickDownload modified from prefs.js ----

---- Lines OneClickDownload removed from user.js ----

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 1);

---- Lines browser.startup.page modified from prefs.js ----

---- Lines browser.startup.page removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user_20130910_1706_.backup

prefs_20130910_1706_.backup

ProfilePath: C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\5dkd64lc.firefox

---- Lines delta removed from prefs.js ----

---- Lines delta modified from prefs.js ----

---- Lines delta removed from user.js ----

---- Lines incredibar removed from prefs.js ----

---- Lines incredibar modified from prefs.js ----

---- Lines incredibar removed from user.js ----

---- Lines babylon removed from prefs.js ----

---- Lines babylon modified from prefs.js ----

---- Lines babylon removed from user.js ----

---- Lines Web Search removed from prefs.js ----

user_pref("browser.search.defaultengine", "Web Search");

user_pref("browser.search.defaultenginename", "Web Search");

user_pref("browser.search.order.1", "Web Search");

---- Lines Web Search modified from prefs.js ----

---- Lines Web Search removed from user.js ----

---- Lines defaulttab removed from prefs.js ----

---- Lines defaulttab modified from prefs.js ----

---- Lines defaulttab removed from user.js ----

---- Lines OneClickDownload removed from prefs.js ----

---- Lines OneClickDownload modified from prefs.js ----

---- Lines OneClickDownload removed from user.js ----

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 1);

---- Lines browser.startup.page modified from prefs.js ----

---- Lines browser.startup.page removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user_20130910_1706_.backup

prefs_20130910_1706_.backup

ProfilePath: C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\fsirrm82.default

---- Lines delta removed from prefs.js ----

---- Lines delta modified from prefs.js ----

---- Lines delta removed from user.js ----

---- Lines incredibar removed from prefs.js ----

---- Lines incredibar modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn2\",\"mtime\":1347752794625},\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1347892790718},\"{336D0C35-8A85-403a-B9D2-65C292C39087}\":{\"descriptor\":\"C:\\\\Program Files\\\\IB Updater\\\\Firefox\",\"mtime\":1348069001843}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1348399321375}}},{\"name\":\"winreg-app-user\",\"addons\":{\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn2\",\"mtime\":1347752794625},\"{b64982b1-d112-42b5-b1e4-d3867c4533f8}\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\All Users\\\\Application Data\\\\Browser Manager\\\\2.2.643.41\\\\{16cdff19-861d-48e3-a751-d99a27784753}\\\\FirefoxExtension\",\"mtime\":1348400266468}}},{\"name\":\"app-profile\",\"addons\":{\"ffxtlbr@babylon.com\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\johnny\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\fsirrm82.default\\\\extensions\\\\ffxtlbr@babylon.com\",\"mtime\":1348401924687},\"ffxtlbr@incredibar.com\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\johnny\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\fsirrm82.default\\\\extensions\\\\ffxtlbr@incredibar.com\",\"mtime\":1348069012562},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\johnny\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\fsirrm82.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com\",\"mtime\":1348072255343}}}]");

---- Lines incredibar removed from user.js ----

---- Lines babylon removed from prefs.js ----

---- Lines babylon modified from prefs.js ----

---- Lines babylon removed from user.js ----

---- Lines Web Search removed from prefs.js ----

user_pref("browser.search.defaultengine", "Web Search");

user_pref("browser.search.defaultenginename", "Web Search");

user_pref("browser.search.order.1", "Web Search");

---- Lines Web Search modified from prefs.js ----

---- Lines Web Search removed from user.js ----

---- Lines defaulttab removed from prefs.js ----

---- Lines defaulttab modified from prefs.js ----

---- Lines defaulttab removed from user.js ----

---- Lines OneClickDownload removed from prefs.js ----

user_pref("extensions.bootstrappedAddons", "{\"OneClickDownload@OneClickDownload.com\":{\"version\":\"1.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Documents and Settings\\\\johnny\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\fsirrm82.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com\"}}");

user_pref("extensions.OneClickDownload.filter", "filter:1,3");

---- Lines OneClickDownload modified from prefs.js ----

---- Lines OneClickDownload removed from user.js ----

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 1);

---- Lines browser.startup.page modified from prefs.js ----

---- Lines browser.startup.page removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user_20130910_1706_.backup

prefs_20130910_1706_.backup

==== Deleting Files \ Folders ======================

"C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\fsirrm82.default\extensions\ffxtlbr@incredibar.com" not found

"C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\fsirrm82.default\extensions\ffxtlbr@babylon.com" not found

"C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\0t1a57fy.default\searchplugins\conduit-search.xml" deleted

"C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\0t1a57fy.default\searchplugins\nation-secure-search.xml" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\1woa8qus.Standaardgebruiker\searchplugins\Web Search.xml" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\5dkd64lc.firefox\searchplugins\Web Search.xml" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\fsirrm82.default\searchplugins\Web Search.xml" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\0t1a57fy.default\searchplugins\conduit-search.xml" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\0t1a57fy.default\searchplugins\nation-secure-search.xml" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\0t1a57fy.default\Invalidprefs.js" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\0t1a57fy.default\bProtector_extensions.rdf" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\1woa8qus.Standaardgebruiker\searchplugins\nation-secure-search.xml" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\1woa8qus.Standaardgebruiker\searchplugins\Web Search.xml" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\5dkd64lc.firefox\searchplugins\nation-secure-search.xml" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\5dkd64lc.firefox\searchplugins\Web Search.xml" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\fsirrm82.default\searchplugins\nation-secure-search.xml" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\fsirrm82.default\searchplugins\Web Search.xml" deleted

"C:\Program Files\AVG Nation toolbar\vprot.exe" deleted

"C:\PROGRA~1\AVG Nation toolbar\vprot.exe" deleted

"C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com" deleted

"C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults" deleted

"C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences" deleted

"C:\Documents and Settings\All Users\Application Data\AVG Nation toolbar" deleted

"C:\Program Files\AVG Nation toolbar" not deleted

"C:\Documents and Settings\johnny\Application Data\DefaultTab" deleted

"C:\PROGRA~1\Mozilla Firefox\extensions\ffxtlbr@babylon.com" deleted

"C:\PROGRA~1\AVG Nation toolbar" not deleted

"C:\PROGRA~1\TorrentHandler" deleted

"C:\PROGRA~1\MyFree Codec" deleted

"C:\DOCUME~1\johnny\Mijn documenten\Mijn muziek\Qtrax Media Library" deleted

"C:\Documents and Settings\All Users\Application Data\APN" deleted

"C:\Documents and Settings\All Users\Application Data\Registry Helper" deleted

"C:\Documents and Settings\All Users\Application Data\AVG Nation toolbar" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\1woa8qus.Standaardgebruiker\extensions\addon@defaulttab.com" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\5dkd64lc.firefox\extensions\addon@defaulttab.com" deleted

"C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\fsirrm82.default\extensions\addon@defaulttab.com" deleted

"C:\PROGRA~1\Mozilla Firefox\extensions\ffxtlbr@babylon.com" deleted

==== Files Recently Created / Modified ======================

====== ====

====== C:\WINDOWS\TEMP ====

====== \system32 =====

====== \system32\drivers =====

====== \Tasks ======

====== \Temp ======

======= C:\PROGRA~1 =====

2013-10-06 18:17:09 -------- d-----w- C:\PROGRA~1\COMMON~1\AVG Secure Search

2013-10-06 18:17:08 -------- d-----w- C:\PROGRA~1\AVG Nation toolbar

2013-10-06 18:15:53 -------- d-----w- C:\PROGRA~1\AVG

2013-09-16 15:07:51 -------- d-----w- C:\PROGRA~1\Mozilla Maintenance Service

======= C: =====

====== C:\DOCUME~1\johnny\APPLIC~1 ======

====== C:\DOCUME~1\johnny ======

2013-10-09 14:58:51 -------- d--h--w- C:\\WINDOWS\PIF

2013-10-08 20:37:12 6454C3ECA49FD90F5E2A6ED293E1FD34 35576 ----a-w- C:\\rsit\info.txt

2013-10-08 20:21:43 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\\Program Files\Trend Micro\johnny.exe

2013-10-08 19:31:34 -------- d-sh--w- C:\\RECYCLER\S-1-5-21-1214440339-162531612-839522115-1004

2013-10-08 19:28:52 A584128BC1AD6B532AEA47BD0448081B 13560 ----a-w- C:\\Qoobox\Add-Remove Programs.txt

2013-10-08 19:18:39 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\\WINDOWS\PEV.exe

2013-10-08 19:18:39 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\\WINDOWS\grep.exe

2013-10-08 19:18:39 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\\WINDOWS\zip.exe

2013-10-08 19:18:39 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\\WINDOWS\SWSC.exe

2013-10-08 19:18:39 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\\WINDOWS\MBR.exe

2013-10-08 19:18:34 -------- d-----w- C:\\Qoobox\BackEnv

2013-10-08 19:17:50 -------- d-----w- C:\\Qoobox\Quarantine

2013-10-08 17:43:12 1EF451DEA3ABB0D2B3AC408A9CA05B6A 17813896 ----a-w- C:\\WINDOWS\system32\FlashPlayerInstaller.exe

2013-10-06 18:17:08 -------- d-----w- C:\\Program Files\AVG Nation toolbar

2013-10-06 18:16:09 -------- d-----w- C:\\$AVG\$VAULT

2013-10-06 18:16:09 -------- d-----w- C:\\$AVG\$CHJW

2013-10-06 18:15:53 -------- d-----w- C:\\Program Files\AVG

2013-09-16 15:07:51 -------- d-----w- C:\\Program Files\Mozilla Maintenance Service

2013-09-16 15:03:24 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\\WINDOWS\nsreg.dat

2013-09-12 22:34:47 A7710B9272133082B6C0DF84D69B11B7 1374 ----a-w- C:\\WINDOWS\imsins.BAK

====== C: exe-files ==

2013-10-08 20:29:38 8C7FB9078A63B7E5E899E7A2DBB0DB53 1114624 ----a-w- C:\Documents and Settings\johnny\Local Settings\temp\3263765.Uninstall\uninstaller.exe

2013-10-08 20:21:43 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\johnny.exe

2013-10-08 20:21:00 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\johnny\Mijn documenten\Downloads\RSIT.exe

2013-10-08 20:17:33 EB8EEB98D01B5D31898D8E53C3789832 59784 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdateBroker.exe

2013-10-08 20:17:33 CEFEBDB9E274BD90C12D131ED25CC819 59784 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe

2013-10-08 20:17:33 4AFFF5FE4E69C8E7C5F1E4F3511301CF 818968 ----a-w- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdateSetup.exe

2013-10-08 20:17:30 CF7B0E597C1F34E528285495721DEEE9 237960 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe

2013-10-08 20:17:30 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdate.exe

2013-10-08 20:17:30 0DC0DE2966A6DBA4CFBF6639DF44F5BA 319880 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

2013-10-08 20:17:24 4AFFF5FE4E69C8E7C5F1E4F3511301CF 818968 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.165\GoogleUpdateSetup.exe

2013-10-08 19:18:39 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe

2013-10-08 19:18:39 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe

2013-10-08 19:18:39 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe

2013-10-08 19:18:39 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe

2013-10-08 19:18:39 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe

2013-10-08 18:41:09 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\johnny\Mijn documenten\Downloads\mbam-setup-1.75.0.1300(1).exe

2013-10-08 17:43:12 1EF451DEA3ABB0D2B3AC408A9CA05B6A 17813896 ----a-w- C:\WINDOWS\system32\FlashPlayerInstaller.exe

2013-10-06 18:52:33 CFE80B8F9933444E1DA99708DCA23900 3756320 ----a-w- C:\Documents and Settings\johnny\Bureaublad\Nieuwe map\nieuwe downloads\businesscards-mx-4-89-nederlands\BusinessCardsMX\BusinessCardsMX.exe

2013-10-06 18:52:20 85539F3EEC23B2B3B80E5221CF6EF927 570584 ----a-w- C:\Documents and Settings\johnny\Bureaublad\Nieuwe map\nieuwe downloads\businesscards-mx-4-89-nederlands\BusinessCardsMX\tificc.exe

2013-10-06 18:52:19 DFB5F3307FC3FE0AC6C247A5EE0C3BC2 408792 ----a-w- C:\Documents and Settings\johnny\Bureaublad\Nieuwe map\nieuwe downloads\businesscards-mx-4-89-nederlands\BusinessCardsMX\jpgicc.exe

2013-10-06 18:52:19 172631099341733634FC4CE4A2459F80 1176864 ----a-w- C:\Documents and Settings\johnny\Bureaublad\Nieuwe map\nieuwe downloads\businesscards-mx-4-89-nederlands\BusinessCardsMX\unins000.exe

2013-10-06 18:17:13 834418EBF22E0EF249B98D9A4E865EC6 641352 ----a-w- C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\17.0.12\DriverInstaller.exe

2013-10-06 18:17:11 6C7E1955C35950B7E9258B6AE2A65717 2372936 ----a-w- C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.12\ScriptHelper.exe

2013-10-06 18:17:09 D07FB49A3D7C51A782B659B716CDF661 1733448 ----a-w- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe

2013-10-06 18:16:01 4D7FB9493EBE8B9210DA9D9F3FD0B4E8 253488 ----a-w- C:\Program Files\AVG\AVG2014\avgndisx.exe

2013-10-06 18:10:33 3E3012073E57617ADD02EAE944C7F71C 2029734 ----a-w- C:\Documents and Settings\johnny\Bureaublad\Nieuwe map\nieuwe downloads\License Keys For all Antivirus Latest.exe

2013-10-06 17:37:09 57D55FA00710E94798F14AEF3CCBBF8F 251904 ----a-r- C:\Documents and Settings\johnny\Bureaublad\Nieuwe map\nieuwe downloads\AVG Anti-Virus 2014 Build 4116a6613 - x86 & x64 Incl Working Keygen\Keygen.exe

2013-10-06 17:26:04 9B97DA1AEBFA54315877BF8C9737104F 91235864 ----a-r- C:\Documents and Settings\johnny\Bureaublad\Nieuwe map\nieuwe downloads\businesscards-mx-4-89-nederlands\BusinessCardsMX-setup.exe

2013-10-04 20:17:30 ACBC9FB1394434F8F21E7DD0CA9A616B 8420704 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\30.0.1599.69\30.0.1599.69_29.0.1547.76_chrome_updater.exe

=== C: other files ==

2013-10-08 18:41:40 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2013-10-08 18:22:31 B749B05D5A7AD704E47D4565B4894D99 48728 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys

2013-10-06 18:17:13 15ACA2AD17ACECA4814F249783E63AD3 37664 ----a-w- C:\WINDOWS\system32\drivers\avgtpx86.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-1214440339-162531612-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run]

"D98A654CBC3DD4B1587618D1760AD0F8DBCB39FC._service_run"="C:\Program Files\Google\Chrome\Application\chrome.exe --type=service"

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY"

"vProt"="C:\Program Files\AVG Nation toolbar\vprot.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"D98A654CBC3DD4B1587618D1760AD0F8DBCB39FC._service_run"="C:\Program Files\Google\Chrome\Application\chrome.exe --type=service"

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\beidsccertprop]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="beidsccertprop"

"hkey"="HKLM"

"command"="C:\\Program Files\\Belgium Identity Card\\BeID Certprop\\beidsccertprop.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP Software Update"

"hkey"="HKLM"

"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Registry Repair Wizard Scheduler]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Registry Repair Wizard Scheduler"

"hkey"="HKCU"

"command"="\"K:\\downloads\\Registry Repair Wizard\\RCHelper.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

"item"="HP Digital Imaging Monitor"

"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\HP Digital Imaging Monitor.lnk"

"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"

"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe"

==== Firefox Extensions ======================

ProfilePath: C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\0t1a57fy.default

- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

ProfilePath: C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\fsirrm82.default

- Undetermined - C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\fsirrm82.default\extensions\ffxtlbr@incredibar.com

- Undetermined - C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\fsirrm82.default\extensions\ffxtlbr@babylon.com

- Undetermined - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension

==== Firefox Plugins ======================

Profilepath: C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\0t1a57fy.default

CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update

4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash

6B26A1F48CB569E5CAB324B68E44A469 - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll - AVG SiteSafety plugin

148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25

D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17

F045DF7AF127DC4BCC53421850114E15 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In

270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

66640A55AEFF3819C94E0A8D40D7E0AD - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director

1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery

7ABA2EAB736F7E9EB0E03ACAA42CCB51 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox

AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM

0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library

F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM

7D28153B7D586330678AD522B71D89CB - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight

3EA079023D32054BFD73D08E77C72609 - C:\WINDOWS\system32\npptools.dll - Besturingssysteem Microsoft® Windows®

Profilepath: C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\5dkd64lc.firefox

3F9F8E0F93D6FA7B7552077A3DF171DE - K:\downloads\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM

F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM

0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library

Profilepath: C:\DOCUME~1\johnny\APPLIC~1\Mozilla\Firefox\Profiles\fsirrm82.default

3F9F8E0F93D6FA7B7552077A3DF171DE - K:\downloads\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM

F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM

0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

ggkfikfcbnpfoicfjammigpnakpogebh - \K:\downloads\FVD Suite\addons\chrome\fvdext.crx\[]

hphibigbodkkohoglgfkddblldpfohjl - C:\Program Files\TorrentHandler\TorrentHandler.crx[]

kdidombaedgpfiiedeimiebkmbilgmlc - C:\Program Files\DefaultTab\DefaultTab.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Start Default_Page_URL"="http://search.certified-toolbar.com?si=42348&st=home&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1"

"Default_Search_URL"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Start Default_Page_URL"="http://search.certified-toolbar.com?si=42348&st=home&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1"

"Search Bar"="http://www.google.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.certified-toolbar.com?si=42348&st=bs&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.certified-toolbar.com?si=42348&st=bs&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.certified-toolbar.com?si=42348&st=bs&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q=%s"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.certified-toolbar.com?si=42348&st=bs&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.certified-toolbar.com?si=42348&st=bs&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.certified-toolbar.com?si=42348&st=bs&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]

"Start Page"="http://search.certified-toolbar.com?si=42348&st=home&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1"

"Start Default_Page_URL"="http://search.certified-toolbar.com?si=42348&st=home&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1"

"Default_Search_URL"="http://search.certified-toolbar.com?si=42348&st=chrome&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q="

"Search Bar"="http://search.certified-toolbar.com?si=42348&st=chrome&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q="

"Search Page"="http://search.certified-toolbar.com?si=42348&st=chrome&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q="

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"Start Page"="http://search.certified-toolbar.com?si=42348&st=home&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1"

"Start Default_Page_URL"="http://search.certified-toolbar.com?si=42348&st=home&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1"

"Default_Search_URL"="http://www.google.com/"

"Search Bar"="http://search.certified-toolbar.com?si=42348&st=chrome&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q="

"Search Page"="http://search.certified-toolbar.com?si=42348&st=chrome&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q="

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Start Page"="http://search.certified-toolbar.com?si=42348&st=home&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1"

"Start Default_Page_URL"="http://search.certified-toolbar.com?si=42348&st=home&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1"

"Default_Search_URL"="http://www.google.com/"

"Search Bar"="http://search.certified-toolbar.com?si=42348&st=chrome&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q="

"Search Page"="http://search.certified-toolbar.com?si=42348&st=chrome&tid=3662&ver=2.8&ts=1368048554578&tguid=42348-3662-1368048554578-C6213B5F65CDD0411B366D72924F57F1&q="

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1214440339-162531612-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Empty IE Cache ======================

C:\\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\\Documents and Settings\johnny\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\johnny\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\\Documents and Settings\johnny\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Program Files\AVG Nation toolbar" not found

"C:\PROGRA~1\AVG Nation toolbar" not found

==== EOF on wo 09/10/2013 at 17:13:35,96 ======================

[kape]

Hiermee is al behoorlijk wat rotzooi van de PC gehaald. Wil je nu nog het volgende uitvoeren:

Download AdwCleaner by Xplode naar je bureaublad.

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op Scan.
  
• Klik vervolgens op Clean als er items zijn gevonden.
  
• Klik bij Herstarten Noodzakelijk op OK
  

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[R1].txt.

Post aansluitend de inhoud van dit log in je volgende bericht.

[johnnykaty]

hier volgt het logbestand van AdwCleaner.

# AdwCleaner v3.007 - Report created 10/10/2013 at 16:29:32

# Updated 09/10/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : johnny - THUIS-F8288AC5C

# Running from : C:\Documents and Settings\johnny\Bureaublad\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Documents and Settings\johnny\Local Settings\Application Data\AVG Nation toolbar

Folder Deleted : C:\Documents and Settings\johnny\Application Data\AVG Nation toolbar

Folder Deleted : C:\Documents and Settings\johnny\Application Data\goforfiles

Folder Deleted : C:\Documents and Settings\johnny\Application Data\Systweak

[!] Folder Deleted : C:\Documents and Settings\johnny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hphibigbodkkohoglgfkddblldpfohjl

File Deleted : C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\0t1a57fy.default\user.js

File Deleted : C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\1woa8qus.Standaardgebruiker\user.js

File Deleted : C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\5dkd64lc.firefox\user.js

File Deleted : C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\fsirrm82.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hphibigbodkkohoglgfkddblldpfohjl

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\AppDataLow\Software\simplytech

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\DefaultTab

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\Software\Uniblue\DriverScanner

Key Deleted : HKLM\Software\Vittalia

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Protected Search_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdater

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v24.0 (nl)

[ File : C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\0t1a57fy.default\prefs.js ]

[ File : C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\1woa8qus.Standaardgebruiker\prefs.js ]

[ File : C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\5dkd64lc.firefox\prefs.js ]

[ File : C:\Documents and Settings\johnny\Application Data\Mozilla\Firefox\Profiles\fsirrm82.default\prefs.js ]

-\\ Google Chrome v30.0.1599.69

[ File : C:\Documents and Settings\johnny\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6264 octets] - [10/10/2013 16:28:46]

AdwCleaner[s0].txt - [6319 octets] - [10/10/2013 16:29:32]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6379 octets] ##########

[kape]

Uitstekend ... hoe zit het nu met de ongewenste reclame ?

[johnnykaty]

ik heb mijn website gecontroleerd en het blijkt allemaal weg te zijn.

thanks

[kape]

Dan kunnen we nu de gebruikte tools en de restjes van de besmettingen opruimen:

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings
  

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.

[johnnykaty]

ok ik heb dit alles gedaan en kan je nu nog maar enkel bedanken voor de geboden hulp, thanks