Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Poppel on zo 27-04-2014 at 14:15:37,10. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Poppel\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Users\Poppel\AppData\Local\PirritSuggestor\PirritService.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\TrustPort\bin\tpmgma.exe C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe C:\Program Files (x86)\WinRST\WinRST.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\TrustPort\Antivirus\bin\avss.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\TrustPort\Antivirus\bin\avas.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Poppel\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\taskmgr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\prevhost.exe C:\Windows\system32\NOTEPAD.EXE ==== System Restore Info ====================== 27-4-2014 14:22:52 Zoek.exe System Restore Point Created Succesfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\SearchProtect deleted successfully C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\Users\Poppel\AppData\Roaming\Publish Providers deleted successfully C:\Users\Poppel\AppData\Roaming\TP deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00cbb66b-1d3b-46d3-9577-323a336acb50} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00cbb66b-1d3b-46d3-9577-323a336acb50} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4f41-B61F-ED065738A397} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4f41-B61F-ED065738A397} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4f41-B61F-ED065738A397} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} deleted successfully HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\virtualKeyboard@kaspersky.ru deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\KavAntiBanner@Kaspersky.ru deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\linkfilter@kaspersky.ru deleted successfully ==== Installed Programs ====================== 󸵣¨’¬¬-Grand Theft Auto: Vice City Aangifte inkomstenbelasting 2010 Aangifte inkomstenbelasting 2011 Aangifte inkomstenbelasting 2012 ABBYY FineReader 9.0 Sprint Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge 1.0 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Common File Installer Adobe Default Language CS3 Adobe Device Central CS3 Adobe Digital Editions Adobe ExtendScript Toolkit 2 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Help Center 1.0 Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS2 Adobe Photoshop CS3 Adobe Reader X (10.1.0) MUI Adobe Reader X (10.1.6) - Nederlands Adobe Setup Adobe Shockwave Player 11.6 Adobe Stock Photos 1.0 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AMD APP SDK Runtime AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Ashampoo Burning Studio Ashampoo Photo Commander Ashampoo Photo Optimizer Ashampoo Snap Ask Toolbar Ask Toolbar Updater ATI AVIVO64 Codecs ATI Catalyst Install Manager avast Free Antivirus AVS Update Manager 1.0 AVS Video Converter 8 AVS4YOU Software Navigator 1.4 Babylon toolbar on IE BrowserCompanion Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Norwegian CCC Help Spanish CCC Help Swedish CCleaner Cisco Network Magic Compatibility Pack for the 2007 Office system Control ActiveX de Windows Live Mesh para conexiones remotas Contr“le ActiveX Windows Live Mesh pour connexions … distance Controlo ActiveX do Windows Live Mesh para Liga‡äes Remotas Corel Graphics - Windows Shell Extension Corel Graphics - Windows Shell Extension 64 Bit CorelDRAW Essentials X5 - Common CorelDRAW Essentials X5 - Connect CorelDRAW Essentials X5 - Custom Data CorelDRAW Essentials X5 - DE CorelDRAW Essentials X5 - Draw CorelDRAW Essentials X5 - EN CorelDRAW Essentials X5 - ES CorelDRAW Essentials X5 - Extra Content CorelDRAW Essentials X5 - Filters CorelDRAW Essentials X5 - FR CorelDRAW Essentials X5 - IPM CorelDRAW Essentials X5 - IT CorelDRAW Essentials X5 - PHOTO-PAINT CorelDRAW Essentials X5 - Redist CorelDRAW Essentials X5 - Setup Files CorelDRAW Essentials X5 - WT CorelDRAW Essentials X5 CyberLink LabelPrint CyberLink Power2Go CyberLink PowerDVD Copy CyberLink PowerRecover CyberLink WaveEditor D3DX10 Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Event Manager EPSON Scan EPSON SX125 Series Handboek EPSON SX125 Series Printer Uninstall EPSON SX235 Series Printer Uninstall EpsonNet Print Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych Fotogalerija Windows Live Galeria de Fotografias do Windows Live Galer¡a fotogr fica de Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Google Chrome Google Drive Google Toolbar for Internet Explorer Google Update Helper Java 7 Update 21 Java Auto Updater Java(TM) 6 Update 26 (64-bit) Junk Mail filter update Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave Kruidvat fotoservice Magic Bullet Editors 2.0 Vegas McAfee Security Scan Plus Medion Home Cinema Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Mathematics (64-bit) Microsoft Office 2010 Microsoft Office File Validation Add-In Microsoft Office Klik-en-Klaar 2010 Microsoft Office Professional Editie 2003 Microsoft Office Starter 2010 - Nederlands Microsoft PowerPoint 2010 Interactive Guide NLD Microsoft PowerPoint Viewer Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Mozilla Firefox 14.0.1 (x86 nl) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB973688) PDF Settings PhotoFiltre Studio X PlayReady PC Runtime amd64 Poczta uslugi Windows Live Podstawowe programy Windows Live Posta Windows Live Pure Networks Platform QuickShare Raccolta foto di Windows Live Raptr Realtek High Definition Audio Driver RegClean Pro RewardsArcade S?????? f?t???af??? t?? Windows Live Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Sony Vegas Pro 8.0 Spelling Dictionaries Support For Adobe Reader X Sportlink Club St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?æa???sæ??e? s??d?se?? System Speedup TrustPort Antivirus (Alleen verwijderen) Uzak BaglantÕlar I‡in Windows Live Mesh ActiveX Denetimi Vegas Pro 9.0 (64-bit) Vuze Vuze Remote Toolbar Wajam WebEx Support Manager for Internet Explorer Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Fotograf Galerisi Windows Live Fot¢t r Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Mesh ActiveX-objekt til fjernforbindelser Windows Live Mesh ActiveX-vez‚rlo t voli kapcsolatokhoz Windows Live Mesh ActiveX Control for Remote Connections Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Par‡alar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McComponentHostService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PirritDesktop deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PirritDesktop deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WajamUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WajamUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WajamUpdater deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Poppel\AppData\Roaming\Mozilla\Firefox\Profiles\x70dq83a.default user.js not found ---- Lines snap.do removed from prefs.js ---- user_pref("browser.newtab.url", "http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=NL&userid=197a4761-cd29-4b05-bf92-5ef2552aab6c&searchtype=nt&i user_pref("browser.startup.homepage", "http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=NL&userid=197a4761-cd29-4b05-bf92-5ef2552aab6c&searchtyp user_pref("keyword.URL", "http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=NL&userid=197a4761-cd29-4b05-bf92-5ef2552aab6c&searchtype=ds&installD ---- Lines suggestor modified from prefs.js ---- user_pref("extensions.enabledAddons", "{197a4761-cd29-4b05-bf92-5ef2552aab6c}:1.1,suggestor@suggestor.pirrit.com:2.2.5,{972ce4c6-7e08-4474-a285-320819 user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"crossriderapp498@crossrider.com\":{\"descriptor\":\"C:\\\\Users\\ ---- Lines pirrit modified from prefs.js ---- user_pref("extensions.enabledAddons", "{197a4761-cd29-4b05-bf92-5ef2552aab6c}:1.1,disabled@disabled.pirrit.com:2.2.5,{972ce4c6-7e08-4474-a285-3208198c user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"crossriderapp498@crossrider.com\":{\"descriptor\":\"C:\\\\Users\\ ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.defaultenginename", "Ask.com"); user_pref("browser.search.order.1", "Ask.com"); ---- Lines ask.com modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"crossriderapp498@crossrider.com\":{\"descriptor\":\"C:\\\\Users\\ ---- Lines wajam modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"crossriderapp498@crossrider.com\":{\"descriptor\":\"C:\\\\Users\\ ---- Lines Web Search removed from prefs.js ---- user_pref("browser.search.selectedEngine", "Web Search"); ---- Lines asktb removed from prefs.js ---- user_pref("extensions.asktb.ff-original-keyword-url", ""); ---- Lines crossrider modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"crossriderapp498@crossrider.com\":{\"descriptor\":\"C:\\\\Users\\ ---- FireFox user.js and prefs.js backups ---- prefs_27-04-2014_1434_.backup ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\McAfee Security Scan deleted C:\Program Files (x86)\BabylonToolbar deleted C:\Program Files (x86)\RewardsArcade deleted C:\Program Files (x86)\Wajam deleted C:\Program Files (x86)\Vuze_Remote deleted C:\Program Files (x86)\Ask.com deleted C:\PROGRA~2\BrowserCompanion deleted C:\PROGRA~2\System Speedup deleted C:\PROGRA~2\RegClean Pro deleted C:\PROGRA~2\Conduit deleted C:\found.000 deleted C:\Users\Poppel\AppData\Roaming\Babylon deleted C:\Users\Poppel\AppData\Roaming\systweak deleted C:\Users\Poppel\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\Ask deleted C:\PROGRA~3\Partner deleted C:\Users\Poppel\AppData\Local\CRE deleted C:\Users\Poppel\AppData\Local\APN deleted C:\Users\Poppel\AppData\Local\RewardsArcade deleted C:\Users\Poppel\AppData\Local\Wajam deleted C:\Users\Poppel\AppData\Local\Smartbar deleted C:\Users\Poppel\AppData\Local\Babylon deleted C:\Users\Poppel\AppData\Local\Conduit deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro deleted C:\Users\Poppel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\Poppel\Downloads\FileConverter_1.4 (1).exe deleted C:\Users\Poppel\Downloads\FileConverter_1.4.exe deleted C:\Users\Poppel\AppData\LocalLow\bbrs_002.tb deleted C:\Users\Poppel\AppData\LocalLow\Vuze_Remote deleted C:\Users\Poppel\AppData\LocalLow\AskToolbar deleted C:\Users\Poppel\AppData\LocalLow\PriceGong deleted C:\Users\Poppel\AppData\LocalLow\Conduit deleted C:\windows\SysNative\TASKS\Scheduled Update for Ask Toolbar deleted C:\END deleted C:\Windows\Syswow64\sho1737.tmp deleted C:\Windows\Syswow64\sho1F52.tmp deleted C:\Windows\Syswow64\sho245F.tmp deleted C:\Windows\Syswow64\sho2A5.tmp deleted C:\Windows\Syswow64\sho3065.tmp deleted C:\Windows\Syswow64\sho326B.tmp deleted C:\Windows\Syswow64\sho36D6.tmp deleted C:\Windows\Syswow64\sho3A3A.tmp deleted C:\Windows\Syswow64\sho4DE9.tmp deleted C:\Windows\Syswow64\sho5A65.tmp deleted C:\Windows\Syswow64\sho5E67.tmp deleted C:\Windows\Syswow64\sho6F27.tmp deleted C:\Windows\Syswow64\sho73F7.tmp deleted C:\Windows\Syswow64\sho8994.tmp deleted C:\Windows\Syswow64\sho8DCA.tmp deleted C:\Windows\Syswow64\sho9CA0.tmp deleted C:\Windows\Syswow64\shoBA97.tmp deleted C:\Windows\Syswow64\shoC5CE.tmp deleted C:\Windows\Syswow64\shoCBB1.tmp deleted C:\Windows\Syswow64\shoD744.tmp deleted C:\Windows\Syswow64\shoE0FB.tmp deleted C:\Windows\Syswow64\shoE1B7.tmp deleted C:\Windows\Syswow64\shoE362.tmp deleted C:\Windows\Syswow64\shoE633.tmp deleted C:\Windows\Syswow64\shoE98A.tmp deleted C:\Users\Poppel\AppData\Roaming\Mozilla\Firefox\Profiles\x70dq83a.default\searchplugins\Web Search.xml deleted C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted C:\Users\Poppel\AppData\Roaming\Mozilla\Firefox\Profiles\x70dq83a.default\extensions\toolbar@ask.com deleted C:\Users\Poppel\AppData\Roaming\Mozilla\Firefox\Profiles\x70dq83a.default\extensions\suggestor@suggestor.pirrit.com.xpi deleted "C:\Users\Poppel\AppData\Local\PirritSuggestor\msvcp100.dll" deleted "C:\Users\Poppel\AppData\Local\PirritSuggestor\msvcr100.dll" not deleted "C:\Users\Poppel\AppData\Local\PirritSuggestor\PirritService.exe" deleted "C:\Users\Poppel\AppData\Local\PirritSuggestor\QtCore4.dll" deleted "C:\Users\Poppel\AppData\Local\PirritSuggestor" not deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3577 MB CPU Info: AMD A8-3800 APU with Radeon(tm) HD Graphics CPU Speed: 2445,5 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: AMD Radeon HD 6550D | AMD Radeon HD 6550D | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1280 X 1024 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SH-216AB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 890,4GB | D: 40,0GB | Q: 0,0MB Hard Disks - Free: C: 623,8GB | D: 19,4GB | Q: 0,0MB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 07/22/11 | MEDION - 2252011 Time Zone: West-Europa (standaardtijd) Motherboard *: MEDIONPC MS-7748 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Internet Explorer Version: 11.0.9600.17041 Mozilla Firefox version: 14.0.1 (x86 nl) Google Chrome version: 34.0.1847.116 Adobe Reader version: 10.1.6.1 Sun Java version: 1.7.0_21 (32-bit) Sun Java version: 1.6.0_26 (64-bit) Flash Player version: 11.7.700.224 Shockwave Player version: 11.6r626 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-04-26 20:37:40 0B5A0005C0BDF4A05174576AF80DEA04 43152 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\Poppel\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-04-18 18:43:43 AA12D7A960DB78DD9690AB5B5DAE6586 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-04-18 18:43:40 CE6921D33682C6C3DB8A45853CC69402 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-04-18 18:43:32 A127D17C354B473B0F4C6265538F5A2C 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-04-18 18:43:23 7E9FE7DB43BC204E44F159F843E35C15 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-04-18 18:43:22 34FC79C948EE2C5FD0CD699E7D7F91B7 244224 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-04-18 18:43:21 EDACA6C44D9CE200F899B7DB0F201DFF 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-04-18 18:43:20 EBC35FE64056910A84485BEEB6DCCAC6 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-04-18 18:43:19 31385A6CAA31BE9D07B0B32E5AA99ABB 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-04-18 18:43:18 82287FCFFA4A2D60FD744E3FEB3192C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-04-18 18:43:18 21BF6759685FD193715B483F2B3F21B1 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-04-18 18:43:18 0FDC1A576A3F40420882C0F7C4A66EAD 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-04-18 18:43:16 C9CA9803299EB6AFA34CB520BAAB083D 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-18 18:43:11 6557B48D53D653CFCCE3CB1CFA53A8E1 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-18 18:43:11 0F4A295516781897FFB09B4CCF2E8798 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-04-18 18:43:10 BB185D4A9362AA17CBCEC0768CDBF249 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-04-18 18:43:06 05BD47136DE62FAFE9F95B40E4100144 2178048 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-04-18 18:43:05 E4E829EE073E046B0EB19B5FECB19B8C 1789440 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-04-18 18:43:04 76F58DB8F85C125E0D6B3AA42F3BF1D0 1143808 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-04-18 18:43:01 C4A383FD50FBD7E274DD41CF571DF898 1967104 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-04-18 18:42:56 2AFBB91BBD2378933B26E6D68C140D1B 11745792 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-04-18 18:42:53 EA85144F35EDE6EE25C484D4242FF2C8 17387008 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-04-18 18:42:51 8C46360D6EF9D4C563FE834C4F287DA3 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-04-18 18:43:43 7446786E7092ABE122D372F95E6ED74B 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-04-18 18:43:40 FFF555C177D9F2B79B5C3146BED09FB1 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-04-18 18:43:32 6A8AA25D37F89E40B834F34950E3B89B 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-04-18 18:43:31 D6067F7EE060C5D6D79008AD591B4E3B 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-04-18 18:43:31 964C89BC8A52A260D68C90FDDEB862E2 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-04-18 18:43:31 72116CC377FF4281B0132C397026D911 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-04-18 18:43:31 3F498856C68725717195C16568FE19D0 586240 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-04-18 18:43:24 3F547245C78F4847B73EDDFD4A2F7E12 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-04-18 18:43:23 E0D95345D1EBB54F28E958782B9C0CE0 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-04-18 18:43:23 CFBA793F678EB3855052ECF99357A9A1 296960 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-04-18 18:43:20 E7161E2C66FF9B1E87C30FC9D2497ABB 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-04-18 18:43:20 CB57E934280D346AE0A9B053DAA284C5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-04-18 18:43:20 75AD355828187145A60E3DC7BAF7B0F3 628736 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-04-18 18:43:18 A3F9A9E46BDDBB8B20B7CF3EEDB990F2 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-04-18 18:43:18 1BF215FF4DF6DE10D2F81A2CE85157D2 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-04-18 18:43:15 37D0FB9E5E8EDA40B66FC3FB3D660261 23549440 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-04-18 18:43:10 EBAD8A4D048ED257E4A45F6356541F86 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-04-18 18:43:10 915D8A9E112C97C90C654F792B6B28B9 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-04-18 18:43:08 A3A132CBE48AF0324466469F2CAAE8A2 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-04-18 18:43:08 710FD0E362A1A5C087DB90C1BAC46411 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-04-18 18:43:05 F220BA78AB542C70211D73AE4729B2CD 2260480 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-04-18 18:43:05 1F8534A19A66275C863DE17645CB2A13 2767360 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-04-18 18:43:04 32417AE8280276968E5C551ED85D3525 1400832 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-04-18 18:43:00 1654093C8BD3342997D27B71684ACCE8 2043904 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-04-18 18:42:59 A14BB2F5F6457738AAA11367F5172A05 13551104 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-04-18 18:42:53 BF25489459C7A762DD7B3186C7E3984D 5784064 ----a-w- C:\Windows\Sysnative\jscript9.dll ====== C:\Windows\Sysnative\drivers ===== 2014-04-26 20:37:47 340B0467E98A8C92697D73034DB4BCB7 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys 2014-04-09 14:24:53 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys 2014-04-09 14:24:53 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys 2014-04-09 14:24:53 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\Sysnative\drivers\msiscsi.sys 2014-04-09 14:24:39 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2014-04-05 15:00:05 -------- d-----w- C:\PROGRA~2\WinRST ======= C: ===== ====== C:\Users\Poppel\AppData\Roaming ====== 2014-04-05 15:00:09 -------- d-----w- C:\Users\Poppel\AppData\Local\PirritSuggestor 2014-04-05 14:59:57 -------- d-----w- C:\Users\Poppel\AppData\Local\Programs ====== C:\Users\Poppel ====== 2014-04-23 16:46:30 !HASH: COULD NOT OPEN FILE !!!!! 449032 ----a-w- C:\Users\Poppel\Downloads\Java (2).exe 2014-04-23 16:46:07 !HASH: COULD NOT OPEN FILE !!!!! 449032 ----a-w- C:\Users\Poppel\Downloads\Java (1).exe 2014-04-23 16:45:49 !HASH: COULD NOT OPEN FILE !!!!! 449032 ----a-w- C:\Users\Poppel\Downloads\Java.exe 2014-04-23 10:05:09 C14D7BF2FC845E052953D49FB45EC3DA 624000 ----a-w- C:\Users\Poppel\Downloads\uplayermediaplayer-setup.exe 2014-04-05 15:00:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup ====== C: exe-files == 2014-04-23 16:46:30 !HASH: COULD NOT OPEN FILE !!!!! 449032 ----a-w- C:\Users\Poppel\Downloads\Java (2).exe 2014-04-23 16:46:07 !HASH: COULD NOT OPEN FILE !!!!! 449032 ----a-w- C:\Users\Poppel\Downloads\Java (1).exe 2014-04-23 16:45:49 !HASH: COULD NOT OPEN FILE !!!!! 449032 ----a-w- C:\Users\Poppel\Downloads\Java.exe 2014-04-23 10:05:09 C14D7BF2FC845E052953D49FB45EC3DA 624000 ----a-w- C:\Users\Poppel\Downloads\uplayermediaplayer-setup.exe === C: other files == 2014-04-26 20:37:47 340B0467E98A8C92697D73034DB4BCB7 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys 2014-04-21 08:13:53 418FEA1A0AA0D52A15E11654EFCC709A 524495 ----a-w- C:\Users\Poppel\Downloads\True.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "EPLTarget\P0000000000000002"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT EPLTarget\P0000000000000002 /M Epson Stylus SX235" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "nmctxth"="C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" "nmapp"="C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "EPLTarget\P0000000000000002"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT EPLTarget\P0000000000000002 /M Epson Stylus SX235" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MedionReminder"="C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "MedionReminder"="C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AntivirusCommunicatorAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AntivirusCommunicatorAgent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\TrustPort\\Antivirus\\bin\\avcom.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ApnUpdater" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser companion helper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Browser companion helper" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\BrowserCompanion\\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Infrastructure Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Browser Infrastructure Helper" "hkey"="HKCU" "command"="C:\\Users\\Poppel\\AppData\\Local\\Smartbar\\Application\\QuickShare.exe startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EEventManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Download Assistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Logitech Download Assistant" "hkey"="HKLM" "command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\System32\\LogiLDA.dll,LogiFetch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Raptr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Raptr" "hkey"="HKCU" "command"="C:\\PROGRA~2\\Raptr\\raptrstub.exe --startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RTHDVCPL" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrustPortTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TrustPortTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\TrustPort\\Bin\\tptray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "item"="McAfee Security Scan Plus" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\MCAFEE~1\\307523~1.318\\SSSCHE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Poppel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] "item"="Adobe Gamma" "path"="C:\\Users\\Poppel\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk" "backup"="C:\\Windows\\pss\\Adobe Gamma.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11-06-2013 20:55] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22-09-2011 19:08] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22-09-2011 19:08] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\TrustPort Updater" [C:\Program Files (x86)\Common Files\TrustPort\bin\tpupdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [26-04-2014 22:37] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}"="C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Poppel\AppData\Roaming\Mozilla\Firefox\Profiles\x70dq83a.default - QuickShare Widget - %ProfilePath%\extensions\{197a4761-cd29-4b05-bf92-5ef2552aab6c} - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Poppel\AppData\Roaming\Mozilla\Firefox\Profiles\x70dq83a.default ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11 3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies B6A800D881A0176C544988870861E798 - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Deleted Firefox Extensions ====================== C:\Users\Poppel\AppData\Roaming\Mozilla\Firefox\Profiles\x70dq83a.default\extensions\{197a4761-cd29-4b05-bf92-5ef2552aab6c} deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaaojmikegpiepcfdkkjaplodkpfmlo - C:\Users\Poppel\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx[] ajabgmkadchiibcnkdghiihchmlfjnmc - C:\Users\Poppel\AppData\Local\CRE\ajabgmkadchiibcnkdghiihchmlfjnmc.crx[] clbfjfbnelcflpgpklppgplejolacbej - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx[] dcmagccbogebndpoodhhhafmofelpffh - C:\Users\Poppel\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx[] gofacahppddaelecjcnckoflcmfdnnkp - C:\Users\Poppel\AppData\Local\CRE\gofacahppddaelecjcnckoflcmfdnnkp.crx[] jpmbfleldcgkldadpdinhjjopdfpjfjp - C:\Users\Poppel\AppData\Local\Wajam\Chrome\wajam.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions ajabgmkadchiibcnkdghiihchmlfjnmc - C:\Users\Poppel\AppData\Local\CRE\ajabgmkadchiibcnkdghiihchmlfjnmc.crx[] amfclgbdpgndipgoegfpkkgobahigbcl - C:\Users\Poppel\AppData\Local\Smartbar/Application\1Extension.crx[] gofacahppddaelecjcnckoflcmfdnnkp - C:\Users\Poppel\AppData\Local\CRE\gofacahppddaelecjcnckoflcmfdnnkp.crx[] Google Wallet - Poppel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chrome Fix ====================== C:\Users\Poppel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully C:\Users\Poppel\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=NL&userid=197a4761-cd29-4b05-bf92-5ef2552aab6c&searchtype=hp&installDate=25/05/2013" "Search Page"="http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=NL&userid=197a4761-cd29-4b05-bf92-5ef2552aab6c&searchtype=ds&q={searchTerms}&installDate=25/05/2013" "Default_Page_URL"="http://www.aldi.com" "Search Bar"="http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=NL&userid=197a4761-cd29-4b05-bf92-5ef2552aab6c&searchtype=ds&q={searchTerms}&installDate=25/05/2013" "Use Search Asst"="yes" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=NL&userid=197a4761-cd29-4b05-bf92-5ef2552aab6c&searchtype=ds&q={searchTerms}&installDate=25/05/2013" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=NL&userid=197a4761-cd29-4b05-bf92-5ef2552aab6c&searchtype=ds&q={searchTerms}&installDate=25/05/2013" "SearchAssistant"="http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=NL&userid=197a4761-cd29-4b05-bf92-5ef2552aab6c&searchtype=ds&q={searchTerms}&installDate=25/05/2013" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" "Use Search Asst"="no" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Mozilla\Firefox\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\crossriderapp498@crossrider.com deleted successfully ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=http://127.0.0.1:9880" "ProxyOverride"="" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ajabgmkadchiibcnkdghiihchmlfjnmc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gofacahppddaelecjcnckoflcmfdnnkp deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ajabgmkadchiibcnkdghiihchmlfjnmc deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gofacahppddaelecjcnckoflcmfdnnkp deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser companion helper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000002" /M "Epson Stylus SX235" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file) O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file) O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: TrustPort Antivirus On-Access Scanner Agent (avas_service) - TrustPort, a.s. - C:\Program Files (x86)\TrustPort\Antivirus\bin\avas.exe O23 - Service: TrustPort Antivirus Service Scanner Provider (avss_service) - TrustPort, a.s. - C:\Program Files (x86)\TrustPort\Antivirus\bin\avss.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TrustPort Core Service (tpmgma_service) - TrustPort, a.s. - C:\Program Files (x86)\Common Files\TrustPort\bin\tpmgma.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WinRST - Unknown owner - C:\Program Files (x86)\WinRST\WinRST.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Poppel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Poppel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Poppel\AppData\Local\Mozilla\Firefox\Profiles\x70dq83a.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Poppel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1819 folders=189 145107304 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Poppel\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Poppel\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Poppel\AppData\Local\PirritSuggestor\msvcr100.dll" not found "C:\Users\Poppel\AppData\Local\PirritSuggestor" not found ==== EOF on zo 27-04-2014 at 17:18:28,23 ======================