Johan Vancoillie
Lid-
Items
22 -
Registratiedatum
-
Laatst bezocht
Johan Vancoillie's prestaties
-
Mail delivery failed: returning message to sender
Johan Vancoillie reageerde op Johan Vancoillie's topic in Archief Internet & Netwerk
[ATTACH]36442[/ATTACH] zoek-results.log -
Mail delivery failed: returning message to sender
Johan Vancoillie reageerde op Johan Vancoillie's topic in Archief Internet & Netwerk
[ATTACH]36375[/ATTACH] log.txt -
Mail delivery failed: returning message to sender
Johan Vancoillie reageerde op Johan Vancoillie's topic in Archief Internet & Netwerk
De mail staat niet meer in mijn postvak-uit. Ik krijg die zowel binnen op Telenet-Inbox als op Postvak-in van mijn Outlook Express. -
Mail delivery failed: returning message to sender
Johan Vancoillie reageerde op Johan Vancoillie's topic in Archief Internet & Netwerk
De mail die ik verstuurd heb, was naar info@kanokan.be. Dit gebeurde via Telenet webmail. Het antwoord dat ik hierop elke 18 minuten ontvang staat hierboven. Ik verwijder ze telkens maar toch ontvang ik telkens weer de zelfde mail in mijn inbox. Ik versleep hem ook telkens naar mijn spambox, maar hij blijft aankomen in mijn inbox. -
Mail delivery failed: returning message to sender
Johan Vancoillie plaatste een topic in Archief Internet & Netwerk
Ik heb een mail verzonden. Hij kon niet geleverd worden. Normaliter krijg je dan onderstaande melding, maar nu krijg ik die mail reeds 2 dagen na elkaar, om de 20 minuten. Kan je narekenen hoeveel er dat per dag zijn. Kan ik hier iets aan doen? This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: retry timeout exceeded ------ This is a copy of the message, including all the headers. ------ ------ The body of the message is 167713 characters long; only the first ------ 106496 or so are included here. Return-path: Received: from [195.130.137.75] (helo=winston.telenet-ops.be) by host.groovywebmaster.com with esmtp (Exim 4.63) (envelope-from id 1XbPyt-0004r9-34 for ; Tue, 07 Oct 2014 03:18:51 -0500 Received: from baptiste.telenet-ops.be (baptiste.telenet-ops.be [195.130.132.51]) by winston.telenet-ops.be (Postfix) with ESMTP id CC1161BDABF for <>; Mon, 6 Oct 2014 15:19:18 +0200 (CEST) Received: from zcsnocm59.telenet-ops.be ([213.224.144.93]) by baptiste.telenet-ops.be with bizsmtp id zpEF1o001217UqV01pEF81; Mon, 06 Oct 2014 15:14:16 +0200 Date: Mon, 6 Oct 2014 15:14:14 +0200 (CEST) From: Message-ID: In-Reply-To: References: <F627D739F6BC42E782A9020AE670B5B9@johan91485be8a> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_45619902_1295671445.1412601254702" X-Originating-IP: [::ffff:178.116.101.32] Thread-Topic: The Vanco Brothers Thread-Index: K7QJPM9UGuBPRk3RachN6nAHiAZ6SmgsxPxJ8K/HIXMUKuGwgv5ptgfNPci4mpc= To: undisclosed-recipients:; ------=_Part_45619902_1295671445.1412601254702 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable -
Malware
Johan Vancoillie reageerde op vancoillie johan's topic in Archief Bestrijding malware & virussen
Bij mij is enkel de knop "+Reageren op discussie" te zien. De knop ernaast "+Markeer als opgelost" , zoals op de afbeelding is bij mij niet te zien. Ik ben nochtans ingelogd. -
Malware
Johan Vancoillie reageerde op vancoillie johan's topic in Archief Bestrijding malware & virussen
Nu is hij inderdaad verdwenen. Van harte bedankt. Moet ik nog acties ondernemen of mag ik markeren als opgelost? Waar vind ik trouwens die knop Markeer als OPGELOST? -
Malware
Johan Vancoillie reageerde op vancoillie johan's topic in Archief Bestrijding malware & virussen
Ik heb Windows in veilige modus opgestart maar C:\Windows\system32\PCProtect.dll heb ik niet kunnen verwijderen. (C:\Windows\system32\drivers\pcwatch.sys heb ik wel kunnen verwijderen) Telkens krijg ik de melding: Toegang tot doelmap geweigerd. U bent niet gemachtigd om deze bewerking uit te voeren. Delfix.exe heb ik wel kunnen uitvoeren. -
Malware
Johan Vancoillie reageerde op vancoillie johan's topic in Archief Bestrijding malware & virussen
ComboFix 14-03-03.02 - Johan 03/03/2014 23:51:14.4.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.2039.896 [GMT 1:00] Gestart vanuit: c:\users\Johan\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Johan\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_PCWATCH -------\Service_pcwatch . . (((((((((((((((((((( Bestanden Gemaakt van 2014-02-03 to 2014-03-03 )))))))))))))))))))))))))))))) . . 2014-03-03 23:02 . 2014-03-03 23:05 -------- d-----w- c:\users\Johan\AppData\Local\temp 2014-03-03 23:02 . 2014-03-03 23:02 -------- d-----w- c:\users\mozaiek\AppData\Local\temp 2014-03-03 23:02 . 2014-03-03 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-03 22:38 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99A6B602-29F6-474B-897E-39582FF5CAD4}\mpengine.dll 2014-03-03 13:05 . 2014-03-03 12:37 24064 ----a-w- c:\windows\zoek-delete.exe 2014-03-03 07:59 . 2014-03-03 07:59 -------- d-----w- c:\users\Johan\AppData\Roaming\Simple Star 2014-03-03 07:39 . 2014-03-03 13:01 -------- d-----w- C:\zoek_backup 2014-03-02 20:31 . 2014-03-02 20:31 -------- d-----w- c:\windows\ERUNT 2014-03-02 19:31 . 2014-03-02 19:31 -------- d--h--w- c:\windows\msdownld.tmp 2014-03-02 19:27 . 2014-03-02 19:39 -------- d-----w- C:\AdwCleaner 2014-03-02 18:21 . 2014-02-17 12:30 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3552FCFB-F74F-423A-A4C6-8D492EAE2191}\gapaengine.dll 2014-03-02 18:20 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-02 18:02 . 2014-03-02 18:04 -------- d-----w- c:\program files\Microsoft Security Client 2014-03-02 17:59 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2014-03-01 15:35 . 2014-03-01 15:35 -------- d-----w- c:\users\Johan\AppData\Roaming\Malwarebytes 2014-03-01 15:34 . 2014-03-01 15:34 -------- d-----w- c:\programdata\Malwarebytes 2014-03-01 15:34 . 2014-03-01 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2014-03-01 15:34 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-02-28 20:02 . 2014-02-28 20:02 -------- d-----w- c:\users\Johan\AppData\Local\Macromedia 2014-02-28 20:00 . 2014-02-28 20:00 -------- d-----w- c:\users\Johan\AppData\Local\Mozilla 2014-02-28 20:00 . 2014-02-28 20:00 -------- d-----w- c:\program files\Mozilla Maintenance Service 2014-02-28 13:26 . 2014-03-02 21:18 -------- d-----w- c:\program files\trend micro 2014-02-28 13:26 . 2014-02-28 13:28 -------- d-----w- C:\rsit 2014-02-28 07:17 . 2014-02-28 07:17 -------- d-----w- c:\windows\Migration 2014-02-27 15:07 . 2014-02-27 15:07 -------- d-----w- c:\users\Johan\AppData\Local\ApplicationHistory 2014-02-27 12:16 . 2014-02-27 12:16 -------- d-----w- c:\users\Johan\AppData\Roaming\vlc 2014-02-27 12:16 . 2014-02-27 12:16 -------- d-----w- c:\users\Johan\AppData\Roaming\FLV and Media Player 2014-02-27 12:15 . 2014-02-27 12:15 -------- d-----w- c:\programdata\Common Toolkit Suite 2014-02-27 11:54 . 2014-01-08 06:09 19840 ----a-w- c:\windows\system32\drivers\pcwatch.sys 2014-02-27 11:54 . 2014-01-08 06:08 293984 ----a-w- c:\windows\system32\PCProtect.dll 2014-02-13 07:11 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-01 14:58 . 2012-04-16 06:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-01 14:58 . 2011-06-08 06:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-06 07:08 . 2014-02-28 07:37 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A893665-38D0-456A-84C2-AB21D4C1F6DE}\mpengine.dll 2014-01-19 07:32 . 2009-10-20 07:58 231584 ------w- c:\windows\system32\MpSigStub.exe 2013-12-18 20:10 . 2014-01-21 07:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024] "Nero PhotoShow Media Manager"="c:\progra~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 312848] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-13 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-12 154136] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-12 129560] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] . c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Spoon.net Sandbox Manager 3.33.lnk - c:\users\Johan\AppData\Local\Spoon\3.33.6.199\Spoon-Sandbox.exe [2014-1-10 4616840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Johan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk] path=c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole Picture Motion Browser.lnk backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd] 2008-10-17 14:52 1086768 ------w- c:\program files\Brownie\BrStsWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2008-10-09 05:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-16 22:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] 2007-11-06 14:34 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-24 23:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-02-28 20:28 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 09:28] . 2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 09:28] . . ------- Bijkomende Scan ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.131.133 195.130.130.5 FF - ProfilePath - c:\users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\zqeqhe5s.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2014-03-04 00:07 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\@* *& ] @Allowed: (Read) (RestrictedCode) "MachineID"=hex:06,5a,9b,71,56,f0,a3,00 . [HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0] @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0\ImageDataLightboxSR\ControlState] "008b-06a9"=dword:00000001 "008b-06ab"=dword:00000000 "008b-0514"="ARW 2.0-formaat" "008b-0580"="" "008b-0583"="c:\\Users\\Johan\\Documents\\Image Data Converter SR\\Collections" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\system32\conime.exe c:\windows\system32\igfxsrvc.exe c:\program files\Nero\PhotoShow 5\data\Xtras\mssysmgr.exe c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2014-03-04 00:12:41 - machine werd herstart ComboFix-quarantined-files.txt 2014-03-03 23:12 ComboFix2.txt 2014-03-03 21:06 . Pre-Run: 45.135.339.520 bytes beschikbaar Post-Run: 44.813.410.304 bytes beschikbaar . - - End Of File - - FDD152C34526D6A96D06ADBFE775B570 84DAAF92C4695AE60591C148EED5E3F3 -
Malware
Johan Vancoillie reageerde op vancoillie johan's topic in Archief Bestrijding malware & virussen
ComboFix 14-03-03.02 - Johan 03/03/2014 21:42:48.2.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.2039.1033 [GMT 1:00] Gestart vanuit: c:\users\Johan\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\X86 . ---- Voorgaande Run ------- . c:\program files\ir.exe c:\programdata\33A33D8C61.sys c:\users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\melondrea_iels c:\users\Johan\Documents\~WRL0009.tmp c:\users\Johan\Documents\~WRL0053.tmp c:\users\Johan\Documents\~WRL0071.tmp c:\users\Johan\Documents\~WRL0094.tmp c:\users\Johan\Documents\~WRL0408.tmp c:\users\Johan\Documents\~WRL0470.tmp c:\users\Johan\Documents\~WRL0474.tmp c:\users\Johan\Documents\~WRL0516.tmp c:\users\Johan\Documents\~WRL0634.tmp c:\users\Johan\Documents\~WRL1040.tmp c:\users\Johan\Documents\~WRL1129.tmp c:\users\Johan\Documents\~WRL1214.tmp c:\users\Johan\Documents\~WRL1580.tmp c:\users\Johan\Documents\~WRL1693.tmp c:\users\Johan\Documents\~WRL2660.tmp c:\users\Johan\Documents\~WRL3084.tmp c:\users\Johan\Documents\~WRL3113.tmp c:\users\Johan\Documents\~WRL3353.tmp c:\users\Johan\Documents\~WRL3478.tmp c:\users\Johan\Documents\~WRL3954.tmp c:\users\mozaiek\AppData\Roaming c:\users\mozaiek\AppData\Roaming\Adobe\Acrobat\8.0\Synchronizer\adobesynchronizersu80 c:\users\mozaiek\AppData\Roaming\Adobe\Acrobat\8.0\Synchronizer\metadata\Synchronizer80 c:\users\mozaiek\AppData\Roaming\Google\Local Search History\google%2Eweb.w c:\users\mozaiek\AppData\Roaming\InterVideo\WinDVD\5.0\Bookmark\Ardennen 2010-573075874_Auto.bmk c:\users\mozaiek\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch c:\users\mozaiek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085648268-594906628-2024494315-1006\211d6170acdead96f2b0b3abc11b841a_207aa63c-8ed0-4d95-82e7-567eb3ee1e26 c:\users\mozaiek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085648268-594906628-2024494315-1006\2c213f36ee5b58c4e6131a062d6a848d_207aa63c-8ed0-4d95-82e7-567eb3ee1e26 c:\users\mozaiek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085648268-594906628-2024494315-1006\3b506bb7ec45930bece63a7501c6d653_207aa63c-8ed0-4d95-82e7-567eb3ee1e26 c:\users\mozaiek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085648268-594906628-2024494315-1006\784149cce94ccff820d86ca0df032ca5_207aa63c-8ed0-4d95-82e7-567eb3ee1e26 c:\users\mozaiek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085648268-594906628-2024494315-1006\abca89b8a79c2d7092ab2f0549f1eec3_207aa63c-8ed0-4d95-82e7-567eb3ee1e26 c:\users\mozaiek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085648268-594906628-2024494315-1006\ceb90913b6a3faba551052fb5e8cc9e3_207aa63c-8ed0-4d95-82e7-567eb3ee1e26 c:\users\mozaiek\AppData\Roaming\Microsoft\Excel\Excel11.xlb c:\users\mozaiek\AppData\Roaming\Microsoft\Forms\RefEdit.exd c:\users\mozaiek\AppData\Roaming\Microsoft\HTML Help\hh.dat c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\3JAVBZJG\pmocntr2[1].xml c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\MSJ21YD1\tba[1].xml c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Excel11.pip c:\users\mozaiek\AppData\Roaming\Microsoft\Office\MSO1036.acl c:\users\mozaiek\AppData\Roaming\Microsoft\Office\MSO1043.acl c:\users\mozaiek\AppData\Roaming\Microsoft\Office\MSO2057.acl c:\users\mozaiek\AppData\Roaming\Microsoft\Office\PowerP11.pip c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Publis11.pip c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\1043.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\17 Megan Positief denken.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\2009-06-10 AJOntwerp Basofiche.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\2009-06-10 AJOntwerp Keuzelijsten.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\2009-06-10 Cover BaSO-zorgfiche.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\2009-06-10 Engagementsverklaring BaSO-project.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\2009-06-10 Handleiding BaSO-zorgfiche3.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\2009-06-10 Visietekst BaSO-project3.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\BASO fiche.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Biblio.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\de beluga walvis febe en sidney.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\EUROTOOL.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\index.dat c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Normal.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Proefwerkenlijst december 2008.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Proefwerkenlijst juni 2009.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\QUIKANIM.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Sjablonen.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Tabellen 2008-2009.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\The Coverage - kaartjes 2.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\TRANS-IT (H).lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\USB2 (G).lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Verwisselbare schijf (G).lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Office\VB11.pip c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Word11.pip c:\users\mozaiek\AppData\Roaming\Microsoft\PowerPoint\PPT11.pcb c:\users\mozaiek\AppData\Roaming\Microsoft\Proof\CUSTOM.DIC c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\CREDHIST c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\0abedd24-9163-48ea-8019-9e861208f818 c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\0ea7530e-0b4c-466c-a21d-cfc9ec3ba15c c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\12c1238f-d48f-48ce-88d4-2c001269bc10 c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\8b30283c-7b26-4953-a152-b82a7c986a04 c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\92857e7d-c7aa-48b7-bb7f-030d55e74f9d c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\aa04f6cf-e8f0-431f-9186-500bc1d69392 c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\b8781d7b-3bb6-43de-b09e-15e8e255f3c7 c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\c7c745b7-0124-4c63-b405-36e642c60c8e c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\ce3ce2c8-6d45-4a97-bb28-115985ee55d0 c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\e620b7a1-1e08-4b2a-aec5-2f3f5570bfe8 c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\e8a44249-d4c4-4cb0-9297-44770d3d9b8d c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\f38c087e-66aa-4ba5-9b9e-d461b9519957 c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\f443cd7a-4a07-4362-b46d-7348a607f8a4 c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\Preferred c:\users\mozaiek\AppData\Roaming\Microsoft\Sjablonen\Normal.dot c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\0T467S3R.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\BKPO96QS.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\index.dat c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\07BN3B3I.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\0RQRXYF7.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ZDWIMOA.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\3CXM5VE9.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\3UK08E92.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\6G46QAYI.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\79CP38JN.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\8LNM0GZU.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\98BAREDT.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\9FTE106T.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\AWJOM4HY.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\B80LWXHW.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\BA4XJSKW.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\BMRWB0HQ.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\CSMEZXTD.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\F41HE5Z9.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\GBPZ46WX.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\II3Y0V7M.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHW89UJT.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\KOK6T0JL.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJKFVV1I.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@ad.yieldmanager[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@adlink[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@ads.educationad[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@adsfac[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@adtech[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@amgdgt[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@aol[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@aol[3].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@be.msn[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@bs.serving-sys[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@bt.ilsemedia[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@c.bing[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@c.msn[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@clkads[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@clkads[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@clkads[3].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@cmg1.conduit-widgets[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@content.yieldmanager[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@corel[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@enquisite[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@feedsportal[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@fl01.ct2.comclick[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@google[4].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@google[5].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@hp-comm.be.msn[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@hp-commercial.my.nl.aol[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@ibsrv[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@imageshack[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@jufnele.yurls[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@jufnele[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@live[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@mail.google[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@meesterjohan.yurls[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@metriweb[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@mrpicassohead[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@msnportal.112.2o7[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@nl.aol[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@quantserve[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@rad.microsoft[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@rubiconproject[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@search.hp.my.nl.aol[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@treknature[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@typhonebe.solution.weborama[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@weborama[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@www.adspace[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@www.belstat[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@www.corel[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@www.microsoft[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@yahoo[2].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@youtube[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\OPZSZJCV.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\QH4SGALG.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\TJGADCC1.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\TPK5ZJTT.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\VZ8LHSAG.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\XODHX96W.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJQX0RR0.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\MLISFNZT.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\mozaiek@avgtechnologies.112.2o7[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\mozaiek@onlinestores.metaservices.microsoft[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\mozaiek@tonenwilmainohio[1].txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Y680CDQ0.txt c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\index.dat c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\IETldCache\Low\index.dat c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\17 Megan Positief denken.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\2009-06-10 AJOntwerp Basofiche.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\2009-06-10 AJOntwerp Keuzelijsten.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\2009-06-10 Cover BaSO-zorgfiche.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\2009-06-10 Engagementsverklaring BaSO-project.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\2009-06-10 Handleiding BaSO-zorgfiche3.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\2009-06-10 Visietekst BaSO-project3.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\BASO fiche.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\de beluga walvis febe en sidney.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Kompas doelen week 21-25.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Kompas doelen week 26-32.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Nano (G).lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Proefwerkenlijst december 2008.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Proefwerkenlijst juni 2009.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Tabellen 2008-2009.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\The Coverage - kaartjes 2.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\TRANS-IT (H).lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\USB2 (G).lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\uurrooster_Tamara_Vanneste_2008-2009.xlsx.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Verwisselbare schijf (G).lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\zzweg.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\SendTo\Documenten.mydocs c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\SendTo\Wizard Bestanden via Bluetooth overzetten.LNK c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk c:\users\mozaiek\AppData\Roaming\Nero\Nero8\Nero BackItUp\Cache\NBKeyScan.txt c:\windows\IsUn0413.exe F:\Autorun.inf . . (((((((((((((((((((( Bestanden Gemaakt van 2014-02-03 to 2014-03-03 )))))))))))))))))))))))))))))) . . 2014-03-03 21:01 . 2014-03-03 21:01 -------- d-----w- c:\users\Johan\AppData\Local\temp 2014-03-03 21:01 . 2014-03-03 21:01 -------- d-----w- c:\users\mozaiek\AppData\Local\temp 2014-03-03 21:01 . 2014-03-03 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-03 20:01 . 2014-03-03 20:01 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E392B474-C717-4E6E-BD90-64A382D659AB}\MpKslbdfe439c.sys 2014-03-03 19:53 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E392B474-C717-4E6E-BD90-64A382D659AB}\mpengine.dll 2014-03-03 13:05 . 2014-03-03 12:37 24064 ----a-w- c:\windows\zoek-delete.exe 2014-03-03 07:59 . 2014-03-03 07:59 -------- d-----w- c:\users\Johan\AppData\Roaming\Simple Star 2014-03-03 07:39 . 2014-03-03 13:01 -------- d-----w- C:\zoek_backup 2014-03-02 20:31 . 2014-03-02 20:31 -------- d-----w- c:\windows\ERUNT 2014-03-02 19:31 . 2014-03-02 19:31 -------- d--h--w- c:\windows\msdownld.tmp 2014-03-02 19:27 . 2014-03-02 19:39 -------- d-----w- C:\AdwCleaner 2014-03-02 18:21 . 2014-02-17 12:30 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3552FCFB-F74F-423A-A4C6-8D492EAE2191}\gapaengine.dll 2014-03-02 18:20 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-02 18:02 . 2014-03-02 18:04 -------- d-----w- c:\program files\Microsoft Security Client 2014-03-02 17:59 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2014-03-01 15:35 . 2014-03-01 15:35 -------- d-----w- c:\users\Johan\AppData\Roaming\Malwarebytes 2014-03-01 15:34 . 2014-03-01 15:34 -------- d-----w- c:\programdata\Malwarebytes 2014-03-01 15:34 . 2014-03-01 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2014-03-01 15:34 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-02-28 20:02 . 2014-02-28 20:02 -------- d-----w- c:\users\Johan\AppData\Local\Macromedia 2014-02-28 20:00 . 2014-02-28 20:00 -------- d-----w- c:\users\Johan\AppData\Local\Mozilla 2014-02-28 20:00 . 2014-02-28 20:00 -------- d-----w- c:\program files\Mozilla Maintenance Service 2014-02-28 13:26 . 2014-03-02 21:18 -------- d-----w- c:\program files\trend micro 2014-02-28 13:26 . 2014-02-28 13:28 -------- d-----w- C:\rsit 2014-02-28 07:37 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A893665-38D0-456A-84C2-AB21D4C1F6DE}\mpengine.dll 2014-02-28 07:17 . 2014-02-28 07:17 -------- d-----w- c:\windows\Migration 2014-02-27 15:07 . 2014-02-27 15:07 -------- d-----w- c:\users\Johan\AppData\Local\ApplicationHistory 2014-02-27 12:16 . 2014-02-27 12:16 -------- d-----w- c:\users\Johan\AppData\Roaming\vlc 2014-02-27 12:16 . 2014-02-27 12:16 -------- d-----w- c:\users\Johan\AppData\Roaming\FLV and Media Player 2014-02-27 12:15 . 2014-02-27 12:15 -------- d-----w- c:\programdata\Common Toolkit Suite 2014-02-27 11:54 . 2014-01-08 06:09 19840 ----a-w- c:\windows\system32\drivers\pcwatch.sys 2014-02-27 11:54 . 2014-01-08 06:08 293984 ----a-w- c:\windows\system32\PCProtect.dll 2014-02-13 07:11 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-01 14:58 . 2012-04-16 06:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-01 14:58 . 2011-06-08 06:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-01-19 07:32 . 2009-10-20 07:58 231584 ------w- c:\windows\system32\MpSigStub.exe 2013-12-18 20:10 . 2014-01-21 07:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024] "Nero PhotoShow Media Manager"="c:\progra~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 312848] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-13 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-12 154136] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-12 129560] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] . c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Spoon.net Sandbox Manager 3.33.lnk - c:\users\Johan\AppData\Local\Spoon\3.33.6.199\Spoon-Sandbox.exe [2014-1-10 4616840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Johan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk] path=c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole Picture Motion Browser.lnk backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd] 2008-10-17 14:52 1086768 ------w- c:\program files\Brownie\BrStsWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2008-10-09 05:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-16 22:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] 2007-11-06 14:34 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-24 23:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-02-28 20:28 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 09:28] . 2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 09:28] . . ------- Bijkomende Scan ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\PCProtect.dll TCP: DhcpNameServer = 195.130.131.133 195.130.130.5 FF - ProfilePath - c:\users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\zqeqhe5s.default\ . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-19382892-37d0-4849-b4f6-e6a7984e8311 - c:\program files\SelectionTool-soft\Uninstall.exe AddRemove-8461-7759-5462-8226 - c:\program files\Vuze\uninstall.exe AddRemove-Activeris AntiMalware_is1 - c:\program files\Activeris AntiMalware\unins000.exe AddRemove-FLV and Media Player - c:\program files\Applian Technologies\FLV and Media Player\uninstall.exe AddRemove-Het Heelal 2004 - c:\windows\IsUn0413.exe AddRemove-VOPackage - c:\users\Johan\AppData\Roaming\VOPackage\uninstall.exe AddRemove-wp-adk - c:\program files\Web Protect\wp-adk_uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2014-03-03 22:01 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\@* *& ] @Allowed: (Read) (RestrictedCode) "MachineID"=hex:06,5a,9b,71,56,f0,a3,00 . [HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0] @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0\ImageDataLightboxSR\ControlState] "008b-06a9"=dword:00000001 "008b-06ab"=dword:00000000 "008b-0514"="ARW 2.0-formaat" "008b-0580"="" "008b-0583"="c:\\Users\\Johan\\Documents\\Image Data Converter SR\\Collections" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2014-03-03 22:06:43 ComboFix-quarantined-files.txt 2014-03-03 21:06 . Pre-Run: 45.248.262.144 bytes beschikbaar Post-Run: 45.180.989.440 bytes beschikbaar . - - End Of File - - 0B1F5846BF141536179A0341110AB3F1 84DAAF92C4695AE60591C148EED5E3F3 -
Malware
Johan Vancoillie reageerde op vancoillie johan's topic in Archief Bestrijding malware & virussen
Zoek.exe v5.0.0.0 Updated 02-March-2014 Tool run by Johan on ma 03/03/2014 at 13:37:52,10. Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Johan\Downloads\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-03-03-113507.log 42680 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Toegang geweigerd. ==== Deleting Files \ Folders ====================== C:\Windows\system32\Tasks\Activeris AntiMalware_startup deleted C:\Windows\system32\config\systemprofile\AppData\Roaming\Fighters deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware deleted C:\Users\Johan\AppData\Local\Systweak deleted "C:\Windows\system32\PCProtect.dll" not deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [04/09/2009 06:54] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\zqeqhe5s.default A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U51 9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13 9B6A3FF9099A9A87BCB583924C1D34C8 - C:\Users\Johan\AppData\Local\Spoon\3.33.6.199\npMozillaSpoonPlugin.dll - Spoon Plugin 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In 3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa 6A5514D088820307BD97F5A7B24007C0 - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll - Nitro PDF plugin for Firefox and Chrome BE9F266D2080FB8E308BC86A5735C000 - C:\Users\Johan\AppData\Local\Spoon\3.32.4.17\npMozillaSpoonPlugin.dll - Spoon Plugin A6F192D530DE04216573A15A0EDB6045 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.4 5FB3472848C15354B95FC523FF80DC2C - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.4 BF74A76F78EBBFD3A2328EC4AD9DA3CB - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.4 8EE2B9B90D024BDC7C6F32649935A137 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.4 3D85D0C5B2B138D596820B3418BC1A18 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.4 2C20711D6825B986342FAB9A5572AF26 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.4 A9CD542376B547E89964D7308E8917BF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.4 E87E216C7B839EA112FCD317DE642F47 - C:\Users\Johan\AppData\Local\Spoon\3.24.0.6\npMozillaSpoonPlugin.dll - Spoon Plugin AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 8130FF8214221BA5AC764909587E161A - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat 625D0A824F513CE1CABB8861E97F2142 - C:\Program Files\Google\Picasa3\npPicasa2.dll - Picasa AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation B18B7242761F8630BD8BC71325C7F16A - C:\Program Files\Nitro\Reader 3\npnitroie.dll - Nitro PDF plugin for Internet Explorer 7D388990149D424EBDB31896C2A4ACC3 - C:\Program Files\Nitro\Reader 3\npdf.dll - Nitro PDF Library B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://nl.msn.com/?ocid=OIE9MSE&PC=UP09" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://nl.msn.com/?ocid=OIE9MSE&PC=UP09" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\mozaiek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\mozaiek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Johan\AppData\Local\Mozilla\Firefox\Profiles\zqeqhe5s.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=908 folders=114 310548904 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Johan\AppData\Local\Temp will be emptied at reboot C:\Users\mozaiek\AppData\Local\Temp emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Johan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\system32\PCProtect.dll" not deleted "C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" deleted ==== EOF on ma 03/03/2014 at 16:49:12,24 ====================== -
Malware
Johan Vancoillie reageerde op vancoillie johan's topic in Archief Bestrijding malware & virussen
Zoek.exe v5.0.0.0 Updated 02-March-2014 Tool run by Johan on ma 03/03/2014 at 8:40:30,22. Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Johan\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 3/03/2014 8:45:37 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\MSXML 4.0 deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\PROGRA~2\Roxio deleted successfully C:\PROGRA~2\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully C:\PROGRA~2\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\Johan\AppData\Roaming\Sammsoft deleted successfully C:\Users\Johan\AppData\Roaming\SampleView deleted successfully C:\Users\Johan\AppData\Roaming\Simple Star deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\Microsoft\Internet Explorer\SearchScopes\{1E69FDC0-2B83-4E05-8421-50FA49367524} deleted successfully HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\Microsoft\Internet Explorer\SearchScopes\{7EAC1B27-D3F3-4E67-8594-17901E53B1F5} deleted successfully HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\Microsoft\Internet Explorer\SearchScopes\{8FF3AC42-788C-47FD-A32C-DCE63F79CBCC} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\PCProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\PCProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\SafeBoot\Network\PCProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectMonitor deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ProtectMonitor deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ProtectMonitor deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ProtectMonitor deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCProtect] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found C:\PROGRA~2\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found "C:\Windows\Installer\1cfc7ef.msi" not found C:\Users\Johan\AppData\Roaming\Activeris deleted C:\ProgramData\Activeris deleted C:\Program Files\Applian Technologies deleted C:\Users\Johan\AppData\Roaming\DVDVideoSoft deleted C:\Users\Public\Desktop\Activeris AntiMalware.lnk deleted C:\Program Files\Common Files\DVDVideoSoft\bin deleted C:\Program Files\Solibo Ltd deleted C:\PROGRA~2\InstallMate deleted C:\Users\Johan\AppData\Local\avgchrome deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\Tasks\SelectionTool Update.job deleted C:\Windows\Tasks\SelectionTool_wd.job deleted C:\Windows\system32\Tasks\SelectionTool Update deleted C:\Windows\system32\Tasks\SelectionTool_wd deleted C:\Windows\System32\searchplugins deleted C:\Windows\System32\Extensions deleted "C:\Windows\system32\acrisnative32.exe" deleted "C:\Windows\system32\PCProtectOff.ini" deleted "C:\Windows\system32\PCProtect.ini" deleted "C:\Windows\system32\drivers\pcwatch.sys" not deleted "C:\Windows\system32\PCProtect.dll" not deleted "C:\monitorsvc.exe" deleted "C:\monitor.exe" not deleted "C:\Windows\system32\Drivers\pcwatch.sys" not deleted "C:\Program Files\Activeris AntiMalware\acrissys.dll" deleted "C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe" deleted "C:\Program Files\Activeris AntiMalware\Interop.IWshRuntimeLibrary.dll" deleted "C:\Program Files\Activeris AntiMalware\Microsoft.Win32.TaskScheduler.DLL" deleted "C:\Program Files\Activeris AntiMalware\scandll.dll" deleted "C:\Program Files\Activeris AntiMalware\System.Data.SQLite.dll" deleted "C:\Program Files\Activeris AntiMalware\Xceed.Compression.dll" deleted "C:\Program Files\Activeris AntiMalware\Xceed.FileSystem.dll" deleted "C:\Program Files\Activeris AntiMalware\Xceed.Zip.dll" deleted "C:\Program Files\Web Protect\freebl3.dll" not deleted "C:\Program Files\Web Protect\libnspr4.dll" not deleted "C:\Program Files\Web Protect\libplc4.dll" not deleted "C:\Program Files\Web Protect\libplds4.dll" not deleted "C:\Program Files\Web Protect\nss3.dll" not deleted "C:\Program Files\Web Protect\nssckbi.dll" not deleted "C:\Program Files\Web Protect\nssdbm3.dll" not deleted "C:\Program Files\Web Protect\nssutil3.dll" not deleted "C:\Program Files\Web Protect\PCCertInstaller.dll" not deleted "C:\Program Files\Web Protect\PCProtect.exe" not deleted "C:\Program Files\Web Protect\smime3.dll" not deleted "C:\Program Files\Web Protect\softokn3.dll" not deleted "C:\Program Files\Web Protect\sqlite3.dll" not deleted "C:\Program Files\Activeris AntiMalware\acrissys.dll" deleted "C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe" deleted "C:\Program Files\Activeris AntiMalware\Interop.IWshRuntimeLibrary.dll" deleted "C:\Program Files\Activeris AntiMalware\Microsoft.Win32.TaskScheduler.DLL" deleted "C:\Program Files\Activeris AntiMalware\scandll.dll" deleted "C:\Program Files\Activeris AntiMalware\System.Data.SQLite.dll" deleted "C:\Program Files\Activeris AntiMalware\Xceed.Compression.dll" deleted "C:\Program Files\Activeris AntiMalware\Xceed.FileSystem.dll" deleted "C:\Program Files\Activeris AntiMalware\Xceed.Zip.dll" deleted "C:\Program Files\SelectionTool-soft\SelectionTool_wd.exe" deleted "C:\Program Files\SelectionTool-soft\SelectionTool_wd.exe" deleted "C:\Program Files\SelectionTool-soft\SelectionTool_wd.exe" deleted "C:\Program Files\Activeris AntiMalware" deleted "C:\Program Files\Web Protect" not deleted "C:\Program Files\Activeris AntiMalware" deleted "C:\Program Files\SelectionTool-soft" deleted "C:\Program Files\SelectionTool-soft" deleted "C:\Program Files\SelectionTool-soft" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-03-02 18:05:16 2701448229AEE43D266C00042EA3CB52 2154 ----a-w- C:\Windows\epplauncher.mif ====== C:\Users\Johan\AppData\Local\Temp ==== 2014-03-02 20:27:32 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2014-03-02 08:50:11 C6F4C01EB7834DF438CE86EC12855D26 4831488 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\amsetup_activeris_default_tuguu_installer.exe 2014-03-02 08:50:10 9416B10237364F2D80BF2DDFB5E1EA0E 73840 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\Cloud_Backup_Setup.exe 2014-03-02 08:49:56 177579E8B1FB727DAB62841D55DE9BF3 209306 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\VOPackage.exe 2014-03-02 08:49:53 7CBF0F56A71FCBF2D0C9044EB4EEEB1C 6538384 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\feven-pro.exe 2014-03-02 08:49:52 380A164A9602979CFF50CA0AE70EAEA8 1235280 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\Re-markit_2040-2082.exe 2014-02-28 20:27:47 A9C86900D2A61728C8326FE7147617C5 578440 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\npGoogleUpdate3.dll 2014-02-28 20:27:47 3A49D76D0AA3DC5FC0B4EEF3B7E84EF1 166792 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\psmachine.dll 2014-02-28 20:27:47 3703787CB966F9F6C69EF9164D882EE3 166792 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\psuser.dll 2014-02-28 20:27:40 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleUpdateOnDemand.exe 2014-02-28 20:27:40 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleCrashHandler64.exe 2014-02-28 20:27:40 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleCrashHandler.exe 2014-02-28 20:27:40 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleUpdateSetup.exe 2014-02-28 20:27:40 A43B937C580F5DFC43EF63EF72992FE9 847752 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\goopdate.dll 2014-02-28 20:27:40 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleUpdateBroker.exe 2014-02-28 20:27:40 6996AB4F70B3718CC465DE43A75A10C8 26112 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleUpdateHelper.msi 2014-02-28 20:27:40 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleUpdate.exe 2014-02-28 20:27:00 A9C86900D2A61728C8326FE7147617C5 578440 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\npGoogleUpdate3.dll 2014-02-28 20:27:00 3A49D76D0AA3DC5FC0B4EEF3B7E84EF1 166792 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\psmachine.dll 2014-02-28 20:27:00 3703787CB966F9F6C69EF9164D882EE3 166792 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\psuser.dll 2014-02-28 20:26:58 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleUpdateOnDemand.exe 2014-02-28 20:26:58 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleCrashHandler64.exe 2014-02-28 20:26:58 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleCrashHandler.exe 2014-02-28 20:26:58 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleUpdateSetup.exe 2014-02-28 20:26:58 A43B937C580F5DFC43EF63EF72992FE9 847752 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\goopdate.dll 2014-02-28 20:26:58 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleUpdateBroker.exe 2014-02-28 20:26:58 6996AB4F70B3718CC465DE43A75A10C8 26112 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleUpdateHelper.msi 2014-02-28 20:26:58 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleUpdate.exe 2014-02-28 20:12:20 A9C86900D2A61728C8326FE7147617C5 578440 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\npGoogleUpdate3.dll 2014-02-28 20:12:20 3A49D76D0AA3DC5FC0B4EEF3B7E84EF1 166792 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\psmachine.dll 2014-02-28 20:12:20 3703787CB966F9F6C69EF9164D882EE3 166792 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\psuser.dll 2014-02-28 20:12:16 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleUpdateOnDemand.exe 2014-02-28 20:12:16 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleCrashHandler64.exe 2014-02-28 20:12:16 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleCrashHandler.exe 2014-02-28 20:12:16 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleUpdateSetup.exe 2014-02-28 20:12:16 A43B937C580F5DFC43EF63EF72992FE9 847752 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\goopdate.dll 2014-02-28 20:12:16 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleUpdateBroker.exe 2014-02-28 20:12:16 6996AB4F70B3718CC465DE43A75A10C8 26112 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleUpdateHelper.msi 2014-02-28 20:12:16 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleUpdate.exe 2014-02-28 12:02:07 4FC2DD7656CF6C466B073283BE23E695 4608 ----a-w- C:\Users\Johan\AppData\Local\Temp\i4jdel0.exe 2014-02-27 11:57:14 F7DE2118FBF18A8817B83DCCBA3738A7 10365728 ----a-w- C:\Users\Johan\AppData\Local\Temp\BackupSetup.exe 2014-02-27 11:54:39 A082E5473B2A9A4D846ED7DDF637AC76 8704 ----a-w- C:\Users\Johan\AppData\Local\Temp\SpOrder.dll 2014-02-27 09:26:32 E6BB491A120A0668A551A8C2ED2FEE4F 6602128 ----a-w- C:\Users\Johan\AppData\Local\Temp\{83EA00F3-C680-4E55-B6B1-16FA25015B34}\setup.exe 2014-02-27 09:26:19 DA4BFBD389F1FD5BB0C7394230BB6641 6967304 ----a-w- C:\Users\Johan\AppData\Local\Temp\n4562\OptimizerPro.exe 2014-02-27 09:26:17 819CF842280DAE24BFBAC0F6CB4EBCC2 6221664 ----a-w- C:\Users\Johan\AppData\Local\Temp\n4562\speedupmypc_EN_1303-b354ca22.exe 2014-02-27 09:25:56 5783C9C37A5A3E87EA4BF77A38A77D2D 233024 ----a-w- C:\Users\Johan\AppData\Local\Temp\n4562\melondrea_0702-81cfb2ef.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-02-27 11:54:33 F03FAEC422B8E51280C6643B95325A36 293984 ----a-w- C:\Windows\System32\PCProtect.dll ====== C:\Windows\system32\drivers ===== 2014-03-02 17:59:31 3546C0B6F2D808D4E6294A9D6B25151B 221568 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-03-01 15:34:40 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-02-27 11:54:47 !HASH: COULD NOT OPEN FILE !!!!! 19840 ----a-w- C:\Windows\System32\drivers\pcwatch.sys ====== C:\Windows\Tasks ====== 2014-03-02 09:04:47 C9F1D6DAB26708324E8671FF9A1DE835 3090 ----a-w- C:\Windows\system32\Tasks\Activeris AntiMalware_startup ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-02-28 20:00:47 -------- d-----w- C:\Program Files\Mozilla Maintenance Service 2014-02-28 13:26:41 -------- d-----w- C:\Program Files\trend micro 2014-02-27 11:53:18 -------- d-----w- C:\Program Files\Web Protect ======= C: ===== 2014-02-13 14:12:36 8227D3C44DBC47BC5E279E37AF04261C 487517 ----a-w- C:\monitor.exe ====== C:\Users\Johan\AppData\Roaming ====== 2014-03-03 08:22:32 -------- d-----w- C:\Users\Johan\AppData\Local\Systweak 2014-03-03 07:59:22 -------- d-----w- C:\Users\Johan\AppData\Roaming\Simple Star 2014-02-28 20:00:55 -------- d-----w- C:\Users\Johan\AppData\Local\Mozilla 2014-02-27 15:07:00 DA17530920AE4C5085022FB9723DBB68 93 ----a-w- C:\Users\Johan\AppData\Local\fusioncache.dat 2014-02-27 15:07:00 -------- d-----w- C:\Users\Johan\AppData\Local\ApplicationHistory 2014-02-27 12:16:28 -------- d-----w- C:\Users\Johan\AppData\Roaming\vlc 2014-02-27 12:16:27 -------- d-----w- C:\Users\Johan\AppData\Roaming\FLV and Media Player 2014-02-27 11:56:51 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Fighters ====== C:\Users\Johan ====== 2014-03-03 07:15:32 A7690639D8FC6F297C0406FB8B8D7E21 186880 ----a-w- C:\Users\Johan\Downloads\LSPFix.exe 2014-03-02 20:39:31 C8F069A68D57DA55102D58CFE24C0D72 4765152 ----a-w- C:\Users\Johan\Downloads\C Cleaner.exe 2014-03-02 20:25:23 2075EBB7954277A05193412881EC8FDE 1037734 ----a-w- C:\Users\Johan\Downloads\JRT.exe 2014-03-02 19:28:38 2C6A7CC31F83BAD5A4F1539FB7174CAE 20868936 ----a-w- C:\Users\Johan\Downloads\BOIE9_NLNL_BO0084_VIS.EXE 2014-03-02 18:35:48 A845789676F7D2A542E708EB5CAC12C9 1244192 ----a-w- C:\Users\Johan\Desktop\adwcleaner.exe 2014-03-02 18:25:21 A845789676F7D2A542E708EB5CAC12C9 1244192 ----a-w- C:\Users\Johan\Downloads\adwcleaner.exe 2014-03-02 17:51:42 BFBA3103D1B3539164B50FD8D257BC1D 11154256 ----a-w- C:\Users\Johan\Downloads\mseinstall.exe 2014-03-02 08:51:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware 2014-03-02 08:44:01 541D953F8FE722A74B972407FF82796B 320512 ----a-w- C:\Users\Johan\Downloads\Java.exe 2014-02-28 20:13:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-02-28 20:00:48 -------- d-----w- C:\ProgramData\Mozilla 2014-02-28 13:26:05 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\Johan\Downloads\RSIT-1.06 (1).exe 2014-02-28 13:25:49 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\Johan\Desktop\RSIT-1.06.exe 2014-02-28 07:11:52 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol 2014-02-27 12:15:42 -------- d-----w- C:\ProgramData\Common Toolkit Suite ====== C: exe-files == 2014-03-03 07:19:41 E9F8C3AE8C2C2CF120F16C59E68301D0 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2085648268-594906628-2024494315-1007\$I4M492B.exe 2014-03-02 20:27:32 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2014-03-02 08:50:11 C6F4C01EB7834DF438CE86EC12855D26 4831488 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\amsetup_activeris_default_tuguu_installer.exe 2014-03-02 08:50:10 9416B10237364F2D80BF2DDFB5E1EA0E 73840 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\Cloud_Backup_Setup.exe 2014-03-02 08:49:56 177579E8B1FB727DAB62841D55DE9BF3 209306 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\VOPackage.exe 2014-03-02 08:49:53 7CBF0F56A71FCBF2D0C9044EB4EEEB1C 6538384 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\feven-pro.exe 2014-03-02 08:49:52 380A164A9602979CFF50CA0AE70EAEA8 1235280 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\Re-markit_2040-2082.exe 2014-02-28 20:12:54 261EEC91B8A0FAA76499559265B1A627 36847320 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\33.0.1750.117\33.0.1750.117_chrome_installer.exe 2014-02-28 20:00:50 FC558F42CA98DAB4465263FDE812A5B2 106212 ----a-w- C:\Program Files\Mozilla Maintenance Service\Uninstall.exe 2014-02-28 20:00:47 338037EFA0E8E8699B2667D57B751574 118896 ----a-w- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 2014-02-28 20:00:01 39A5A5E8E6448F6A8481E9CC762E5A4A 25212312 ----a-w- C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67K5JQYA\Firefox Setup 27.0.1.exe 2014-02-28 13:26:41 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Johan.exe 2014-02-28 12:02:07 4FC2DD7656CF6C466B073283BE23E695 4608 ----a-w- C:\Users\Johan\AppData\Local\Temp\i4jdel0.exe 2014-02-27 11:57:38 69964A5CE728889240732A08A589E8EA 18651688 ----a-w- C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67K5JQYA\FLVPlayer[1].exe 2014-02-27 11:57:14 F7DE2118FBF18A8817B83DCCBA3738A7 10365728 ----a-w- C:\Users\Johan\AppData\Local\Temp\BackupSetup.exe 2014-02-27 11:57:13 3D2810BD999225AC121040BA80D24494 98024 ----a-w- C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DS27COL\aff_setup[1].exe 2014-02-27 11:55:58 D7C083E7758FFD2DF5A336C084D24159 2758320 ----a-w- C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MT65LFZJ\FULL-DISKfighterSetup_partner516_1.3.61Web[1].exe 2014-02-27 11:53:16 71B60BBE81A2E6CC809D7B9A11833D90 5758504 ----a-w- C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RHI0HNYL\wp-adk.104i[1].exe === C: other files == 2014-03-03 07:19:41 0FF405B66F13DA25F3D5577DD84EEFAD 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2085648268-594906628-2024494315-1007\$IPJQ4AS.zip 2014-03-03 07:18:25 665EB733A910E451D9EDDE21E0C7D7C7 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2085648268-594906628-2024494315-1007\$IH6W90Y.zip 2014-03-02 20:27:21 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\modules.bat 2014-03-02 20:27:21 7178963AEE641F3E47E1CE22416F8A3A 9295 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\runvalues.bat 2014-03-02 20:27:21 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\prelim.bat 2014-03-02 20:27:21 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\searchlnk.bat 2014-03-02 20:27:21 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\TDL4.bat 2014-03-02 20:27:20 F7A2BEBE778DC26187C675948B2CEBAB 16063 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\get.bat 2014-03-02 20:27:20 C9494C05F5248940AEE0D0A8C4EA89D9 152746 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\firefox.bat 2014-03-02 20:27:20 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\chrome.bat 2014-03-02 20:27:20 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\FWPolicy.bat 2014-03-02 20:27:20 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\ask.bat 2014-03-02 20:27:20 B13567DECD03F424239DE6D1ED408C08 10261 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\JRT.bat 2014-03-02 20:27:20 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\ev_clear.bat 2014-03-02 20:27:20 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\iexplore.bat 2014-03-02 20:27:20 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\delorphans.bat 2014-03-02 20:27:20 3ECC13A08D5F7771A8C8ED15C2B2B6D5 154576 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\misc.bat 2014-03-02 20:27:20 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\medfos.bat 2014-03-02 20:27:20 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\delfolders.bat 2014-02-28 12:02:48 66F5451EE4129B88976D30CD31E90690 26237 ----a-w- C:\Users\Johan\AppData\Roaming\Azureus\tmp\AZU5698845600859727706.tmp\plugin\azupdater_1.9.1.zip 2014-02-28 12:02:45 66F5451EE4129B88976D30CD31E90690 26237 ----a-w- C:\Users\Johan\AppData\Local\Temp\azupdater_1.9.1.zip 2014-02-28 12:02:29 CD0E05DBDC8984548DBA144E20D0F35C 9234316 ----a-w- C:\Users\Johan\AppData\Local\Temp\Vuze_5.3.0.0_win32.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" "Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "MSConfig"="C:\Windows\system32\msconfig.exe /auto" "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" "Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrStsWnd] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BrStsWnd" "hkey"="HKLM" "command"="C:\\Program Files\\Brownie\\BrstsWnd.exe Autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Health Check Scheduler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Health Check Scheduler" "hkey"="HKLM" "command"="c:\\Program Files\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="c:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Picasa Media Detector] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Picasa Media Detector" "hkey"="HKCU" "command"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QlbCtrl" "hkey"="HKLM" "command"="%ProgramFiles%\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DVD Check.lnk" "backup"="C:\\Windows\\pss\\DVD Check.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\INTERV~1\\DVDCHE~1\\DVDCheck.exe " "item"="DVD Check" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Johan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk] "path"="C:\\Users\\Johan\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Mediacontrole Picture Motion Browser.lnk" "backup"="C:\\Windows\\pss\\Mediacontrole Picture Motion Browser.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\Sony\\SONYPI~1\\VOLUME~1\\SPUVOL~1.EXE /noballoononstart" "item"="Mediacontrole Picture Motion Browser" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\clr_optimization_v2.0.50727_32] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Folders ====================== 2014-01-10 09:21:41 1892 ----a-w- C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spoon.net Sandbox Manager 3.33.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/10/2010 10:28] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/10/2010 10:28] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Activeris AntiMalware_startup" [C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\HP Health Check" [c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] "C:\Windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{1D474081-7974-43EA-B098-CBD4DABD0911}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{CC774EB4-0A2D-4662-9EBA-338132CD0D12}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [04/09/2009 06:54] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{a70186fb-3fb6-4577-b8fa-d3fe3c0c76e1}"="C:\Program Files\SelectionTool-soft\155.xpi" [] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\zqeqhe5s.default A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U51 9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13 9B6A3FF9099A9A87BCB583924C1D34C8 - C:\Users\Johan\AppData\Local\Spoon\3.33.6.199\npMozillaSpoonPlugin.dll - Spoon Plugin 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In 3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa 6A5514D088820307BD97F5A7B24007C0 - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll - Nitro PDF plugin for Firefox and Chrome BE9F266D2080FB8E308BC86A5735C000 - C:\Users\Johan\AppData\Local\Spoon\3.32.4.17\npMozillaSpoonPlugin.dll - Spoon Plugin A6F192D530DE04216573A15A0EDB6045 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.4 5FB3472848C15354B95FC523FF80DC2C - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.4 BF74A76F78EBBFD3A2328EC4AD9DA3CB - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.4 8EE2B9B90D024BDC7C6F32649935A137 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.4 3D85D0C5B2B138D596820B3418BC1A18 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.4 2C20711D6825B986342FAB9A5572AF26 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.4 A9CD542376B547E89964D7308E8917BF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.4 E87E216C7B839EA112FCD317DE642F47 - C:\Users\Johan\AppData\Local\Spoon\3.24.0.6\npMozillaSpoonPlugin.dll - Spoon Plugin AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 8130FF8214221BA5AC764909587E161A - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat 625D0A824F513CE1CABB8861E97F2142 - C:\Program Files\Google\Picasa3\npPicasa2.dll - Picasa AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation B18B7242761F8630BD8BC71325C7F16A - C:\Program Files\Nitro\Reader 3\npnitroie.dll - Nitro PDF plugin for Internet Explorer 7D388990149D424EBDB31896C2A4ACC3 - C:\Program Files\Nitro\Reader 3\npdf.dll - Nitro PDF Library B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaajpkhjdkhhnkmgfjodbkfpbmibkkk - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://nl.msn.com/?ocid=OIE9MSE&PC=UP09" "Search Page"="http://downloads.phpnuke.org/nl/index.php?rvs=google" "Default_Search_URL"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://downloads.phpnuke.org/nl/index.php?rvs=google" "Default_Page_URL"="http://www.google.com" "Search Page"="http://downloads.phpnuke.org/nl/index.php?rvs=google" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{1E69FDC0-2B83-4E05-8421-50FA49367524}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E69FDC0-2B83-4E05-8421-50FA49367524}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://nl.msn.com/?ocid=OIE9MSE&PC=UP09" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\mozilla\Firefox\Extensions\{a70186fb-3fb6-4577-b8fa-d3fe3c0c76e1} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\059103D1F2AE2884A90A9464776548A2 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VMidi deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D301950-EA2F-4882-9AA0-49467756842A} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\059103D1F2AE2884A90A9464776548A2 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Johan\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Johan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Johan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\mozaiek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\mozaiek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\mozaiek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Johan\AppData\Local\Mozilla\Firefox\Profiles\zqeqhe5s.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=902 folders=107 310537593 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Johan\AppData\Local\Temp will be emptied at reboot C:\Users\mozaiek\AppData\Local\Temp emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Johan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\system32\drivers\pcwatch.sys" not deleted "C:\Windows\system32\PCProtect.dll" not deleted "C:\monitor.exe" not found "C:\Windows\system32\Drivers\pcwatch.sys" not deleted "C:\Program Files\Web Protect\freebl3.dll" not found "C:\Program Files\Web Protect\libnspr4.dll" not found "C:\Program Files\Web Protect\libplc4.dll" not found "C:\Program Files\Web Protect\libplds4.dll" not found "C:\Program Files\Web Protect\nss3.dll" not found "C:\Program Files\Web Protect\nssckbi.dll" not found "C:\Program Files\Web Protect\nssdbm3.dll" not found "C:\Program Files\Web Protect\nssutil3.dll" not found "C:\Program Files\Web Protect\PCCertInstaller.dll" not found "C:\Program Files\Web Protect\PCProtect.exe" not found "C:\Program Files\Web Protect\smime3.dll" not found "C:\Program Files\Web Protect\softokn3.dll" not found "C:\Program Files\Web Protect\sqlite3.dll" not found "C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\Program Files\Web Protect" not found ==== EOF on ma 03/03/2014 at 12:35:07,20 ====================== -
Malware
Johan Vancoillie reageerde op vancoillie johan's topic in Archief Bestrijding malware & virussen
Logfile of random's system information tool 1.08 (written by random/random) Run by Johan at 2014-03-02 22:18:42 Microsoft® Windows Vista™ Home Basic Service Pack 2 System drive C: has 23 GB (16%) free of 143 GB Total RAM: 2039 MB (42% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:20:51, on 2/03/2014 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16533) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Nero\PhotoShow 5\data\Xtras\mssysmgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Johan\AppData\Local\Spoon\3.33.6.199\Spoon-Sandbox.exe C:\Windows\system32\taskeng.exe C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe C:\Program Files\SelectionTool-soft\SelectionTool_wd.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\conime.exe C:\Windows\explorer.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Users\Johan\Desktop\RSIT-1.06.exe C:\Program Files\trend micro\Johan.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Spoon.net Sandbox Manager 3.33.lnk = C:\Users\Johan\AppData\Local\Spoon\3.33.6.199\Spoon-Sandbox.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PCProtect - Objectify Media Inc - C:\Program Files\Web Protect\PCProtect.exe O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\monitorsvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9774 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\SelectionTool Update.job C:\Windows\tasks\SelectionTool_wd.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-16 194128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-16 194128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-09-12 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-09-12 154136] "Persistence"=C:\Windows\system32\igfxpers.exe [2007-09-12 129560] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392] "MSConfig"=C:\Windows\system32\msconfig.exe [2008-01-19 227840] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560] "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136] "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136] ""= [] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024] "Nero PhotoShow Media Manager"=C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe [2007-04-27 312848] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-13 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe [2008-10-17 1086768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-06 177456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk] C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe [2007-05-23 192512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Johan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk] C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE [2007-04-17 368640] C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Spoon.net Sandbox Manager 3.33.lnk - C:\Users\Johan\AppData\Local\Spoon\3.33.6.199\Spoon-Sandbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2007-08-24 204800] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCProtect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\pcwatch.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2014-03-02 21:31:32 ----D---- C:\Windows\ERUNT 2014-03-02 20:31:03 ----HD---- C:\Windows\msdownld.tmp 2014-03-02 20:27:55 ----D---- C:\AdwCleaner 2014-03-02 19:02:33 ----D---- C:\Program Files\Microsoft Security Client 2014-03-02 18:59:31 ----A---- C:\Windows\system32\drivers\netio.sys 2014-03-02 09:51:35 ----D---- C:\Users\Johan\AppData\Roaming\Activeris 2014-03-02 09:50:57 ----D---- C:\ProgramData\Activeris 2014-03-02 09:50:56 ----D---- C:\Program Files\Activeris AntiMalware 2014-03-02 09:50:56 ----A---- C:\Windows\system32\acrisnative32.exe 2014-03-01 16:35:01 ----D---- C:\Users\Johan\AppData\Roaming\Malwarebytes 2014-03-01 16:34:42 ----D---- C:\ProgramData\Malwarebytes 2014-03-01 16:34:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2014-03-01 16:34:40 ----A---- C:\Windows\system32\drivers\mbam.sys 2014-02-28 21:00:48 ----D---- C:\ProgramData\Mozilla 2014-02-28 21:00:47 ----D---- C:\Program Files\Mozilla Maintenance Service 2014-02-28 21:00:43 ----D---- C:\Program Files\Mozilla Firefox 2014-02-28 14:26:41 ----D---- C:\Program Files\trend micro 2014-02-28 14:26:40 ----D---- C:\rsit 2014-02-28 08:17:57 ----D---- C:\Windows\Migration 2014-02-28 08:11:42 ----D---- C:\Program Files\SelectionTool-soft 2014-02-27 13:16:28 ----D---- C:\Users\Johan\AppData\Roaming\vlc 2014-02-27 13:16:27 ----D---- C:\Users\Johan\AppData\Roaming\FLV and Media Player 2014-02-27 13:15:42 ----D---- C:\ProgramData\Common Toolkit Suite 2014-02-27 12:58:10 ----D---- C:\Program Files\Applian Technologies 2014-02-27 12:54:47 ----A---- C:\Windows\system32\PCProtectOff.ini 2014-02-27 12:54:47 ----A---- C:\Windows\system32\PCProtect.ini 2014-02-27 12:54:47 ----A---- C:\Windows\system32\drivers\pcwatch.sys 2014-02-27 12:54:33 ----A---- C:\Windows\system32\PCProtect.dll 2014-02-27 12:53:18 ----D---- C:\Program Files\Web Protect 2014-02-14 08:08:47 ----A---- C:\Windows\system32\mshtmled.dll 2014-02-14 08:08:46 ----A---- C:\Windows\system32\vbscript.dll 2014-02-14 08:08:45 ----A---- C:\Windows\system32\jsproxy.dll 2014-02-14 08:08:45 ----A---- C:\Windows\system32\ieui.dll 2014-02-14 08:08:43 ----A---- C:\Windows\system32\msfeeds.dll 2014-02-14 08:08:43 ----A---- C:\Windows\system32\ieUnatt.exe 2014-02-14 08:08:42 ----A---- C:\Windows\system32\wininet.dll 2014-02-14 08:08:41 ----A---- C:\Windows\system32\jscript.dll 2014-02-14 08:08:39 ----A---- C:\Windows\system32\url.dll 2014-02-14 08:08:39 ----A---- C:\Windows\system32\jscript9.dll 2014-02-14 08:08:38 ----A---- C:\Windows\system32\iertutil.dll 2014-02-14 08:08:37 ----A---- C:\Windows\system32\urlmon.dll 2014-02-14 08:08:36 ----A---- C:\Windows\system32\ieframe.dll 2014-02-14 08:08:34 ----A---- C:\Windows\system32\mshtml.dll 2014-02-13 15:12:36 ----A---- C:\monitor.exe 2014-02-13 14:43:24 ----A---- C:\monitorsvc.exe 2014-02-13 08:11:09 ----A---- C:\Windows\system32\msxml3.dll ======List of files/folders modified in the last 1 months====== 2014-03-02 22:18:40 ----D---- C:\Windows\Temp 2014-03-02 21:35:31 ----HD---- C:\ProgramData 2014-03-02 21:31:32 ----D---- C:\Windows 2014-03-02 21:28:32 ----D---- C:\Windows\system32\Tasks 2014-03-02 20:38:39 ----D---- C:\Windows\Tasks 2014-03-02 20:38:38 ----D---- C:\Windows\System32 2014-03-02 20:36:47 ----D---- C:\Program Files\Common Files 2014-03-02 20:36:46 ----RD---- C:\Program Files 2014-03-02 20:31:23 ----D---- C:\Program Files\Internet Explorer 2014-03-02 19:06:16 ----D---- C:\Windows\system32\drivers 2014-03-02 19:04:44 ----SHD---- C:\Windows\Installer 2014-03-02 19:03:34 ----D---- C:\Windows\system32\catroot 2014-03-02 19:03:23 ----SD---- C:\ProgramData\Microsoft 2014-03-02 19:01:36 ----D---- C:\Windows\winsxs 2014-03-02 19:00:36 ----D---- C:\Windows\system32\catroot2 2014-03-02 18:59:12 ----SHD---- C:\System Volume Information 2014-03-02 10:30:46 ----D---- C:\Windows\Microsoft.NET 2014-03-02 09:55:58 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-03-02 09:55:48 ----D---- C:\Windows\inf 2014-03-02 09:28:13 ----D---- C:\Users\Johan\AppData\Roaming\DVDVideoSoft 2014-03-01 18:04:32 ----D---- C:\Windows\Performance 2014-03-01 15:58:32 ----A---- C:\Windows\system32\FlashPlayerApp.exe 2014-02-28 21:12:59 ----D---- C:\Program Files\Google 2014-02-28 21:02:17 ----SD---- C:\Users\Johan\AppData\Roaming\Microsoft 2014-02-28 19:45:23 ----D---- C:\Windows\Prefetch 2014-02-28 15:40:41 ----D---- C:\Windows\Minidump 2014-02-28 14:04:26 ----D---- C:\Users\Johan\AppData\Roaming\Azureus 2014-02-28 08:30:46 ----RSD---- C:\Windows\assembly 2014-02-28 08:22:00 ----A---- C:\Windows\BRWMARK.INI 2014-02-28 08:20:57 ----D---- C:\Windows\system32\en-US 2014-02-28 08:11:40 ----HD---- C:\Windows\system32\GroupPolicy 2014-02-27 13:30:01 ----D---- C:\Windows\system32\WDI 2014-02-27 11:12:47 ----D---- C:\Users\Johan\AppData\Roaming\Nitro PDF 2014-02-24 08:30:36 ----A---- C:\Windows\NeroDigital.ini 2014-02-14 11:03:03 ----D---- C:\Windows\system32\migration 2014-02-14 08:26:18 ----D---- C:\Windows\system32\MRT 2014-02-14 08:18:14 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 214696] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-07-31 43872] R1 pcwatch;pcwatch service; \??\C:\Windows\system32\Drivers\pcwatch.sys [2014-01-08 19840] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768] R2 regi;regi; \??\C:\Windows\system32\drivers\regi.sys [2007-04-17 11032] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 8192] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416] R3 E100B;Intel® PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-10-31 165760] R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-07 985600] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-07 207360] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 1899008] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856] R3 NETw4v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-14 2222080] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-12 181432] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-07 659968] R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384] S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456] S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160] S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184] S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-02-22 159232] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 1899008] S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064] S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-07-12 73344] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-02 128104] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 BcmSqlStartupSvc;Opstartservice voor SQL Server voor Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2009-02-23 30312] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208] R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2007-12-05 144688] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904] R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [2013-03-26 196624] R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824] R2 SQLBrowser;SQL Server-browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944] R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248] R3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] S2 ProtectMonitor;Protect Monitor; C:\monitorsvc.exe [2014-02-13 34244] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-01 257928] S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-27 194032] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-13 118896] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PCProtect;PCProtect; C:\Program Files\Web Protect\PCProtect.exe [2014-01-08 1265608] S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728] S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] -----------------EOF----------------- -
Malware
Johan Vancoillie reageerde op vancoillie johan's topic in Archief Bestrijding malware & virussen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows Vista Home Basic x86 Ran by Johan on zo 02/03/2014 at 21:31:40,53 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2085648268-594906628-2024494315-1007\Software\sweetim Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{40E3923B-2BF2-49C3-B167-4095773FDDEC} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\fighters" Successfully deleted: [Folder] "C:\Users\Johan\AppData\Roaming\fighters" Successfully deleted: [Folder] "C:\Users\Johan\appdata\local\cre" Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{014DB7A4-E2FB-4A67-AEF3-ADA0F88851D2} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{0211191B-C5E2-4844-ACCA-B602F25E4010} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{02342B0B-0808-4F20-BE10-29399DEBC9D5} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{02FFBC43-C834-4CDA-AD4B-74DC3CB6B06C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{0311540E-CA8B-4F08-9BF8-DE4B5FAFD00D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{03373123-2004-4E19-B061-F8A9F7ACB731} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{0414CA82-5927-421E-B3D9-E3378AB9A003} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{07BFF8FC-B5CF-427F-8CD9-0820120BEF3B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{09320116-F8D1-4F0B-A2F6-978A11230CC5} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{093220FA-F8FE-4166-AE1A-7A0476DA4B01} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{097C0A31-D1B0-4A1B-9582-88E0E70E88EA} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{0A34A3D5-04CA-4CA9-A85D-40D4A261B2A1} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{0B5031B9-809D-45F0-AC6A-17E21D01A176} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{0BB677DA-42F5-48C0-A408-D9184BFAD448} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{0DE19926-6100-4B32-BC56-3A211DC2CDDC} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{0E852099-3CFF-4726-9056-4A15F36CF899} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{0EAF4BB6-905F-4B1C-8FEF-5BFE9DABF905} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{103233FA-5C74-4C07-A89E-A5D39C006B0D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{10A5798C-ECD5-45F9-B29C-5E2F0125AD46} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{111A4720-31B6-4BA7-838C-5E22DE9F9275} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1131A5D9-EAED-43D9-AAE9-F7D0AF89D5A9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{11E360F4-2DEA-49C2-9ED5-D8769C552908} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{12337949-349C-4BC8-91C0-9E6D25F859F9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{130C30B1-2CDD-4E38-BA1A-A40AC919F6AB} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{134541DD-CE2E-4B2E-B18E-6E3D2A60190B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1435E40E-E94B-44BD-B3E0-2B33B2A9CC6B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{145A13E8-5D74-4481-A6B6-1B677A954ECE} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{150065B0-EAF5-4C71-A911-1A8E2E314343} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{151BF3FE-9ADB-4D16-9753-C3E0CF9E9605} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{15A462E1-E440-460E-9E5C-2C034371C74B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{15EA6168-E65B-4AA1-B909-BB8DB48BB116} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{16891FB5-A29E-40EC-B133-7309CBC62D1A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{16D00846-75E4-4461-BFF8-DAF9D044AC7E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{16D24C39-23D5-4887-A8EA-E1BA4769B149} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{183260D3-1AFC-4E84-B9C6-9F16488672A8} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1849E0D0-65D9-432A-ADBE-A416EA540C2A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1853DB6F-6FB5-45EB-B16D-4B23FD5C6087} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{187CAFF5-AEDC-4250-83EB-1BC343299BDE} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1A31F912-1539-4033-B6CB-D0606DE433A4} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1B9D9801-D4F3-4582-8A66-CFCD78FB947D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1BC4AD51-5623-45DE-8828-C429F3051182} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1BDE4C97-9F85-476F-8DFB-ACA6D6946F42} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1C33C156-8E60-49E4-86AE-F5D42E302007} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1C8F56F5-E52A-4130-AD35-410F5E8C8D77} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1E90F814-4F8A-4EE4-9DA5-C910DE4AEC9E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1EEF23EE-923E-4EE5-BBAB-5487632DFD83} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{1F228713-3E18-433B-891D-09402492712B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2061D4C0-BCD1-4592-A378-4CD88F310791} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{22850F4C-4058-4AC9-86C6-556EF2E40A68} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{232CFF61-2CFC-49C5-8377-0518539D4BB8} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2557A586-8CE2-4098-917B-CF5A68A19B81} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{25A0FCBD-27C4-4B11-85F9-930277711329} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2632F336-E511-46B5-9721-32D718B248F7} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2766412F-CBD8-4F0E-B807-A4B49DD4DA5E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{293C6E97-6B9C-4378-8ADD-6CA51FA5B4FD} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2A65CC73-0831-408C-934D-8208E2C5E98D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2ACAF054-1366-48AD-8437-BB76FC8C6E2A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2C6577F9-255E-4754-80B5-8918F8F72FB2} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2D3E2D51-A240-489F-B8C4-619E5BFBDC0F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2D4F8200-475D-48D1-8637-82B34AA373E9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2D745888-55A3-477B-AC9B-5227A7E973DB} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2D7944AA-A346-4EFF-9D20-F8B3534746A4} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2D9890EC-6256-405B-9008-5FEFE6F55ABE} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2DE4A91E-3113-4245-86AE-6C3A8D81232E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2DEB9893-45F2-4EBA-8A07-07FA73169537} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2F69E5ED-88B6-411F-A4C0-903BED057124} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{2FDDA7F6-AB08-46F6-8674-CA8CFDE64ECE} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{302F9497-5B62-4B5A-86B3-A1409B05D6D7} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{3059D2A8-CE1F-471C-BF58-656C170217F7} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{324866D2-F88C-449D-8C96-9E679D1BB1E0} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{33A24978-4493-4076-957A-B6ED240A5D38} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{33DC723C-6734-4A38-A986-FC3A70836836} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{342CEB8A-D623-4F8A-BF1B-C90DA2FE87AB} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{34334C70-822C-49F9-BEA0-F03E2AD4F1B3} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{349F9220-669B-4A37-9E49-BA696EFF831F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{35572FE6-4E7B-475D-9022-1A530E4DEE10} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{355B6BA3-E7E6-4AF6-B91C-338FC26DF4D3} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{368DEC6C-2176-4F21-84B4-260C15F0DC07} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{375A2750-69B0-451D-A75D-6FBB69692DD0} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{377E7B18-C314-4A71-8595-9B56798AAD63} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{37BC5E37-5E64-4D43-987B-D98E94E92D2D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{38C09079-E266-42C8-BABE-3DD9FD09A30E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{392DBD4E-C310-4FEF-BE81-4077067B87E3} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{3A1C2863-5A43-49B0-8987-2338611F4B0A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{3AA09194-1F1B-4BD7-BA1C-7387AE968565} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{3BA29C53-DD86-4212-B257-1D5DFE47E9B8} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{3C160FE5-2B72-4180-A01C-1E43B5C7E469} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{3C49C077-F9F8-466C-972B-C5FA7B7A77B6} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{3DDF9541-F17F-495F-AC66-E160D7B3701F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{3E2F7DFB-93F7-49D3-89B8-CB8F9C35F353} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{3F3347B0-CF9A-4FC2-A809-16E7AC60E6A9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{3FF21758-2B85-4C37-8468-2E96D126ADC1} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{406B529B-6628-4B43-BB04-67B9B09FE0C6} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{40B10FA5-FD83-4B74-9A3F-0EC6A87A681E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{40B1CC28-16F9-43C1-9723-D03863DCBBB7} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4255DB95-C182-4B73-B990-171F3A777C3B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{43492557-30BF-4129-A49E-31D1AF4E94C3} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4371E801-CEA0-49D2-98CB-3DC9A1C06178} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{43E23099-CAE2-4B69-8095-83878766EDC4} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{44267FFB-A0E6-4B41-868F-0512102100DF} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4530DC2D-60B4-41C7-8535-F0FC9995FCCA} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{455689F7-C8B5-48BF-9824-6ACC76DAC4D3} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{464E7643-3FEE-45C1-A055-751CA391EF8C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4697EB22-A461-4C8A-8BDD-B635D191D226} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{46F58F13-9769-4619-AAEB-88234FF3ACFF} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{488372F7-6D4C-42F1-90CF-D1C1F04D5F14} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4924F15D-9BB6-4836-BB5A-76F30F33A0DE} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{49BBED12-F391-4DF2-9F11-E4A1E880AB84} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4A3B2C84-757B-4C26-B340-18334417B0F2} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4A4FBBDB-C319-47CD-8B97-8B15836ACFA6} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4AC543FD-ABC6-45E1-8443-1F85AA0C8DB9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4AEB8962-AB37-4538-97B6-52200F87C5CE} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4B684110-B86F-4D99-80BC-7EFF0C1E5E28} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4B99C64A-05C2-4B1D-BC79-72D9F1C429A7} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4BDCE551-C6DF-46A4-81AB-A9911DF21608} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4BF69B48-DE49-4DC6-B979-D6696EA667AE} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4C57B850-5CB2-4B8E-A758-13F9BF63D6A4} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4D673684-CA3F-48B3-B95B-5F632BE00CA1} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4EB8AF73-B618-4CBC-B049-E043A56F29B0} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4F43F6ED-3935-4B73-9689-3726A6619F28} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4F831074-5336-44F4-94F0-F3F0010AEACA} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4F9075EB-2205-47B1-B0C7-FBD5AE2E9597} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{4FC3C3EA-F626-4883-A834-0DEF6246975E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{500079F6-F8D6-4147-9D63-D5AEF6DCCAE9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{5027F08E-2CBD-4471-BB10-78E43B071CEF} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{51399B15-A8A7-4F15-9157-0F68AF601A22} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{517E624D-1139-476E-9754-1A71B76110D1} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{51880F42-44A4-4C0A-937B-BE163F028098} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{51BA2735-B4EB-44A0-9195-53D448DE6F7B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{51D9E159-B801-4E0B-A279-CFECB1E31DA9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{524409FA-614A-43CE-8BD3-7C60D502ACAC} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{52A2DB26-399A-44B1-9BE0-39344687F20F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{52B7434E-62DD-41CC-9D0B-3FE991BE68D9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{5390D49E-188C-4AD9-BF74-5E9BD802CEBB} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{54005A58-9D16-4028-A710-BCCAAA66A53D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{557C2738-EF5F-4159-A560-41ED92EEF275} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{569EBEAF-DBED-44AE-BA53-133539689520} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{5716C044-2FA6-48EA-B05F-D4147B864560} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{5887DF7E-CDCF-49A4-852B-3AF45459BEBE} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{59367384-78B7-43F3-AA68-C94735B12BBB} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{598A1E65-057E-4724-9338-4EC9A77CD039} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{5AEDC8F6-F653-4F7A-A7DD-164DCC729686} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{5BE50345-1FFE-4348-8822-AE9EE1CEC812} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{5C180E9D-D249-4543-A1BF-9D158B86FEB5} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{5CCE1989-1333-4D0F-9E23-B8F04DFA9297} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{5CD7BE5F-CBAC-4047-A31A-9ACB93795721} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{5EA5841F-66B1-48CD-9A03-D752E309A8B4} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{60635AB5-BAB6-4880-B1FC-E111D89E9D0F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6063B982-3D38-4202-8879-15EE8AE3FA34} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6090D2B9-D025-47F3-9194-8798D9425769} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{61556964-5407-4DD0-8346-3E3E9040B82D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{61F68A7D-B757-4233-A320-872F8760DA7A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{625F731E-5772-4807-BB58-A2CB65F7413E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{62833D79-4103-4AE0-8120-FC98E456BD9A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{62BA6E95-F0D3-48AC-BDEB-7B08CE49E454} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{63F853F7-F7AB-423B-B691-B5F0A8B1DEB5} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6476EBB2-BAD7-4AB2-B5C8-8524DD019E37} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{64E7A23D-A590-4017-AB71-55DC456D58C6} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{653E1879-BD1D-4566-B6CA-E337AE002020} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6629B041-358B-43A9-975B-755E84DF9690} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{664A566C-147D-4D06-AC83-14B623F023C8} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{667DF693-866F-4134-A158-8CDB8F774FF5} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{671A16B9-483C-468E-938C-D17D4F2060E9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{68027E9A-9E0A-4997-8C0A-C247CE597904} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6896F2D1-4380-4496-8ADB-A4DFEB013E46} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{68EB2988-13A2-4381-80B9-AF5CAD50C50D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6967A001-5E13-43BF-947F-9689AB4619B1} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6A2028CF-B344-43D6-811F-A44303313E36} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6A323802-CFE7-4B77-8536-136E6D960C62} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6B21562C-CE32-44AF-8A25-48763C4B0257} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6BCD1A07-FC65-45BF-BF78-219147C982EE} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6BE84867-0B54-4D83-BA07-BEE66F78F1E2} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6C608EB5-B3F3-4269-A35C-3A7FA32D9006} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6DE9A371-13A9-4726-9410-6D93AF9399B7} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6E606A67-7AD6-40DE-819C-CF89DD31BD09} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6E664ECC-3C99-4D95-AA21-FDFD0CAF0135} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6F12EF45-FC90-41B4-B29A-DF22C252C7CF} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6F98AF81-EB07-4FED-9723-34E49699C3C4} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6FB9B6E1-EB1F-4216-9B58-65EA985AE883} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{6FEA5782-9119-4625-96B7-9A44319D65FF} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{704B361E-A92D-45FA-AC87-5FD9780F3245} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{71783D1A-FE73-4106-A170-F52BF58485BD} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{7247BE78-9C77-48A7-9634-AF666B5378AB} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{73648BEC-672E-4FF3-983D-1FC92163D812} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{7393A25B-E7CC-488A-A1ED-4A0F1542D12F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{73AE21D4-728F-4172-88DC-840F0B2819FD} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{745C68FF-1F64-4357-A2D5-8B726D6C9F6C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{74B51688-2206-4AD6-814F-292D7A2DB2F6} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{754ABA48-0777-4D08-8060-3365A5193E11} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{7564AB4A-2A91-40CE-ABDF-AD52ED505A02} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{764CCE08-500B-4F0F-BE52-B7AE9111A44A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{76AA573B-2065-4860-8EDF-31E0A24DE709} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{773D68F4-8AE1-49E8-87BD-D52FFCE906D6} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{77D542E1-0B54-471C-A33D-612C40913901} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{780CC3AE-17A3-4DFD-94FE-E4DEE36597CA} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{78628A17-136F-4ECE-8797-8C86DC773B45} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{79FADDE7-B682-402D-AB4A-BB272BA4C39E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{7B24D8A3-E937-43B9-8FBF-9B60A15BB595} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{7B3B3201-75F0-4741-8E51-8545ED711A32} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{7CC548B4-C636-4CF2-8F81-7AA17A389AC4} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{7ECA4009-9083-4DB0-A736-9897E4ABAF3C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{7F5206A7-C8AD-4D4C-9AA1-32A3029F6821} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{7F70D911-B5EF-463E-B05B-5A0DF9863CF1} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{7FF2D41B-DE1A-4397-9739-9286F25362A4} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{80B8D156-3878-4527-A304-50815D59CF51} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{80BDB13E-FF49-4890-8F07-10BCB3B0008E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8175F415-5A76-411E-ADD1-5B469698279F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{822CB2AC-5302-4AEB-8457-3551F3B80815} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8296058E-FD44-4E3F-B7E2-E56320A19799} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8434F2E5-4E71-433C-A6D8-092EC85FBE27} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{848E0098-C1E7-4D23-AEF4-D571E04FD67C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{84DE7544-F15C-45EE-89B5-9CA2E07AD546} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{85D614EA-8C51-4EC4-8A5D-62D759452018} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{85E6C012-DCB0-4367-8D3C-2AC0224AEB22} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8686E619-4340-41B5-920C-2DF6FD2B06A9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8753A986-4426-4485-9E3B-AC71D854D67D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{88264664-9255-4744-84A2-E0EE0EF6864A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{89B70835-9F5A-44CF-BB0A-6DEE75DB6449} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{89D5F1E1-94C3-4C0C-85DC-34F416D17F9D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8A0902DB-D1CC-4E5A-BF3F-3AFC793B5EB8} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8ACC19DF-7384-4898-AD5D-961B863D456F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8BCBFF62-1BC8-4A07-9A9B-A992BBF159BF} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8C151B66-5E5C-4194-B692-2CC0B78B00B5} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8C319E96-C798-4E7A-A51E-20B7636F1BE8} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8CFC2865-F412-4194-9918-D7903C810FE6} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8DF858E2-1E3D-4E62-B3F7-EFDC36CE958D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8E8230A6-8D95-4B59-B66C-ADAE38D7450C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8ED82368-D2E0-4B9F-A0BF-E610A67611AA} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{8F14AC48-A963-45C6-8816-168BC442D89E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{90722BE8-6211-4292-A768-F05080FF5D81} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{90946B71-C1BD-4404-B983-EA2CA7563118} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{90AAB465-7516-486B-93F1-5D8344AF4E53} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{91D28A07-EB70-41A7-834D-9A66E56192CA} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{91D9CA65-DE1A-420E-B2DB-F52D1D7A80EB} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{950660FE-FA61-472E-942D-95CC74BDF22F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{95BADAD5-E91A-40C9-AFD8-A3599C264A85} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{97B3CEF1-C4F4-4A53-888F-F9340A39BA13} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{97DA6C80-E016-446A-9D8F-39867AAD3CEB} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{97DCBDCD-BFD5-42C2-A8AA-698C29AFC24D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{993121E3-ACC8-4043-9D0B-52509831680D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{9B6E0FA0-362F-4056-96CA-10FACC212ECD} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{9D64C7D8-EF41-4EA1-83BC-2E6C0997228F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{9DA2DF52-56EC-475B-B882-5515667C6F83} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{9E563B78-8E56-4919-BF1B-D5FC86C60FC8} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{9E6B4908-FE53-4938-BF52-0B9A827DEB3B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{9E886BC0-7A73-4BEF-8C43-7419359ECB09} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{9F6A2112-D0E2-4523-9CC6-C4A302C2DE54} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A138F3B8-6DE2-421F-81BD-91415C7C1306} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A1F73766-8266-4AC5-8BCE-1DD58DDA3B8B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A30FEBFB-EF2B-4ECD-A54A-1BFD970F2E92} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A3BB1E88-1167-46DA-AA92-A1973BC97F2A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A3C7778A-6BCD-44BE-B3B6-865C0533997B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A544FF3B-7E34-4435-A1DD-96E53CBE7FE9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A56906A8-2B76-4DB8-A511-6410F3792707} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A6E8048A-8B62-425A-91C0-19D0C53807C1} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A82859B2-EBB8-4BB8-BFAE-86A770A70DA4} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A870C54B-6465-4C1C-B2C3-F70D0CA6677C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A8FE7C0A-9CE1-4349-A444-21E31A31154D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A9111624-7CEA-4533-B6E1-7FDCE6F4567F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A93FC94C-66EF-4ECA-AAB8-BA714FB96F02} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A94EA70F-6BC9-4234-8E4D-15CCEBE68D68} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{A9DAEDFA-243B-4408-9794-C6B7F1DB9265} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{AB95B496-7C8B-4F5F-AA3E-7F37C9691D75} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{AC057C9B-5055-4476-9F46-A5A4FF3EADBF} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{AC71B28E-DCF2-4BB7-8B0A-22F9C20BDB29} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{ACBB6E49-1FD6-4C77-B361-025E0C10CA6B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{AD34C4C0-05A9-417D-A15D-6350B337C248} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{AD5AFB9D-5CAB-491C-B422-7A80011AEFCB} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{AD752D7B-344F-4E6B-B1AA-D63108753FBF} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{AE4EFAE1-8E77-4710-A101-4F1B5C1E074F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{AEF3D2D8-FC9E-4CF4-BB55-881621AA2AE8} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{AFAE0C3B-4DCD-4E92-97CE-38E7BA743906} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B004B3D8-A0D8-4560-A4F2-512DF0A262C3} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B0507589-ED08-476E-8D0A-12363B8113E9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B23596E1-0F28-47B8-88A0-249FAD113030} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B253D494-6CB3-4892-BC03-6DC9AD997B7C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B2AD5078-DECD-411D-BDA4-EB5B6C845874} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B35673B8-CFF9-4C99-B5FD-7958E682C2B2} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B444F51F-90FF-4E07-BA97-F5E606CBB0AA} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B4765B2C-D722-44BC-925D-A70241E2218E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B514BB0B-3D6B-4F87-ADEC-16CE4DCF25C2} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B581E1CC-1C3D-4467-BCA7-52858FEABCEE} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B5CD1AA4-70ED-4CE6-84E9-DA55AEEBB443} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B5D3E063-42DB-4F22-898D-031544AE0074} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B68D19FF-FF7C-4B2F-B046-982F219B8228} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B7DF7897-53E7-4C7B-94D9-A27ED9146767} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B9112400-E5B7-4FDC-9DC2-56DF870FA90E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{B9E4F1DA-2B28-4FBF-BD7D-05D23550EB0F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{BC3F69DC-098A-4704-838A-F02D3EF0A0FA} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{BD19D864-4628-4429-8816-FB2F37104808} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{BD57C81B-9747-44D4-823F-0CC6B9379489} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{BDE9F563-1C1E-463A-BBC5-ADE715B92E28} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{BEFED14B-2746-4A4E-A608-5432DC7C0368} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{BF763B9B-17C7-48F0-8027-8C7463C68F4A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{BF9C4BDB-3F1C-4D42-838E-5829E7DE322F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C007B7FF-DBF8-4A74-BBDD-A8B6C91E3C3C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C00FBC10-94E9-4E01-A508-D8158C1F2B8D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C0342756-EDA9-4CA9-8C74-6E016F5CFE89} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C19BEC07-4DB9-4DC1-9B6D-4605DCCA899A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C1A87CCD-3546-4C4C-A599-0865F820C8EC} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C220C3E0-CCEC-452B-AB74-462FCBB307A7} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C2A0E31D-F92B-4914-807D-59ED145D655E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C302C513-1F9C-4CBA-A8FF-863F85F00392} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C3896E9E-D4B9-40DA-A01E-8D00D0DF653C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C3BD176B-2505-42CB-9FEF-3D79ADDFE267} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C4C1B088-B7A1-4ED9-B4AC-7B542E333C5B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C5A795EA-393F-4AAA-9561-519B27AAC62E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C7868857-AD95-4469-A7F0-6A039BF25D32} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C993EF1C-A8FA-451C-A64E-DBFA18B7C241} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{C9E758B4-0C43-4D4E-9148-1149634AFD47} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CA0FC95C-B126-43A9-BAD4-FBD04081E8E7} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CA12BD88-3C81-4F00-ADB9-0ED7AAB9B10E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CB115855-88DE-4C1D-AEAC-95D1177B3FF5} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CBADC4D4-2CED-4074-A2B5-FBBD192D4D45} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CBEFFEE7-620A-4B02-A79F-CAE4B6947CF0} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CC33D559-C66D-43D0-A7C9-DC2C6A0AB127} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CC41AB38-72F9-4AF3-AB8F-0B73D9E0C413} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CC755F4D-7563-400B-AC06-3321AD48FA3E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CCC40E49-A2FC-47D0-88B2-3DEB93215788} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CCE62615-A14F-4119-82A4-8C323DF6BE2D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CEA50241-9C5A-47A4-873A-EC0585A228C9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CEE41ACE-80F1-42EC-8290-C3750993A7D4} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CF862A1C-C2CD-4388-BDD5-82207973663A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CF981761-5852-4D6B-98B6-F89420DC62DC} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CFA39929-1BD0-4932-BE3F-13848706E59C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{CFC75FD2-E20D-4EDF-B896-89C760F4C4FE} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D07EABB2-1A02-486C-BC78-79D01B65F38E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D1732233-E285-4ED8-BADD-2198E0A57B2E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D184F789-1D84-4010-BAD2-1D47623DAAE2} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D1D768A8-7E1B-41C3-A376-228DEE968F7D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D297A1B1-BF9E-42EF-8AA1-959D66E93A1F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D3EE5D3D-4E7C-4314-8CE9-EEADEEC21189} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D435FB9D-98BE-45CD-9A8E-403E5334E1BE} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D48077CD-296C-4C47-A6D5-18D4D4862BCD} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D4D6A1AF-D916-42A9-8B2A-1E896D10C116} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D4DCF36C-06CB-46E0-B402-F49DBB334F13} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D51B3CBC-167C-44FE-B18F-8E99C672C3FB} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D5A4FE71-A6FC-4762-8952-20A972A1B49E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D64BF9AC-9493-48EA-B0F2-C46BF369B67D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D6B88019-EC24-49F3-B654-D20EAC16C544} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D75F9E0A-F29B-4A91-BBD9-6D66C58F9706} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D7E73B8C-F556-48D3-9A05-13B18509787B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D80F68D6-67C9-4EA5-AD0E-1BD7B02AE9D0} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D83824F0-9A96-4382-9C71-3848D601EB4D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D90C182C-0E1F-4EC9-8584-18E9B255323E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{D915B3FD-C8EB-4239-8C8A-AE24B3A3768D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{DA0DFFFB-4CF8-4197-AC8D-BBB22203D4DD} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{DA750129-DD81-4335-A141-A61117C8DC02} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{DB050F35-B325-40D2-8010-8BB6696CEBB9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{DD105793-D932-4D48-BBEC-C8C31175EAEC} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{DD6CA0A1-6252-4303-906B-4DEFBD42B05F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{DDD822D0-6248-43CA-8263-F49600C03D01} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{DE9B4379-96CE-4D77-905F-47292E3C7B07} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E0AB1BE0-038F-4B8B-BCC5-918FC671B79A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E18CF8DD-E8B0-4984-8169-63C98E47CB40} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E2D6CD0A-89D0-4281-8ECC-820AA1430817} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E36261DB-113D-4555-9A10-E15B257E42CD} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E3859A5F-C9A0-4B8B-A674-B3CDE9221768} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E3D7EFC7-93E1-41FB-8DB6-18F03863DD72} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E4E5CBCA-AE5B-4F6E-830F-D4B9943FAB6E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E52498BD-141F-46F8-BD7C-337060A75532} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E5F700E4-7CFD-4FBF-8409-5DA6DF6D3A16} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E66B512D-E194-4221-BE13-BEC5649FC138} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E66FA118-4BFB-4510-8099-F262B06C6BF7} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E827450B-46E5-455F-A007-A067F618E9A5} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E8B94022-9830-4459-B7C9-D86703081FB9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E9865A31-2804-41DE-B4AB-584D449B65B0} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{E9E4303E-B81F-4BA6-9490-07357A4AB844} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{EAA2E397-B0B5-4082-9174-1263CCEAB1E1} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{EAF1D7C4-7B6D-4986-9597-E147F6DD9721} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{EBD518B5-8EFB-4C2A-9DAB-C78859598EE1} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{EEA5E797-72E9-435D-9345-D4549B50D1B8} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{EF019AF5-83D3-414F-8D66-964099707716} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{EFC55785-A441-4052-909E-98067E92DE88} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F0578145-4901-4673-9C65-C216793C14A9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F18C5EAF-5899-4F96-BD9D-D35E7C4E3881} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F1E45BB5-C7A0-465A-9D71-852CD4221A3B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F25331D6-2472-4437-B63B-B6CAAB179C12} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F29B0C29-B5C7-45BD-A162-6705F6360822} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F36D8FBC-51D3-4DC5-8EBA-C1552E5643E5} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F4940405-FEB6-439E-9D60-959C6E2BB0C7} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F5328E4D-FA88-4992-9CE2-6DF9D525135C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F57F55B2-2780-44B1-A4D3-DA1E382B3214} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F6450271-6302-4517-8C72-A932A7441660} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F7235BBF-14C2-4938-A902-782A55CF5520} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F7285E22-E5D2-4B16-94B2-97C558EE3A34} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F80EDF9A-ABDE-4E7E-8960-DD5BED9F735E} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F81BA748-80C0-472C-88E8-C5319E87E92C} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F841F554-0C49-4AE1-B26C-D508A8CA6506} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F87FED8B-8647-4027-B8D8-5B94D5755C50} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F88BFE69-FEBF-47E5-9C49-BA2AE8DD5599} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F8C49FC8-9D45-462E-91F3-4758221D23AB} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F8DBCA39-61AC-432E-93B1-EB427C6925E0} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F8EC51AF-E71B-4A1B-845F-AE57D586C07F} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F91C6EBD-8A54-4784-BBCB-ACECD2FE1C5A} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{F9BA7FC4-CC07-4DC4-9317-371F60CA9925} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{FADF4CC0-A9C8-45E0-83D7-A16C103649C9} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{FB1EB56F-4AE8-4B4C-881C-AD77294DAF0D} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{FB805049-BAC5-4B68-BE64-326F79A71553} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{FBD1FF6D-B509-4F71-A05F-4D79434E2F21} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{FBE9A55C-0BBA-408B-B5EA-5FD61821256B} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{FE197E3C-EB78-42EC-9AE8-0CC4A4526A29} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{FE24D6EF-450B-4638-9AB6-01AF691F64C1} Successfully deleted: [Empty Folder] C:\Users\Johan\appdata\local\{FF263258-D8EA-4D90-8321-5CB4ED1EFE2D} ~~~ FireFox Emptied folder: C:\Users\Johan\AppData\Roaming\mozilla\firefox\profiles\zqeqhe5s.default\minidumps [4 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [blacklisted Policy] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on zo 02/03/2014 at 21:53:22,88 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
Malware
Johan Vancoillie reageerde op vancoillie johan's topic in Archief Bestrijding malware & virussen
# AdwCleaner v3.020 - Report created 02/03/2014 at 20:35:40 # Updated 27/02/2014 by Xplode # Operating System : Windows Vista Home Basic Service Pack 2 (32 bits) # Username : Johan - LPT_26 # Running from : C:\Users\Johan\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : APNMCP Service Deleted : Application Updater Service Deleted : ca82e1a5 Service Deleted : SelectionTool ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\AskPartnerNetwork Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Premium Folder Deleted : C:\ProgramData\SoftSafe Folder Deleted : C:\ProgramData\SweetIM Folder Deleted : C:\ProgramData\Systweak Folder Deleted : C:\Program Files\Application Updater Folder Deleted : C:\Program Files\AskBarDis Folder Deleted : C:\Program Files\AskPartnerNetwork Folder Deleted : C:\Program Files\AskTBar Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\ConduitEngine Folder Deleted : C:\Program Files\Optimizer Pro Folder Deleted : C:\Program Files\predm Folder Deleted : C:\Program Files\RegClean Pro Folder Deleted : C:\Program Files\SweetIM Folder Deleted : C:\Program Files\Vuze_Remote [!] Folder Deleted : C:\Program Files\Web Protect Folder Deleted : C:\Program Files\YouTube Downloader Toolbar Folder Deleted : C:\Program Files\Feven Pro Folder Deleted : C:\Program Files\Vuze Folder Deleted : C:\Program Files\BS_Player Folder Deleted : C:\Program Files\Download-DU Folder Deleted : C:\Program Files\yurls Folder Deleted : C:\Program Files\Common Files\Spigot Folder Deleted : C:\Users\mozaiek\AppData\Local\Temp\apn Folder Deleted : C:\Users\mozaiek\AppData\LocalLow\AVG Security Toolbar Folder Deleted : C:\Users\mozaiek\AppData\LocalLow\Conduit Folder Deleted : C:\Users\mozaiek\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\mozaiek\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\mozaiek\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\mozaiek\AppData\LocalLow\SweetIM Folder Deleted : C:\Users\mozaiek\AppData\LocalLow\Vuze_Remote Folder Deleted : C:\Users\mozaiek\AppData\LocalLow\BS_Player Folder Deleted : C:\Users\mozaiek\AppData\LocalLow\Download-DU Folder Deleted : C:\Users\mozaiek\AppData\LocalLow\yurls Folder Deleted : C:\Users\Johan\AppData\Local\Conduit Folder Deleted : C:\Users\Johan\AppData\Local\OpenCandy Folder Deleted : C:\Users\Johan\AppData\Local\SearchProtect Folder Deleted : C:\Users\Johan\AppData\Local\fst_be_25 Folder Deleted : C:\Users\Johan\AppData\Local\Temp\apn Folder Deleted : C:\Users\Johan\AppData\LocalLow\AVG Security Toolbar Folder Deleted : C:\Users\Johan\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Johan\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Johan\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Johan\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\Johan\AppData\LocalLow\SweetIM Folder Deleted : C:\Users\Johan\AppData\LocalLow\Vuze_Remote Folder Deleted : C:\Users\Johan\AppData\LocalLow\BS_Player Folder Deleted : C:\Users\Johan\AppData\LocalLow\Download-DU Folder Deleted : C:\Users\Johan\AppData\LocalLow\yurls Folder Deleted : C:\Users\Johan\AppData\Roaming\BabSolution Folder Deleted : C:\Users\Johan\AppData\Roaming\Babylon Folder Deleted : C:\Users\Johan\AppData\Roaming\NCdownloader Folder Deleted : C:\Users\Johan\AppData\Roaming\Systweak Folder Deleted : C:\Users\Johan\AppData\Roaming\VOPackage Folder Deleted : C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard Folder Deleted : C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage Folder Deleted : C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\zqeqhe5s.default\Extensions\46bccaaa-4500-481e-8908-9384802e175a@89a8fdd1-d807-4096-8025-a41093fce600.com Folder Deleted : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjdjfkkmlgacmnenfhafmkldaogiglb Folder Deleted : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg [!] Folder Deleted : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg File Deleted : C:\Windows\system32\conduitEngine.tmp File Deleted : C:\Users\Johan\AppData\Roaming\BabMaint.exe File Deleted : C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk File Deleted : C:\Users\Johan\Desktop\Optimizer Pro.lnk File Deleted : C:\Windows\System32\Tasks\BitGuard File Deleted : C:\Windows\System32\Tasks\EPUpdater File Deleted : C:\Windows\System32\Tasks\LaunchApp File Deleted : C:\Windows\Tasks\Feven Pro-chromeinstaller.job File Deleted : C:\Windows\System32\Tasks\Feven Pro-chromeinstaller File Deleted : C:\Windows\Tasks\Feven Pro-codedownloader.job File Deleted : C:\Windows\System32\Tasks\Feven Pro-codedownloader File Deleted : C:\Windows\Tasks\Feven Pro-enabler.job File Deleted : C:\Windows\System32\Tasks\Feven Pro-enabler File Deleted : C:\Windows\Tasks\Feven Pro-firefoxinstaller.job File Deleted : C:\Windows\System32\Tasks\Feven Pro-firefoxinstaller File Deleted : C:\Windows\Tasks\Feven Pro-updater.job File Deleted : C:\Windows\System32\Tasks\Feven Pro-updater ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\edfohacdfdemjkeejihknkmjkabndgkg Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\edfohacdfdemjkeejihknkmjkabndgkg [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{850192C1-B830-41BB-B52D-563C984E04B4} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{850192C1-B830-41BB-B52D-563C984E04B4} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A3E980F-00F5-4768-81E9-9E5492423F25} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A3E980F-00F5-4768-81E9-9E5492423F25} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C174CAF-8DC2-4C0F-9486-FFEA3701F340} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C174CAF-8DC2-4C0F-9486-FFEA3701F340} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E15F7159-2F48-41D0-A355-250ED5F69228} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E15F7159-2F48-41D0-A355-250ED5F69228} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C61AA18B-0188-4524-A8D0-6ED365074656} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C61AA18B-0188-4524-A8D0-6ED365074656} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FEB9A0B2-F0A7-44DF-9CDB-DBFA88DDC265} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEB9A0B2-F0A7-44DF-9CDB-DBFA88DDC265} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5A47167-4ABB-412C-BADE-A3C28E498C7F} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5A47167-4ABB-412C-BADE-A3C28E498C7F} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59EAEB47-5465-4C5F-B45E-72ACC79F6098} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59EAEB47-5465-4C5F-B45E-72ACC79F6098} Key Deleted : HKCU\Software\Classes\Applications\lollipop.exe Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_be_25] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051678.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051678.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051678.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051678.Sandbox.1 Key Deleted : HKCU\Software\5f52d6ddb16dec47 Key Deleted : HKLM\SOFTWARE\5f52d6ddb16dec47 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1607242 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2127187 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{855A01DB-C76C-4551-B7BB-4D5A120C6946} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46CF08E6-2E94-478C-94FD-8B2140C6FF10} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D560307-B2CC-48E1-8EAC-6A4C3D60B975} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1592276-BB54-4B69-BAD4-5E683D4E1002} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{65CAA9F3-0C20-4814-9B35-890A64EBFAD0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E10A83B-55E6-431F-ADA4-9C9EE3CE6990} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161178} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162278} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555165578} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566166678} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544164478} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402C-BA80-02D8C59F9B1D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403E-8DD8-394C54984B2C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46CF08E6-2E94-478C-94FD-8B2140C6FF10} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65CAA9F3-0C20-4814-9B35-890A64EBFAD0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511161178} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46CF08E6-2E94-478C-94FD-8B2140C6FF10} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65CAA9F3-0C20-4814-9B35-890A64EBFAD0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46CF08E6-2E94-478C-94FD-8B2140C6FF10} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65CAA9F3-0C20-4814-9B35-890A64EBFAD0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{855A01DB-C76C-4551-B7BB-4D5A120C6946} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2D560307-B2CC-48E1-8EAC-6A4C3D60B975} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C1592276-BB54-4B69-BAD4-5E683D4E1002} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1E10A83B-55E6-431F-ADA4-9C9EE3CE6990} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5a7022c2-8ede-49f1-81f7-689ffedd0a10} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9e0b7ada-c1ef-4cd7-8db7-076bf59ec271} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{728F0AA9-7582-444F-B1D1-AA795ABCF034} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CC4AC5D-5898-4552-B7C9-B1A3F74B0E8B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BB1EE8D-8352-4C37-8EEF-F888B3785F90} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B478FF90-F302-45BE-AD23-D62C17D2B246} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5DA006A-9D51-45FD-815F-36D77F69F12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B315127-7D99-45F6-855D-CDAD32866D8F} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{46CF08E6-2E94-478C-94FD-8B2140C6FF10}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{65CAA9F3-0C20-4814-9B35-890A64EBFAD0}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{46CF08E6-2E94-478C-94FD-8B2140C6FF10}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{65CAA9F3-0C20-4814-9B35-890A64EBFAD0}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9CB65206-89C4-402C-BA80-02D8C59F9B1D}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{46CF08E6-2E94-478C-94FD-8B2140C6FF10}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{65CAA9F3-0C20-4814-9B35-890A64EBFAD0}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{46CF08E6-2E94-478C-94FD-8B2140C6FF10}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{65CAA9F3-0C20-4814-9B35-890A64EBFAD0}] Key Deleted : HKCU\Software\AskPartnerNetwork Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\filescout Key Deleted : HKCU\Software\FreeSoftToday Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\installedbrowserextensions Key Deleted : HKCU\Software\lollipop Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\TutoTag Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\AskBarDis Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Feven Pro Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player Key Deleted : HKCU\Software\AppDataLow\Software\Download-DU Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote Key Deleted : HKCU\Software\AppDataLow\Software\yurls Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\Application Updater Key Deleted : HKLM\Software\AskPartnerNetwork Key Deleted : HKLM\Software\AskTBar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\conduitEngine Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Search Settings Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\Tutorials Key Deleted : HKLM\Software\Uniblue Key Deleted : HKLM\Software\Feven Pro Key Deleted : HKLM\Software\BS_Player Key Deleted : HKLM\Software\Download-DU Key Deleted : HKLM\Software\Vuze_Remote Key Deleted : HKLM\Software\yurls Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF67F764-95B6-4360-BB57-B2E5AA6C814B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Feven Pro Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Download-DU Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\yurls Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BF67F764-95B6-4360-BB57-B2E5AA6C814B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lollipop Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Feven Pro Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download-DU Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\yurls Toolbar Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~1.dll Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\467F76FB6B590634BB752B5EAAC618B4 Key Deleted : HKLM\Software\Classes\Installer\Features\467F76FB6B590634BB752B5EAAC618B4 Key Deleted : HKLM\Software\Classes\Installer\Products\467F76FB6B590634BB752B5EAAC618B4 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16533 -\\ Mozilla Firefox v27.0.1 (nl) [ File : C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\zqeqhe5s.default\prefs.js ] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.InstallationThankYouPage", true); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.InstallationTime", 1393750233); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.active", true); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.addressbar", "NA"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.addressbarenhanced", ""); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.asyncdb.was_copied", "true"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.asyncdb_dbWasSet", true); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.asyncdb_dbWasSet_FF25_FIX", true); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.asyncinternaldb.was_copied", "true"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.asyncinternaldb_dbWasSet", true); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.asyncinternaldb_dbWasSet_FF25_FIX", true); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.backgroundver", 1); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.certdomaininstaller", ""); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.changeprevious", false); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaardtijd))"[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.cookie.InstallationTime.value", "%221393750233%22"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaardtijd))")[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001080%22%2C%22sub_id%22%3A%220%22%2C%22uz[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.cookie._GPL_aoi.value", "%221393750500%22"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaardtijd)[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.cookie._GPL_parent_zoneid.value", "%22518537%22"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.cookie.jw_token.value", "%22b2c47027-a913-2af1-1d65-da7a36b58f56%22"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.description", "Feven Shopping Companion"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.domain", ""); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.enablesearch", false); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.homepage", ""); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.iframe", false); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaar[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22F68DED51BADC416AB37B81EB519AC[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaardtijd[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001080%22%2C%22sub_id%22%3A%220%22%2C%[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaar[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001080%22%2C%22sub_id%22%3A%220%2[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance [...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22F68DED51BADC416AB37B[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaardtij[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.Resources_appVer.value", "14"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaa[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.Resources_lastVersion.value", "1"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaardtijd)[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.Resources_meta.value", "%7B%7D"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.Resources_nextCheck.expiration", "Mon Mar 03 2014 02:28:05 GMT+0100 (Romance (standaard[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.Resources_nextCheck.value", "true"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaardtijd[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.Resources_queue.value", "%7B%7D"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (st[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaard[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.__defualt_browser__.value", "%22ff%22"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (standaardtijd))"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22F68DED51[...] Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.lastDailyReport", "1393788479655"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.lastUpdate", "1393788485441"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.manifesturl", ""); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.name", "Feven Pro"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.newtab", ""); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.opensearch", ""); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/51678/plugins/093/ff/plugins.json"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.pluginsversion", 10); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.publisher", "Feven"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.searchstatus", 0); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.setnewtab", false); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.thankyou", ""); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.updateinterval", 360); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.51678.ver", 14); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.FilesValidatorDueTime", "1393788521460"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.apps", "51678"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.bic", "14481ffdc2f75c1015f0541f7a9a689e"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.cid", 51678); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.firstrun", false); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.hadappinstalled", true); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.installationdate", 1393750433); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.modetype", "production"); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.reportInstall", true); Line Deleted : user_pref("extensions.a46bccaaa4500481e89089384802e175a89a8fdd1d80740968025a41093fce600com51678.statsDailyCounter", 2); Line Deleted : user_pref("extensions.crossrider.bic", "14481ffdc2f75c1015f0541f7a9a689e"); -\\ Google Chrome v33.0.1750.117 [ File : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [51728 octets] - [02/03/2014 20:32:01] AdwCleaner[s0].txt - [50398 octets] - [02/03/2014 20:35:40] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [50459 octets] ##########
OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!