windows sidebar

[harryzelf]

Even een vraagje, krijg ik via dit topic antwoord of op een ander topic. Ik krijg namelijk geen mail als er gereageerd wordt.

[Asus]

De antwoorden komen sowieso in dit topic...

[kweezie wabbit]

Ga naar start - alle programma's - bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor uitvoeren als administrator om het opdrachtprompt te openen.

Tik in: sc stop "UtilityChest_49Service" en druk op Enter.

Tik in: sc delete "UtilityChest_49Service" en druk op Enter.

Tik in exit en druk Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie en laat ons weten welke foutmelding je kreeg.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = {searchTerms} - (1)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = {searchTerms} - (1)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = {searchTerms} - (1)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = {searchTerms} - (1)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll

O2 - BHO: Search Assistant BHO - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll

O2 - BHO: Toolbar BHO - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\PROGRA~1\UTILIT~2\bar\1.bin\49bar.dll

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O3 - Toolbar: Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll

O4 - HKLM\..\Run: [utility Chest Search Scope Monitor] "C:\PROGRA~1\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [utilityChest_49 Browser Plugin Loader] C:\PROGRA~1\UTILIT~2\bar\1.bin\49brmon.exe

Klik op 'Fix checked' om de items te verwijderen.

Download MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• Update MalwareBytes' Anti-Malware
  
• Start MalwareBytes' Anti-Malware
  
• Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.
  

Klik daarna op "Voltooien".

Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Bij problemen!!! (Lees de onderstaande instructies)

• Malwarebytes' Anti-Malware Chameleon
  
• Problemen bij het installeren van Malwarebytes' Anti-Malware
  
• Problemen bij het updaten van Malwarebytes' Anti-Malware
  
• Problemen bij het starten van Malwarebytes' Anti-Malware
  

• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  
• Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  
• Druk vervolgens op "Scannen" om de scan te starten.
  
• Het scannen kan een tijdje duren, dus wees geduldig.
  
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  
• Herstart de computer indien nodig en post hierna de log in het volgende bericht, samen met een nieuw logje van hijackthis.
  

[harryzelf]

- - - Updated - - -

Ik heb het tot aan de Malware scan kunnen doen, als ik bij bekijk resultaten (28 st) alles aanvink en wil verwijderen loopt Malware vast en reageert niet. Ik heb dit 2 x geprobeerd.

Nu wil ik het zo weer gaan doen, moet ik dan vanaf het begin beginnen bij de opdrachtpropt of alleen de Malware scan uitvoeren??

[harryzelf]

Dit is één:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Databaseversie: v2013.07.13.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Eigenaar :: VISTAOEMPC [administrator]

Bescherming: Ingeschakeld

13-7-2013 23:16:56

mbam-log-2013-07-13 (23-16-56).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 213502

Verstreken tijd: 17 minuut/minuten, 20 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Audio HDi Driver (Backdoor.Agent) -> Data: "C:\Windows\system32\audiohd.exe" -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 28

C:\Users\Eigenaar\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Geen actie ondernomen.

C:\Users\Eigenaar\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Geen actie ondernomen.

Bestanden gedetecteerd: 2

C:\Program Files\Common Files\WUAuthHost.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Windows\System32\audiohd.exe (Backdoor.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

[harryzelf]

Hijtack ook gedaan, niet alles zoals boven genoemd stond er nog in. Logje? Hoe doe ik dit? Wat ik wel zag en misschien helpt dit je verder (mij niet, want ik heb geen idee wat ik aan het doen ben, vandaar mijn hulpvraag is het volgende wat ik tegen kwam bij Hijtack:

- - - Updated - - -

Bij info staat er: this registry value is deleted

[kweezie wabbit]

Bij info staat er: this registry value is deleted

Dit is slechts een voorbeeld.

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
  
  • Running processes
    
  • Recently Created
    
  • Startup Information
    
  • HijackThis Log
    
  • Shortcut Fix
    
  • Auto Clean
    

  [*] Klik nu op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

[harryzelf]

Zoek.exe Version 4.0.0.4 Updated 10-July-2013

Tool run by Eigenaar on zo 14-07-2013 at 12:37:59,47.

Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe

C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ShowMyPCService\tvnserver.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\ShowMyPCService\tvnserver.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\IncrediMail\Bin\IncMail.exe

C:\Program Files\IncrediMail\Bin\ImApp.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Eigenaar\Downloads\zoek.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

==== System Restore Info ======================

14-7-2013 12:39:22 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4095995041-3832249816-3250846818-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\qcifo69z.default

---- Lines BabylonToolbar removed from prefs.js ----

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.id", "76819b5200000000000000215dc74922");

user_pref("extensions.BabylonToolbar.instlDay", "15705");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.rvrt", "false");

user_pref("extensions.BabylonToolbar.tlbrId", "base");

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=76819b5200000000000000215dc74922&q=");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117243&tl=gkn316136&tt=0112_3");

user_pref("extensions.BabylonToolbar_i.excTlbr", false);

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.213:28:59");

---- Lines BabylonToolbar modified from prefs.js ----

---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=76819b5200000000000000215dc74922&q=");

user_pref("extensions.BabylonToolbar.id", "76819b5200000000000000215dc74922");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.instlDay", "15705");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.213:28:59");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar.tlbrId", "base");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar_i.excTlbr", false);

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117243&tl=gkn316136&tt=0112_3");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar.rvrt", "false");

user_pref("extensions.BabylonToolbar_i.newTab", false);

---- Lines incredibar removed from prefs.js ----

user_pref("extensions.incredibar_i.aflt", "orgnl");

user_pref("extensions.incredibar_i.dfltLng", "");

user_pref("extensions.incredibar_i.did", "10556");

user_pref("extensions.incredibar_i.excTlbr", "false");

user_pref("extensions.incredibar_i.hardId", "76819b5200000000000000215dc74922");

user_pref("extensions.incredibar_i.id", "76819b5200000000000000215dc74922");

user_pref("extensions.incredibar_i.installerproductid", "26");

user_pref("extensions.incredibar_i.instlDay", "15359");

user_pref("extensions.incredibar_i.instlRef", "");

user_pref("extensions.incredibar_i.ms_url_id", "");

user_pref("extensions.incredibar_i.newTab", false);

user_pref("extensions.incredibar_i.ppd", "1005");

user_pref("extensions.incredibar_i.prdct", "incredibar");

user_pref("extensions.incredibar_i.productid", "26");

user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

user_pref("extensions.incredibar_i.smplGrp", "none");

user_pref("extensions.incredibar_i.tlbrId", "base");

user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=1jSpLr0moeR&loc=IB_TB&i=26&search=");

user_pref("extensions.incredibar_i.upn2", "1jSpLr0moeR");

user_pref("extensions.incredibar_i.upn2n", "1108385110666082601");

user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");

user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");

user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2715:25:59");

---- Lines incredibar modified from prefs.js ----

---- Lines incredibar removed from user.js ----

user_pref("extensions.incredibar_i.newTab", false);

user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=1jSpLr0moeR&loc=IB_TB&i=26&search=");

user_pref("extensions.incredibar_i.id", "76819b5200000000000000215dc74922");

user_pref("extensions.incredibar_i.hardId", "76819b5200000000000000215dc74922");

user_pref("extensions.incredibar_i.instlDay", "15359");

user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");

user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");

user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2715:25:59");

user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

user_pref("extensions.incredibar_i.prdct", "incredibar");

user_pref("extensions.incredibar_i.aflt", "orgnl");

user_pref("extensions.incredibar_i.smplGrp", "none");

user_pref("extensions.incredibar_i.tlbrId", "base");

user_pref("extensions.incredibar_i.instlRef", "");

user_pref("extensions.incredibar_i.dfltLng", "");

user_pref("extensions.incredibar_i.excTlbr", "false");

user_pref("extensions.incredibar_i.ms_url_id", "");

user_pref("extensions.incredibar_i.upn2", "1jSpLr0moeR");

user_pref("extensions.incredibar_i.upn2n", "1108385110666082601");

user_pref("extensions.incredibar_i.productid", "26");

user_pref("extensions.incredibar_i.installerproductid", "26");

user_pref("extensions.incredibar_i.did", "10556");

user_pref("extensions.incredibar_i.ppd", "1005");

---- Lines mystart removed from prefs.js ----

---- Lines mystart modified from prefs.js ----

---- Lines snap.do removed from prefs.js ----

user_pref("browser.startup.homepage", "http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=74965875-e508-4c80-9a58-da3fcb03756f&searchtype=hp&installDate=09/06/2013");

user_pref("keyword.URL", "http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=74965875-e508-4c80-9a58-da3fcb03756f&searchtype=ds&installDate=09/06/2013&q=");

---- Lines snap.do modified from prefs.js ----

---- Lines Web Search removed from prefs.js ----

user_pref("browser.search.defaultengine", "Web Search");

user_pref("browser.search.selectedEngine", "Web Search");

---- Lines Web Search modified from prefs.js ----

---- Lines crossrider removed from prefs.js ----

---- Lines crossrider modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1316837539348},\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\",\"mtime\":1324733839819},\"crossriderapp498@crossrider.com\":{\"descriptor\":\"C:\\\\Users\\\\Eigenaar\\\\AppData\\\\Local\\\\RewardsArcade\\\\498\\\\Firefox\",\"mtime\":1370471705376}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1371928249894}}},{\"name\":\"winreg-app-user\",\"addons\":{\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\",\"mtime\":1324733839819}}},{\"name\":\"app-profile\",\"addons\":{\"addon@defaulttab.com\":{\"descriptor\":\"C:\\\\Users\\\\Eigenaar\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qcifo69z.default\\\\extensions\\\\addon@defaulttab.com.xpi\",\"mtime\":1370713305619},\"plugin@getwebcake.com\":{\"descriptor\":\"C:\\\\Users\\\\Eigenaar\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qcifo69z.default\\\\extensions\\\\plugin@getwebcake.com\",\"mtime\":1370775176978},\"tl_r@jetpack\":{\"descriptor\":\"C:\\\\Users\\\\Eigenaar\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qcifo69z.default\\\\extensions\\\\tl_r@jetpack.xpi\",\"mtime\":1371838924317}}}]");

---- Lines defaulttab removed from prefs.js ----

user_pref("extensions.defaulttab.lastUsed", 1362375694);

---- Lines defaulttab modified from prefs.js ----

user_pref("extensions.enabledAddons", "addon%40defaulttab.com:2.0,plugin%40getwebcake.com:1.00.01,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1");

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1316837539348},\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\",\"mtime\":1324733839819},\"disabledapp498@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\Eigenaar\\\\AppData\\\\Local\\\\RewardsArcade\\\\498\\\\Firefox\",\"mtime\":1370471705376}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1371928249894}}},{\"name\":\"winreg-app-user\",\"addons\":{\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\",\"mtime\":1324733839819}}},{\"name\":\"app-profile\",\"addons\":{\"addon@defaulttab.com\":{\"descriptor\":\"C:\\\\Users\\\\Eigenaar\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qcifo69z.default\\\\extensions\\\\addon@defaulttab.com.xpi\",\"mtime\":1370713305619},\"plugin@getwebcake.com\":{\"descriptor\":\"C:\\\\Users\\\\Eigenaar\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qcifo69z.default\\\\extensions\\\\plugin@getwebcake.com\",\"mtime\":1370775176978},\"tl_r@jetpack\":{\"descriptor\":\"C:\\\\Users\\\\Eigenaar\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qcifo69z.default\\\\extensions\\\\tl_r@jetpack.xpi\",\"mtime\":1371838924317}}}]");

---- FireFox user.js and prefs.js backups ----

user_14-07-2013_1243_.backup

prefs_14-07-2013_1243_.backup

==== Deleting Files \ Folders ======================

"C:\$Recycle.Bin\S-1-5-18\$d69ececcb91c2e58394ca27de11ca5e3" not found

"C:\ProgramData\.tv7" deleted

"C:\ProgramData\.zreglib" deleted

"C:\user.js" deleted

"C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\qcifo69z.default\searchplugins\Web Search.xml" deleted

"C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\qcifo69z.default\extensions\addon@defaulttab.com.xpi" deleted

"C:\user.js" deleted

"C:\end" deleted

"C:\Windows\Launcher.exe" deleted

"C:\Windows\system32\roboot.exe" deleted

"C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\qcifo69z.default\searchplugins\search-here.xml" deleted

"C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\qcifo69z.default\searchplugins\Web Search.xml" deleted

"C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\qcifo69z.default\extensions\addon@defaulttab.com.xpi" deleted

"C:\ProgramData\036DFF98D2A3A1E497CE3CE32F3B707C\036DFF98D2A3A1E497CE3CE32F3B707C" deleted

"C:\ProgramData\036DFF98D2A3A1E497CE3CE32F3B707C\036DFF98D2A3A1E497CE3CE32F3B707C.ico" deleted

"C:\ProgramData\7688FB55B3989B520000768884D3A1C5\7688FB55B3989B520000768884D3A1C5" deleted

"C:\Users\Eigenaar\AppData\Roaming\Ehsyc\ubyco.caf" deleted

"C:\Users\Eigenaar\AppData\Roaming\Qiteb\amimb.yka" deleted

"C:\Users\Eigenaar\AppData\Roaming\Kiunyc\ednia.ycx" deleted

"C:\Users\Eigenaar\AppData\Roaming\Toofto\yrzyi.meh" deleted

"C:\$Recycle.Bin\S-1-5-21-4095995041-3832249816-3250846818-1001\$d69ececcb91c2e58394ca27de11ca5e3" deleted

"C:\ProgramData\036DFF98D2A3A1E497CE3CE32F3B707C" deleted

"C:\ProgramData\7688FB55B3989B520000768884D3A1C5" deleted

"C:\Users\Eigenaar\AppData\Roaming\Omic" deleted

"C:\Users\Eigenaar\AppData\Roaming\Uwit" deleted

"C:\Users\Eigenaar\AppData\Roaming\Ehsyc" deleted

"C:\Users\Eigenaar\AppData\Roaming\Qiteb" deleted

"C:\Users\Eigenaar\AppData\Roaming\Qyvad" deleted

"C:\Users\Eigenaar\AppData\Roaming\Xuerv" deleted

"C:\Users\Eigenaar\AppData\Roaming\Anbapu" deleted

"C:\Users\Eigenaar\AppData\Roaming\Kiunyc" deleted

"C:\Users\Eigenaar\AppData\Roaming\Toofto" deleted

"C:\$Recycle.Bin\S-1-5-21-4095995041-3832249816-3250846818-1001\$d69ececcb91c2e58394ca27de11ca5e3\L" deleted

"C:\$Recycle.Bin\S-1-5-21-4095995041-3832249816-3250846818-1001\$d69ececcb91c2e58394ca27de11ca5e3\U" deleted

"C:\Program Files\Common Files\337" deleted

"C:\Program Files\Desk 365" deleted

"C:\Program Files\UtilityChest_49" deleted

"C:\Program Files\Red Sky" deleted

"C:\Program Files\Wajam" deleted

"C:\Users\Eigenaar\AppData\Roaming\WebCake" deleted

"C:\Users\Eigenaar\AppData\Roaming\ParetoLogic" deleted

"C:\Users\Eigenaar\AppData\Roaming\DriverCure" deleted

"C:\Users\Eigenaar\AppData\Roaming\Babylon" deleted

"C:\Users\Eigenaar\AppData\Roaming\iWin" deleted

"C:\Users\Eigenaar\AppData\Roaming\Systweak" deleted

"C:\Users\Eigenaar\AppData\Roaming\OpenCandy" deleted

"C:\ProgramData\eSafe" deleted

"C:\ProgramData\boost_interprocess" deleted

"C:\ProgramData\ParetoLogic" deleted

"C:\ProgramData\Tarma Installer" deleted

"C:\ProgramData\Babylon" deleted

"C:\ProgramData\Trymedia" deleted

"C:\Users\Eigenaar\AppData\Local\RewardsArcade" deleted

"C:\Users\Eigenaar\AppData\Local\DownTango" deleted

"C:\Users\Eigenaar\AppData\LocalLow\DownTangoLauncherToolbar" deleted

"C:\Users\Eigenaar\AppData\LocalLow\PriceGong" deleted

"C:\Users\Eigenaar\AppData\LocalLow\Conduit" deleted

"C:\Windows\System32\AI_RecycleBin" deleted

"C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\qcifo69z.default\jetpack" deleted

==== Registry Search Results for "$d69ececcb91c2e58394ca27de11ca5e3" ======================

No instances of string "$d69ececcb91c2e58394ca27de11ca5e3" found.

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-06-16 11:32:03 E0EC697CA2F57FE0EF05DD0A3546EC1B 31 ----a-w- C:\Windows\¨@‚

====== C:\Users\Eigenaar\AppData\Local\Temp ====

====== C:\Windows\system32 =====

2013-07-13 00:56:53 89A54A834EC2C491E392DEEDB12C1489 420864 ----a-w- C:\Windows\System32\vbscript.dll

2013-07-13 00:56:53 6F6FDAF8E416D57BB0EEDABEA4EA5CB3 73216 ----a-w- C:\Windows\System32\mshtmled.dll

2013-07-13 00:56:53 35F3994C835BDC8D49BB0C9D109CB404 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-13 00:56:52 DE619D79F43D32BF4DAE94DEADBAE835 65024 ----a-w- C:\Windows\System32\jsproxy.dll

2013-07-13 00:56:52 D5121EFDD2AB1D13C1AD547643A0E60D 176640 ----a-w- C:\Windows\System32\ieui.dll

2013-07-13 00:56:52 3EE3B82886C5D092C9E451725B8E62B5 607744 ----a-w- C:\Windows\System32\msfeeds.dll

2013-07-13 00:56:52 1C8584993935BA0820EAD9F7CF8770A2 142848 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-07-13 00:56:51 F2DF250C50297E0ACD7E55ED31F1683E 1800704 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-13 00:56:51 EA952A5C277CABCBA69EA806146BB984 1129472 ----a-w- C:\Windows\System32\wininet.dll

2013-07-13 00:56:51 D7F3D80EA8A7DD20A9BB7FD3788AB90A 231936 ----a-w- C:\Windows\System32\url.dll

2013-07-13 00:56:51 4E6447D6211663A9119C27C6784D65F7 717824 ----a-w- C:\Windows\System32\jscript.dll

2013-07-13 00:56:50 501E7642455831A51448F82C1C468538 1796096 ----a-w- C:\Windows\System32\iertutil.dll

2013-07-13 00:56:50 4360E018EE8B40454CAAC75792B880C0 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-07-13 00:56:50 39EC64DDBEB1C233589ED9954C209E38 1104384 ----a-w- C:\Windows\System32\urlmon.dll

2013-07-13 00:56:49 F5860C2D91EA9AF29C7144FD7D94D9AC 9738752 ----a-w- C:\Windows\System32\ieframe.dll

2013-07-13 00:56:48 7BD6A6DFA75B665FA8F21BB21E59EC11 12333568 ----a-w- C:\Windows\System32\mshtml.dll

2013-07-13 00:27:45 9231729FCC7EEFD9D79CBD27DF478D6A 1069056 ----a-w- C:\Windows\System32\DWrite.dll

2013-07-13 00:27:45 119ACA7CADCA75BEA6B38E999443BAA6 798208 ----a-w- C:\Windows\System32\FntCache.dll

2013-07-13 00:27:44 FC372B624FDC710B73D9E0529ED85A24 1172480 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-07-13 00:27:44 BCFCB65EF3C7D1DD3909F36711D19CE9 486400 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-07-13 00:27:44 896C2E9A793AB8FAA1E877A930C1C4DF 160768 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-07-13 00:27:44 55B7CEFFB07BABB860DAC8AEE131465D 683008 ----a-w- C:\Windows\System32\d2d1.dll

2013-07-13 00:27:44 453072303037A5E6A57A6159C0136C10 189952 ----a-w- C:\Windows\System32\d3d10core.dll

2013-07-13 00:27:44 3C6CFE87EC015FC35F0146AAD4028D7F 219648 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-07-13 00:27:44 0A20C9C3F82C5931AC4A30168284D032 1029120 ----a-w- C:\Windows\System32\d3d10.dll

2013-07-13 00:27:43 7AB206A2C22648EFC67224D6D3CA918A 2049024 ----a-w- C:\Windows\System32\win32k.sys

2013-07-13 00:27:26 26B7512FAF33ECD0356874BBB20A9E20 505344 ----a-w- C:\Windows\System32\qedit.dll

2013-07-13 00:27:16 27E8F27DB8EA298A7A4897767BFE2101 1548288 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-11 07:33:31 1D9B3568CFDB55316985A053D6D96030 94632 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll

2013-07-07 03:43:11 F92AD9FF7E2587E0E3CF33DB318D5916 361800 ----a-w- C:\Windows\System32\FNTCACHE.DAT

====== C:\Windows\system32\drivers =====

2013-07-13 19:52:16 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

====== C:\Windows\Tasks ======

2013-06-26 13:07:16 3B8B160031C38FA7EC9058D557D493A4 3792 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater

2013-06-26 13:07:16 13EE0F8D4AFD437D96B60AF564EE6BDC 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-16 12:34:07 758F9B80387F70DC120E38DE0959E3E9 3324 ----a-w- C:\Windows\system32\Tasks\Advanced System Protector

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-07-12 22:46:14 -------- d-----w- C:\Program Files\IncrediMail(33)

2013-07-10 22:49:58 -------- d-----w- C:\Program Files\Trend Micro

2013-07-05 22:44:51 -------- d-----w- C:\Program Files\FileViewPro

2013-07-05 08:00:24 -------- d-----w- C:\Program Files\iPod

2013-07-05 08:00:18 -------- d-----w- C:\Program Files\iTunes

2013-06-21 14:30:04 -------- d-----w- C:\Program Files\Microsoft Silverlight

2013-06-15 00:13:18 -------- d-----w- C:\Program Files\Convar

======= C: =====

====== C:\Users\Eigenaar\AppData\Roaming ======

2013-07-06 23:29:17 F513BD68C23D1D506736EEFC3F1F8AF3 101224 ----a-w- C:\users\Eigenaar\AppData\Local\GDIPFONTCACHEV1.DAT

2013-07-05 22:45:15 -------- d-----w- C:\users\Eigenaar\AppData\Roaming\IsolatedStorage

2013-07-05 22:45:05 -------- d-----w- C:\users\Eigenaar\AppData\Local\_

2013-06-30 22:10:45 -------- d-----w- C:\users\Eigenaar\AppData\Roaming\Desktop Sidebar

2013-06-15 00:13:18 -------- d-----w- C:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar

====== C:\Users\Eigenaar ======

2013-07-11 07:32:01 CB3D6925F815C86B1BF6CE41BA3EEDB2 903080 ----a-w- C:\Users\Eigenaar\Downloads\jxpiinstall(2).exe

2013-07-05 22:45:15 -------- d-----w- C:\ProgramData\IsolatedStorage

2013-07-05 22:44:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro

2013-07-05 08:01:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2013-07-05 08:00:18 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-06-26 12:47:35 -------- d-----w- C:\ProgramData\F-Secure

2013-06-24 04:37:34 7CFAA9BEDCDE2843610DBBB7CF2A7CA4 75940 ----a-w- C:\Users\Eigenaar\vacature uplus.pdf

2013-06-24 04:37:33 44778583F3ABA92E1603AE23CFA0B998 24064 ----a-w- C:\Users\Eigenaar\sollicitatiebrief.doc

2013-06-21 14:30:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2013-06-16 11:32:03 -------- d-----w- C:\ProgramData\Weskysoft

====== C: exe-files ==

2013-07-13 19:51:19 0FB6D382FA5FBF72D05FC2A4503B7DF2 10156344 ----a-w- C:\Users\Eigenaar\Desktop\Newsleecher Uitgepakt\!RnE - 2013.07.13 21.51.19 - 5435345435435354530\mbam-setup-1.70.0.1100.exe

2013-07-13 00:56:52 1C8584993935BA0820EAD9F7CF8770A2 142848 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-07-13 00:56:51 EE12BA876C4190532A4085994BA9B616 757400 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-07-13 00:27:19 FC1CDF0AC20808719891DD6D965B8F99 299160 ----a-w- C:\Windows\System32\XPSViewer\XPSViewer.exe

2013-07-12 23:45:50 6466C051022547489D3409205128881B 59784 ----atw- C:\Program Files\Google\Update\1.3.21.153\GoogleUpdateBroker.exe

2013-07-12 23:45:50 1CA3976D1B1FE826ADF339F90AC25C60 59784 ----atw- C:\Program Files\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe

2013-07-12 23:45:48 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Program Files\Google\Update\1.3.21.153\GoogleUpdateSetup.exe

2013-07-12 23:45:32 D9A08472D8D0218A0AE2C9D9F63EA531 290696 ----atw- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

2013-07-12 23:45:31 8726802EA4FBFFA3FD54FD2449BF51D4 217992 ----atw- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe

2013-07-12 23:45:30 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.21.153\GoogleUpdate.exe

2013-07-12 23:45:24 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153\GoogleUpdateSetup.exe

2013-07-11 07:32:01 CB3D6925F815C86B1BF6CE41BA3EEDB2 903080 ----a-w- C:\Users\Eigenaar\Downloads\jxpiinstall(2).exe

2013-07-09 04:08:23 7554CBF4B2ACADB2C42A6B7E02070D46 65502 ----a-w- C:\Users\Eigenaar\Pictures\Nieuwe map\sidebar.exe

=== C: other files ==

2013-07-13 19:52:16 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-07-13 00:27:43 7AB206A2C22648EFC67224D6D3CA918A 2049024 ----a-w- C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-4095995041-3832249816-3250846818-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"EaseUs Watch"="C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"

"EaseUs Tray"="C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"

"USB2Check"="RUNDLL32.EXE C:\Windows\system32\PCLECoInst.dll,CheckUSBController"

"tvncontrol"="C:\Program Files\ShowMyPCService\tvnserver.exe -controlservice -slave"

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

==== Startup Folders ======================

2011-12-24 13:25:09 1117 ----a-w- C:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

2011-11-28 22:32:28 1152 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

2011-12-24 13:35:17 1974 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26-06-2013 15:49]

C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files\Glary Utilities\initialize.exe [07-12-2012 02:22]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [07-12-2011 10:57]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [07-12-2011 10:57]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\qcifo69z.default

- WebCake - %ProfilePath%\extensions\plugin@getwebcake.com

- TimeLineRemove.Com - %ProfilePath%\extensions\tl_r@jetpack.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\qcifo69z.default

101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update

ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25

D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17

3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash

F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In

270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

69505F9C479C4FF95621C3E1A7B6E5CE - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

D1CC5365F151777DF447242E476796BA - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat

A843FC35574ECFD9E7A41C5505A9921B - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

CE3D390F8BC1FECF847ABAA6E887931E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin

7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight

DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

==== Deleting Files \ Folders ======================

"C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\qcifo69z.default\extensions\plugin@getwebcake.com" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dcmagccbogebndpoodhhhafmofelpffh - C:\Users\Eigenaar\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx[]

dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\IB Updater\source.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.startpagina.nl/"

"Default_Search_URL"="http://www.google.com"

"Start Default_Page_URL"="http://search.certified-toolbar.com?si=41460&home=true&tid=592"

"Use Search Asst"="yes"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.certified-toolbar.com?si=41460&home=true&tid=592"

"Start Default_Page_URL"="http://search.certified-toolbar.com?si=41460&home=true&tid=592"

"Default_Search_URL"="http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="

"Search Bar"="http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="

"Search Page"="http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Default_Search_URL"="http://www.google.com"

"Search Page"="http://www.google.com"

"Start Default_Page_URL"="http://search.certified-toolbar.com?si=41460&home=true&tid=592"

"Search Bar"="http://www.google.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=74965875-e508-4c80-9a58-da3fcb03756f&searchtype=ds&q={searchTerms}&installDate=09/06/2013"

"(Default)"="http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=74965875-e508-4c80-9a58-da3fcb03756f&searchtype=ds&q={searchTerms}&installDate=09/06/2013"

@="http://www.google.com/search?q=%s"

"(Default)"="http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]

"Start Page"="http://search.certified-toolbar.com?si=41460&home=true&tid=592"

"Start Default_Page_URL"="http://search.certified-toolbar.com?si=41460&home=true&tid=592"

"Default_Search_URL"="http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="

"Search Bar"="http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="

"Search Page"="http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"Start Page"="http://search.certified-toolbar.com?si=41460&home=true&tid=592"

"Start Default_Page_URL"="http://search.certified-toolbar.com?si=41460&home=true&tid=592"

"Default_Search_URL"="http://www.google.com/"

"Search Bar"="http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="

"Search Page"="http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Start Page"="http://search.certified-toolbar.com?si=41460&home=true&tid=592"

"Start Default_Page_URL"="http://search.certified-toolbar.com?si=41460&home=true&tid=592"

"Search Bar"="http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="

"Search Page"="http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.startpagina.nl/"

"Use Search Asst"="no"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4095995041-3832249816-3250846818-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF67755F-9265-449C-87CF-B945519E073B} deleted successfully

HKEY_USERS\S-1-5-21-4095995041-3832249816-3250846818-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CF67755F-9265-449C-87CF-B945519E073B} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{CF67755F-9265-449C-87CF-B945519E073B} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4095995041-3832249816-3250846818-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CF67755F-9265-449C-87CF-B945519E073B} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Default\Desktop\Nero Express.lnk - C:\Program Files\Nero\Nero Burning ROM\nero.exe /w

C:\Users\Eigenaar\Desktop\IncrediMail 2.0.lnk - C:\Program Files\IncrediMail\Bin\IncMail.exe

C:\Users\Eigenaar\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Eigenaar\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Eigenaar\Desktop\Nero Express.lnk - C:\Program Files\Nero\Nero 9\Nero Express\NeroExpress.exe /w

C:\Users\Eigenaar\Desktop\PhotoFiltre 7.lnk - C:\Program Files\PhotoFiltre 7\PhotoFiltre7.exe

C:\Users\Eigenaar\Desktop\Ricochet Infinity.lnk - C:\Program Files\Ricochet Infinity\RicochetInfinity.exe

C:\Users\Eigenaar\Desktop\Zoeken_2010.exe - Snelkoppeling (2).lnk - C:\Users\Eigenaar\Documents\Van alles overig\Zoeken_2010\Zoeken_2010.exe

C:\Users\Eigenaar\Desktop\hulpjes\Aangifte inkomstenbelasting 2011.lnk - C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2011\ib2011.exe

C:\Users\Eigenaar\Desktop\hulpjes\Aangifte inkomstenbelasting 2012.lnk - C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2012\ib2012.exe

C:\Users\Eigenaar\Desktop\hulpjes\Adobe Digital Editions.lnk - C:\Program Files\Adobe\Adobe Digital Editions\digitaleditions.exe

C:\Users\Eigenaar\Desktop\hulpjes\Albelli.lnk - C:\Users\Eigenaar\AppData\Local\Albelli Fotoboeken\apc.exe

C:\Users\Eigenaar\Desktop\hulpjes\Alt.Binz.lnk - C:\Program Files\AltBinz\altbinz.exe

C:\Users\Eigenaar\Desktop\hulpjes\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe

C:\Users\Eigenaar\Desktop\hulpjes\Driver Webcam.lnk - C:\Users\Eigenaar\Downloads\CMOS_Camera_Chicony_CNF6131_vt32_64_081105

C:\Users\Eigenaar\Desktop\hulpjes\EaseUS Todo Backup Free 3.5.lnk - C:\Program Files\EaseUS\Todo Backup\bin\Loader.exe

C:\Users\Eigenaar\Desktop\hulpjes\Glary Utilities.lnk - C:\Program Files\Glary Utilities\Integrator.exe

C:\Users\Eigenaar\Desktop\hulpjes\HiJackThis.lnk - C:\Users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\Eigenaar\Desktop\hulpjes\HP Solution Center.lnk - C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe

C:\Users\Eigenaar\Desktop\hulpjes\IncrediMail.lnk - C:\Program Files\IncrediMail\Bin\IncMail.exe

C:\Users\Eigenaar\Desktop\hulpjes\Instant DVD Recorder.lnk - C:\Program Files\Pinnacle\Instant DVD Recorder\D2dWizard.exe

C:\Users\Eigenaar\Desktop\hulpjes\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Eigenaar\Desktop\hulpjes\iTunes (2).lnk - C:\Program Files\iTunes\iTunes.exe

C:\Users\Eigenaar\Desktop\hulpjes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe

C:\Users\Eigenaar\Desktop\hulpjes\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Eigenaar\Desktop\hulpjes\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe

C:\Users\Eigenaar\Desktop\hulpjes\NewsLeecher.lnk - C:\Program Files\NewsLeecher\newsLeecher.exe

C:\Users\Eigenaar\Desktop\hulpjes\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe

C:\Users\Eigenaar\Desktop\hulpjes\Samsung Kies.lnk - C:\Program Files\Samsung\Kies\Kies.exe

C:\Users\Eigenaar\Desktop\hulpjes\Skype.lnk -

C:\Users\Eigenaar\Desktop\hulpjes\Spotify.lnk - C:\Users\Eigenaar\AppData\Roaming\Spotify\spotify.exe

C:\Users\Eigenaar\Desktop\hulpjes\TeamViewer.lnk - C:\Program Files\TeamViewerTJCS.exe

C:\Users\Eigenaar\Desktop\hulpjes\van alles.lnk - C:\Program Files\FolderDefence\FolderDefence.exe

C:\Users\Eigenaar\Desktop\hulpjes\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe

C:\Users\Eigenaar\Desktop\hulpjes\Zoeken_2010.exe - Snelkoppeling.lnk - C:\Users\Eigenaar\Documents\Van alles overig\Zoeken_2010\Zoeken_2010.exe

C:\Users\Eigenaar\Desktop\hulpjes\bel\Aangifte inkomstenbelasting 2011.lnk - C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2011\ib2011.exe

C:\Users\Eigenaar\Desktop\hulpjes\filmhulp\Adobe Photoshop 7.0.1.lnk - C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe

C:\Users\Eigenaar\Desktop\hulpjes\filmhulp\ImgBurn.lnk - C:\Program Files\ImgBurn\ImgBurn.exe

C:\Users\Eigenaar\Desktop\hulpjes\filmhulp\Internet - Snelkoppeling.lnk -

C:\Users\Eigenaar\Desktop\hulpjes\filmhulp\PrintCenter cd-labels.lnk - C:\Program Files\DATA BECKER\PrintCenter cd-labels\CDL3.exe

C:\Users\Eigenaar\Desktop\hulpjes\filmhulp\UnderCoverXP.lnk - C:\Program Files\UnderCoverXP\UnderCoverXP.exe

C:\Users\Eigenaar\Desktop\hulpjes\Jeroen\ADMINISTRATIE\Aangifte inkomstenbelasting 2012.lnk - C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\jeroen2012\ib2012.exe

C:\Users\Eigenaar\Desktop\hulpjes\Jeroen\ADMINISTRATIE\belasting 2010\Aangifte inkomstenbelasting 2010.lnk - C:\Users\Eigenaar\Desktop\Jeroen\belasting 2010\2010\ib2010.exe

C:\Users\Eigenaar\Desktop\hulpjes\Jeroen\ADMINISTRATIE\belasting 2011\Aangifte inkomstenbelasting 2011.lnk - C:\Users\Eigenaar\Desktop\Jeroen\2011\ib2011.exe

C:\Users\Eigenaar\Desktop\hulpjes\Jeroen\ADMINISTRATIE\jeroen1\fotoos dylano enzo\DSCF0195.JPG.lnk - C:\Users\Eigenaar\Desktop\hulpjes\Jeroen\ADMINISTRATIE\jeroen1\fotoos dylano enzo\DSCF0195.JPG

C:\Users\Eigenaar\Desktop\hulpjes\Jeroen\ADMINISTRATIE\jeroen1\fotoos dylano enzo\IMG-20120227-00065.jpg.lnk - C:\Users\Eigenaar\Desktop\hulpjes\Jeroen\ADMINISTRATIE\jeroen1\fotoos dylano enzo\IMG-20120227-00065.jpg

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe

C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar\PC Inspector File Recovery\PC Inspector File Recovery Help.lnk - C:\Program Files\Convar\PC Inspector File Recovery\help.chm

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar\PC Inspector File Recovery\PC Inspector File Recovery.lnk - C:\Program Files\Convar\PC Inspector File Recovery\Filerecovery.exe

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar\PC Inspector File Recovery\Uninstaller.lnk - C:\Program Files\Convar\PC Inspector File Recovery\Uninstall.exe

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro\FileViewPro.lnk - C:\Program Files\FileViewPro\FileViewPro.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro\Verwijder FileViewPro.lnk - C:\Program Files\FileViewPro\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.20513.0\Silverlight.Configuration.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk - C:\Program Files\Adobe\Adobe Digital Editions\digitaleditions.exe

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk - C:\Program Files\Glary Utilities\Integrator.exe

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk - C:\Program Files\IncrediMail\Bin\IncMail.exe

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet - Snelkoppeling.lnk -

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\NewsLeecher.lnk - C:\Program Files\NewsLeecher\newsLeecher.exe

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\RicochetInfinity.exe - Snelkoppeling.lnk - C:\Users\Eigenaar\Downloads\Program Files\Oberon Media\Ricochet Infinity\RicochetInfinity.exe

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: (no name) - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"

O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"

O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController

O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\ShowMyPCService\tvnserver.exe" -controlservice -slave

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\ShowMyPCService\tvnserver.exe

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Eigenaar\Documents\PC_VAN_HARRY\Backup Set 2011-11-05 172340\Backup Files 2011-11-05 172340\Backup files 105\C\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Eigenaar\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on zo 14-07-2013 at 12:52:55,16 ======================

- - - Updated - - -

Is wel veel info, nou ben ik een verschrikkele leek op dit gebied, maar is het niet risicovol om dit allemaal in het openbaar te plaatsen????

14 juli 2013 aangepast door harryzelf
dubbel

[kweezie wabbit]

Is wel veel info, nou ben ik een verschrikkele leek op dit gebied, maar is het niet risicovol om dit allemaal in het openbaar te plaatsen????

Je hoeft niet bang te zijn dat er persoonlijke informatie openbaar wordt gemaakt.

Het enige persoonlijke wat er in de logjes staat is de naam van je account en daar kan niemand wat mee doen.

Download zoek.exe naar het bureaublad.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe

(hier of hier) kan je lezen hoe je dat doet.

• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

 
installedprogs;
emptyclsid;
sidebar.exe;z
C:\Windows\¨@;f
C:\Windows\system32\Tasks\Advanced System Protector;f
C:\users\Eigenaar\AppData\Local\_;f
C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1,f
C:\ProgramData\F-Secure;f

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[harryzelf]

Zoek.exe Version 4.0.0.4 Updated 14-July-2013

Tool run by Eigenaar on ma 15-07-2013 at 16:59:20,59.

Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results14-07-2013-1252.log 60152 bytes

C:\zoek-results15-07-2013-1658.log 380 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4095995041-3832249816-3250846818-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06e05b40-77fa-40b6-9077-ed1a7577b1ef} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e05b40-77fa-40b6-9077-ed1a7577b1ef} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4095995041-3832249816-3250846818-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} deleted successfully

==== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)

\"Nero SoundTrax Help

32 Bit HP CIO Components Installer

Aangifte inkomstenbelasting 2011

Aangifte inkomstenbelasting 2012

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop 7.0.1

Adobe Reader X (10.1.5) - Nederlands

Advertising Center

Alt.Binz 0.25.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

B110

BufferChm

C-Dilla Licence Management System

CCleaner

D3DX10

DATA BECKER - PrintCenter cd-labels

Destinations

DeviceDiscovery

DolbyFiles

EaseUS Todo Backup Free 3.5

ESET NOD32 Antivirus

FileViewPro

Glary Utilities 2.51.0.1666

Google Earth

Google Update Helper

GPBaseService2

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Update

HPAppStudio

HPDiagnosticAlert

HPPhotoGadget

HPProductAssistant

HPSSupply

ImagXpress

ImgBurn

IncrediMail

IncrediMail 2.0

Intel® Graphics Media Accelerator Driver

iTunes

Java 7 Update 25

Java Auto Updater

Junk Mail filter update

Malwarebytes Anti-Malware versie 1.75.0.1300

MarketResearch

Menu Templates - Starter Kit

Microsoft .NET Framework 3.5 Language Pack SP1 - nld

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Word MUI (Dutch) 2007

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Movie Templates - Starter Kit

Mozilla Firefox 20.0.1 (x86 nl)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyFreeCodec

Nero 9

Nero BurningROM

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DriveSpeed

Nero Express

Nero InfoTool

Nero Installer

Nero Live

Nero Live Help

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero WaveEditor

Nero WaveEditor Help

NeroBurningROM

NeroExpress

neroxml

Network

NewsLeecher v5.0 Beta 3

Oracle Secure Global Desktop Client

Photo Notifier and Animation Creator

PhotoFiltre 7

Picasa 3

Pinnacle Instant DVD Recorder

PS_AIO_07_B110_SW_Min

QuickTransfer

Ricochet Infinity

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)

Segoe UI

SmartWebPrinting

SolutionCenter

SoundTrax

Status

Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

Toolbox

TrayApp

UnderCoverXP 1.23

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update voor Microsoft Office Excel 2007 Help (KB963678)

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

Update voor Microsoft Office Word 2007 Help (KB963665)

USB 2.0 1.3M UVC WebCam

Utility Chest Toolbar

VLC media player 2.0.5

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.01 (32-bit)

==== Deleting Files \ Folders ======================

"C:\Windows\¨@" not found

"C:\Windows\system32\Tasks\Advanced System Protector" deleted

"C:\users\Eigenaar\AppData\Local\_\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.5.0.0\user.config" deleted

"C:\ProgramData\F-Secure\Daas2\cert\fsc (revoke hq).crl" deleted

"C:\ProgramData\F-Secure\logs\AUA\AUA.log" deleted

"C:\ProgramData\F-Secure\logs\AUA\AUADBG.log" deleted

"C:\users\Eigenaar\AppData\Local\_" deleted

"C:\ProgramData\F-Secure" deleted

"C:\users\Eigenaar\AppData\Local\_\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm" deleted

"C:\users\Eigenaar\AppData\Local\_\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.5.0.0" deleted

"C:\ProgramData\F-Secure\Daas2" deleted

"C:\ProgramData\F-Secure\logs" deleted

"C:\ProgramData\F-Secure\Daas2\cert" deleted

"C:\ProgramData\F-Secure\logs\AUA" deleted

==== Folders Found ======================

==== Files Found ======================

--- C:\Program Files\Windows Sidebar\sidebar.exe ---

Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File type: ----a-w-

File size: 1233920

Created time: 2009-04-11 13:18:10

Modified time: 2009-04-11 13:18:10

MD5: CBB911E055AB438FE6220F76A4F8528E

SHA1: F81835FE6372B87A332413433F9C5F58B6B3456F

--- C:\Program Files\Windows Sidebar\nl-NL\Sidebar.exe.mui ---

Company: Microsoft Corporation

File Description: Windows Sidebar

File Version: 6.0.6001.18000 (longhorn_rtm.080118-1840)

Product Name: Besturingssysteem Microsoft® Windows®

Copyright: © Microsoft Corporation. Alle rechten voorbehouden.

Original Filename: sidebar.EXE.MUI

File type: ----a-w-

File size: 26112

Created time: 2009-04-28 23:00:58

Modified time: 2009-04-28 23:00:58

MD5: 38BB8603D414337449A1284E29F0D691

SHA1: 054FB92CA6542F5F4DBD02EA8E876440E8C5CAD0

--- C:\Users\Eigenaar\Pictures\Nieuwe map\sidebar.exe ---

Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File type: ----a-w-

File size: 65502

Created time: 2013-07-09 04:08:23

Modified time: 2013-07-09 04:08:23

MD5: 7554CBF4B2ACADB2C42A6B7E02070D46

SHA1: C749205CDF9C751BD3D9574E854A5BB02D20B541

--- C:\Windows\winsxs\x86_microsoft-windows-sidebar.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_ed102ae2f62a3d4e\Sidebar.exe.mui ---

Company: Microsoft Corporation

File Description: Windows Sidebar

File Version: 6.0.6000.16386 (vista_rtm.061101-2205)

Product Name: Besturingssysteem Microsoft® Windows®

Copyright: © Microsoft Corporation. Alle rechten voorbehouden.

Original Filename: sidebar.EXE.MUI

File type: ----a-w-

File size: 32768

Created time: 2009-04-28 22:59:50

Modified time: 2009-04-28 22:59:50

MD5: 4BFBD98C1EF5DBE140D64B18B6CE2B38

SHA1: DD9B36895B3E1EBCE49AF83CAE9A4D1FBE2A611C

--- C:\Windows\winsxs\x86_microsoft-windows-sidebar.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_ef46ecdef3154e22\Sidebar.exe.mui ---

Company: Microsoft Corporation

File Description: Windows Sidebar

File Version: 6.0.6001.18000 (longhorn_rtm.080118-1840)

Product Name: Besturingssysteem Microsoft® Windows®

Copyright: © Microsoft Corporation. Alle rechten voorbehouden.

Original Filename: sidebar.EXE.MUI

File type: ----a-w-

File size: 26112

Created time: 2009-04-28 23:00:58

Modified time: 2009-04-28 23:00:58

MD5: 38BB8603D414337449A1284E29F0D691

SHA1: 054FB92CA6542F5F4DBD02EA8E876440E8C5CAD0

--- C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6002.18005_none_d0c824c923c9e622\sidebar.exe ---

Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File type: ----a-w-

File size: 1233920

Created time: 2009-04-11 13:18:10

Modified time: 2009-04-11 13:18:10

MD5: CBB911E055AB438FE6220F76A4F8528E

SHA1: F81835FE6372B87A332413433F9C5F58B6B3456F

==== EOF on ma 15-07-2013 at 17:02:28,98 ======================