Virus ?

[Loprakso]

Zoek.exe is opgeslagen in C:\Users\admin\Documents\ zoek 1 & 2 &4 (dus 3 maal).

[kape]

Verwijder al deze zoek-onderdelen uit de map Documents. Download dan een gloednieuwe versie van zoek.zip. Dan de drie onderdelen opnieuw unzippen naar de map Documents. En probeer dan eens of in deze map zoek.exe terug aan de praat te krijgen is ?

[Loprakso]

Logfile of random's system information tool 1.09 (written by random/random)

Run by admin at 2013-10-18 13:24:07

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 900 GB (94%) free of 954 GB

Total RAM: 3549 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:24:11, on 18/10/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16720)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\CyberLink\Shared files\brs.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\admin\Downloads\RSIT(2).exe

C:\Program Files\trend micro\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [updatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [PixelPlanet PdfPrinter-Monitor] "C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [obkagent] "C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Dictionary .NET] "C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe" -c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WiFi Guard] "C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe" /hide

O4 - HKCU\..\Run: [sDP] C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Dropbox.lnk = admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.belfius.be

O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25832E89-2212-4801-9B56-C58DB9542B63}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{EEEDD743-E308-45AF-BC29-2D4D26515907}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Safepay Service Agent (OBKSvc) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Safepay\OBKSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe

O23 - Service: Bitdefender Safepay Update Service (UPDATESRV_SAFEPAY) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe

O23 - Service: Util LemurLeap - Unknown owner - C:\Program Files\LemurLeap\bin\utilLemurLeap.exe (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--

End of file - 11871 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GlaryInitialize.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default

prefs.js - "browser.search.useDBForOrder" - "false"

prefs.js - "browser.startup.homepage" - "http://www.symbaloo.com/"

"belgiumeid@eid.belgium.be"=C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.9.900.117 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]

"Description"=Picasa3 plugin

"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]

"Description"=Javaâ„¢ Deployment Toolkit

"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

belgiumeid@eid.belgium.be

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\

firefox@lemurleap.info

isreaditlater@ideashower.com

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\searchplugins\

Yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-17 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-12 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-17 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-12 194640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]

"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-04-27 87336]

"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472]

"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-05-07 75048]

"UpdatePPShortCut"=C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]

"UpdatePSTShortCut"=C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [2009-07-22 210216]

"VMware hqtray"=C:\Program Files\VMware\VMware Player\hqtray.exe [2011-03-25 64112]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 137752]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 171032]

"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 172568]

"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-01-24 1316248]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe []

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-08-12 995176]

"PixelPlanet PdfPrinter-Monitor"=C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe [2011-11-04 2233912]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-05-31 152392]

"obkagent"=C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe [2013-09-25 485488]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Dictionary .NET"=C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe -c []

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []

"Spotify Web Helper"=C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-10-16 1140736]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-08-24 39408]

"WiFi Guard"=C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe /hide []

"SDP"=C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto []

"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-10-03 5706480]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Dropbox.lnk - C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2011-02-11 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"VIDC.VMnc"=vmnc.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-10-17 19:40:55 ----D---- C:\ProgramData\Oracle

2013-10-17 19:36:42 ----D---- C:\Program Files\Common Files\Java

2013-10-17 19:36:27 ----A---- C:\Windows\system32\javaws.exe

2013-10-17 19:36:16 ----A---- C:\Windows\system32\WindowsAccessBridge.dll

2013-10-17 19:36:16 ----A---- C:\Windows\system32\javaw.exe

2013-10-17 19:36:16 ----A---- C:\Windows\system32\java.exe

2013-10-13 00:27:58 ----D---- C:\Program Files\MyPC Backup

2013-10-13 00:27:51 ----D---- C:\Users\admin\AppData\Roaming\Systweak

2013-10-13 00:27:50 ----A---- C:\Windows\system32\roboot.exe

2013-10-11 22:17:48 ----SHD---- C:\$RECYCLE.BIN

2013-10-11 21:16:06 ----D---- C:\Windows\Temp

2013-10-09 23:42:58 ----A---- C:\Windows\system32\jscript.dll

2013-10-09 23:42:57 ----A---- C:\Windows\system32\jsproxy.dll

2013-10-09 23:42:57 ----A---- C:\Windows\system32\jscript9.dll

2013-10-09 23:42:56 ----A---- C:\Windows\system32\ieui.dll

2013-10-09 23:42:56 ----A---- C:\Windows\system32\iesetup.dll

2013-10-09 23:42:55 ----A---- C:\Windows\system32\urlmon.dll

2013-10-09 23:42:55 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-09 23:42:55 ----A---- C:\Windows\system32\msfeeds.dll

2013-10-09 23:42:55 ----A---- C:\Windows\system32\iesysprep.dll

2013-10-09 23:42:55 ----A---- C:\Windows\system32\iernonce.dll

2013-10-09 23:42:55 ----A---- C:\Windows\system32\ie4uinit.exe

2013-10-09 23:42:54 ----A---- C:\Windows\system32\iertutil.dll

2013-10-09 23:42:53 ----A---- C:\Windows\system32\wininet.dll

2013-10-09 23:42:52 ----A---- C:\Windows\system32\ieframe.dll

2013-10-09 23:42:50 ----A---- C:\Windows\system32\mshtml.dll

2013-10-09 18:39:39 ----A---- C:\Windows\system32\comctl32.dll

2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbuhci.sys

2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbscan.sys

2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbport.sys

2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbohci.sys

2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbhub.sys

2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbehci.sys

2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbd.sys

2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbccgp.sys

2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\hidparse.sys

2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\hidclass.sys

2013-10-09 18:39:14 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys

2013-10-09 18:39:13 ----A---- C:\Windows\system32\mswsock.dll

2013-10-09 18:39:13 ----A---- C:\Windows\system32\drivers\tcpip.sys

2013-10-09 18:39:13 ----A---- C:\Windows\system32\drivers\afd.sys

2013-10-09 18:39:02 ----A---- C:\Windows\system32\ntoskrnl.exe

2013-10-09 18:39:02 ----A---- C:\Windows\system32\ntkrnlpa.exe

2013-10-09 18:39:01 ----A---- C:\Windows\system32\tdh.dll

2013-10-09 18:39:01 ----A---- C:\Windows\system32\ntdll.dll

2013-10-09 18:39:01 ----A---- C:\Windows\system32\advapi32.dll

2013-10-09 18:39:00 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 18:38:59 ----A---- C:\Windows\system32\lpk.dll

2013-10-09 18:38:59 ----A---- C:\Windows\system32\fontsub.dll

2013-10-09 18:38:59 ----A---- C:\Windows\system32\dciman32.dll

2013-10-09 18:38:59 ----A---- C:\Windows\system32\atmlib.dll

2013-10-09 18:38:59 ----A---- C:\Windows\system32\atmfd.dll

2013-10-09 18:38:57 ----A---- C:\Windows\system32\scavengeui.dll

2013-10-09 18:38:55 ----A---- C:\Windows\system32\win32k.sys

2013-10-09 18:38:53 ----A---- C:\Windows\system32\WebClnt.dll

2013-10-09 18:38:53 ----A---- C:\Windows\system32\drivers\mrxdav.sys

2013-10-09 18:38:53 ----A---- C:\Windows\system32\davclnt.dll

2013-10-09 18:38:51 ----A---- C:\Windows\system32\drivers\usbcir.sys

2013-10-09 18:38:50 ----A---- C:\Windows\system32\drivers\Wdf01000.sys

2013-10-08 19:37:19 ----D---- C:\rsit

2013-10-06 21:50:50 ----D---- C:\Program Files\Free YouTube Downloader

2013-10-06 19:22:04 ----D---- C:\Windows\ERUNT

2013-10-06 19:09:15 ----A---- C:\AdwCleaner[s3].txt

2013-10-06 19:08:50 ----A---- C:\AdwCleaner[R5].txt

2013-10-06 19:08:24 ----A---- C:\AdwCleaner[R4].txt

2013-10-06 14:39:06 ----D---- C:\Program Files\Enigma Software Group

2013-10-06 14:37:29 ----D---- C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP

2013-10-06 14:37:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2013-10-05 19:35:12 ----D---- C:\Program Files\EuroSoft Software Development

2013-09-30 19:57:01 ----D---- C:\Users\admin\AppData\Roaming\QuotePad

2013-09-30 19:56:49 ----D---- C:\Program Files\QuotePad

2013-09-28 22:39:13 ----D---- C:\Users\admin\AppData\Roaming\vlc

======List of files/folders modified in the last 1 month======

2013-10-18 13:24:11 ----D---- C:\Program Files\Trend Micro

2013-10-18 13:19:44 ----D---- C:\Windows\Prefetch

2013-10-18 13:17:01 ----D---- C:\Windows\system32\drivers\etc

2013-10-18 12:21:08 ----D---- C:\Windows\System32

2013-10-18 12:21:08 ----D---- C:\Windows\inf

2013-10-18 12:21:08 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-10-18 12:17:30 ----D---- C:\Users\admin\AppData\Roaming\Dropbox

2013-10-18 12:17:00 ----D---- C:\ProgramData\VMware

2013-10-18 00:09:06 ----D---- C:\Windows\system32\config

2013-10-17 19:40:55 ----HD---- C:\ProgramData

2013-10-17 19:36:44 ----SHD---- C:\Windows\Installer

2013-10-17 19:36:43 ----SHD---- C:\Config.Msi

2013-10-17 19:36:42 ----D---- C:\Program Files\Common Files

2013-10-17 19:34:58 ----SHD---- C:\System Volume Information

2013-10-16 23:09:08 ----D---- C:\Users\admin\AppData\Roaming\Spotify

2013-10-16 01:24:28 ----D---- C:\Windows

2013-10-16 01:24:26 ----D---- C:\Windows\system32\drivers

2013-10-16 01:24:26 ----D---- C:\Windows\system32\catroot

2013-10-16 01:24:21 ----D---- C:\Program Files\Microsoft Security Client

2013-10-15 19:35:14 ----D---- C:\Windows\system32\FxsTmp

2013-10-14 18:47:57 ----D---- C:\Program Files\OpenOffice 4

2013-10-14 18:47:55 ----RSD---- C:\Windows\assembly

2013-10-14 18:47:21 ----RSD---- C:\Windows\Fonts

2013-10-14 18:44:38 ----D---- C:\Windows\system32\catroot2

2013-10-13 17:59:23 ----D---- C:\Windows\system32\Tasks

2013-10-13 17:59:20 ----RD---- C:\Program Files

2013-10-13 17:59:20 ----D---- C:\Windows\Tasks

2013-10-13 00:23:13 ----D---- C:\Windows\Downloaded Installations

2013-10-10 22:30:13 ----D---- C:\Windows\rescache

2013-10-10 22:13:17 ----D---- C:\Windows\Microsoft.NET

2013-10-10 19:27:21 ----D---- C:\Windows\winsxs

2013-10-10 19:20:26 ----D---- C:\Windows\system32\nl-NL

2013-10-10 19:20:25 ----D---- C:\Program Files\Internet Explorer

2013-10-10 19:20:21 ----D---- C:\Windows\system32\DriverStore

2013-10-10 19:18:22 ----D---- C:\Program Files\Microsoft Silverlight

2013-10-09 23:46:26 ----D---- C:\Windows\system32\MRT

2013-10-09 23:44:01 ----A---- C:\Windows\system32\MRT.exe

2013-10-09 20:11:59 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2013-10-08 18:11:24 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft

2013-10-06 21:54:46 ----AD---- C:\ProgramData\Temp

2013-10-06 21:49:49 ----D---- C:\Program Files\Mozilla Firefox

2013-10-06 18:53:13 ----D---- C:\Windows\system32\wbem

2013-10-06 18:52:28 ----D---- C:\Program Files\SUPERAntiSpyware

2013-10-06 18:52:28 ----D---- C:\Program Files\Glary Utilities

2013-10-06 18:52:27 ----D---- C:\Windows\registration

2013-10-06 18:52:27 ----D---- C:\Windows\AppCompat

2013-10-06 18:52:27 ----D---- C:\Users\admin\AppData\Roaming\MusicBee

2013-10-06 18:52:27 ----D---- C:\Users\admin\AppData\Roaming\ATViewer

2013-10-06 16:59:30 ----D---- C:\Données EuroSoft Software Development

2013-10-02 19:26:26 ----D---- C:\Windows\security

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2011-03-04 45648]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS [2011-07-12 67664]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/01/31 21:51:22]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl [2009-05-07 87536]

R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-03-25 32368]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]

R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]

R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2011-03-25 70768]

R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2011-03-25 36400]

R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2011-03-25 26352]

R2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2011-03-25 23792]

R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2011-03-25 854256]

R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [2010-08-19 22448]

R3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2011-06-29 37632]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 gzflt;gzflt; C:\Windows\system32\DRIVERS\gzflt.sys [2012-09-05 162848]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600]

R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver; C:\Windows\system32\DRIVERS\wg111v3.sys [2009-11-18 376832]

R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352]

R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2011-03-25 24688]

R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2011-03-25 16560]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]

S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 30312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]

S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272]

S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]

S3 RT2500USB;ASUS USB Wireless LAN Driver; C:\Windows\system32\DRIVERS\rt2500usb.sys [2004-08-13 140544]

S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]

S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]

S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]

S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-08-12 22208]

R2 OBKSvc;Safepay Service Agent; C:\Program Files\Bitdefender\Bitdefender Safepay\OBKSvc.exe [2013-09-25 343848]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-04-27 271760]

R2 UPDATESRV_SAFEPAY;Bitdefender Safepay Update Service; C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe [2013-09-25 66784]

R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2011-03-25 113264]

R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2011-03-25 334448]

R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]

R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2011-03-25 404080]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]

R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-05-31 553288]

R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-08-12 295376]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-07 136176]

S2 Util LemurLeap;Util LemurLeap; C:\Program Files\LemurLeap\bin\utilLemurLeap.exe []

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2013-01-10 72704]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]

S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-07 136176]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-28 194032]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-17 118680]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2010-08-19 191024]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-27 1343400]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

[kape]

Download Zoek.zip naar het bureaublad.

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {10000000-1000-1000-1000-100000000000};c
 C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com;f
 C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info;f
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r
 "AppInit_DLLs"=-;r
 Util LemurLeap;s
 C:\Program Files\LemurLeap;fs
 C:\Program Files\MyPC Backup;fs
 C:\Users\admin\AppData\Roaming\Systweak;fs
 C:\AdwCleaner[s3].txt;f
 C:\AdwCleaner[R5].txt;f
 C:\AdwCleaner[R4].txt;f
 C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP;f

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• HijackThis Log
  
• Firefox Look
  
• Chrome Look
  
• Firefox Defaults
  
• Reset Chrome
  
• IE Defaults
  
• Auto Clean
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post nu de inhoud van het geopende logje in het volgende bericht.
  

[Loprakso]

Zoek.exe Version 4.0.0.5 Updated 17-October-2013

Tool run by admin on zo 20/10/2013 at 17:40:53,03.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\admin\Documents\zoek\zoek.com [script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2013-10-09-164707.log 49411 bytes

C:\zoek-results2013-10-11-201738.log 64011 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-1000-1000-100000000000} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util LemurLeap deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util LemurLeap deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util LemurLeap deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util LemurLeap deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.symbaloo.com/");

user_pref("browser.search.defaultengine", "Ask Search");

user_pref("browser.search.order.1", "Ask Search");

user_pref("extensions.APN_TB.first-previous-keyword-url", "");

user_pref("extensions.CME-V7.my-keyword-url", "\"\"");

user_pref("extensions.CME-V7.previous-keyword-url", "\"\"");

user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("extensions.APN_TB.first-previous-keyword-url", "");

user_pref("extensions.CME-V7.my-keyword-url", "\"\"");

user_pref("extensions.CME-V7.previous-keyword-url", "\"\"");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default\prefs.js:

Added to C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Program Files\MyPC Backup deleted

C:\Users\admin\AppData\Roaming\Systweak deleted

C:\Program Files\Toolbar Cleaner deleted

C:\Users\admin\Downloads\DownloadManagerSetup.exe deleted

C:\Windows\system32\tasks\BitGuard deleted

C:\Windows\system32\roboot.exe deleted

C:\Users\Public\Desktop\Free YouTube Downloader.lnk deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\chrome.manifest" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\install.rdf" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\chrome.manifest" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\icon.png" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\install.rdf" deleted

"C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCall.dll" deleted

"C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla.dll" deleted

"C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla17.dll" deleted

"C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla18.exe" deleted

"C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla19.dll" deleted

"C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla2.dll" deleted

"C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla20.dll" deleted

"C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla21.dll" deleted

"C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla21.exe" deleted

"C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseData.ini" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\chrome\isreaditlater.jar" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILAPIRequest.js" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILAPIRequest.xpt" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILassetManager.js" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILassetManager.xpt" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILdelegate.js" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILlist.js" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILofflineQueue.js" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILprefs.js" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILsync.js" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILtextDownloader.js" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILtextDownloader.xpt" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILwebDownloader.js" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILwebDownloader.xpt" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\defaults\preferences\prefs.js" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\META-INF\manifest.mf" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\META-INF\zigbert.rsa" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\META-INF\zigbert.sf" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\chrome\content\overlay.js" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\chrome\content\overlay.xul" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info" deleted

"C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\chrome" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\defaults" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\defaults\preferences" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\chrome" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\META-INF" deleted

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\chrome\content" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [17/09/2013 21:17]

==== Firefox Extensions ======================

ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default

- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

- LemurLeap - %ProfilePath%\extensions\firefox@lemurleap.info.xpi

- Thumbnail Zoom Plus - %ProfilePath%\extensions\thumbnailZoom@dadler.github.com.xpi

- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi

- Picture Zoom Plus - %ProfilePath%\extensions\xxcessl0gycs@gmail.com.xpi

- ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default

- LemurLeap - %ProfilePath%\extensions\firefox@lemurleap.info.xpi

- Pocket - %ProfilePath%\extensions\isreaditlater@ideashower.com.xpi

- ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

AppDir: C:\Program Files\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default

6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U45

F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18

CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update

4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash

D1DC265C3FF7F92B4A75A55B3749D48C - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In

04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat

7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

BC601425BC360C12DF2277992C6D83D5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.4

7B64C498A4E0958967EBD9439EE93DB4 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4

309817C5A02434365B0091021FD70610 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4

A0D9A846578582064F3D066B23CD2E55 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4

2871984886154973C810DAF2A9294510 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4

61EA5261198FD2431A4DD088569ED8D4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4

270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight

Profilepath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default

04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat

D1DC265C3FF7F92B4A75A55B3749D48C - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

BC601425BC360C12DF2277992C6D83D5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.4

7B64C498A4E0958967EBD9439EE93DB4 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4

309817C5A02434365B0091021FD70610 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4

A0D9A846578582064F3D066B23CD2E55 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4

2871984886154973C810DAF2A9294510 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4

61EA5261198FD2431A4DD088569ED8D4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4

270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

D0DA6B2FB50A0667CF4BACC2AEFEA009 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java Platform SE 7 U5

C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Backup.Old.Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Backup.Old.Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{03051086-C7A4-0250-3C2A-1C3F4CACF451} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE"

{F6909F06-51FF-4A24-92CD-9C55E832950B} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7AURU_nlBE498"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{616385A7-700D-6782-9795-9C85285802D4} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{77412A48-A069-8D8A-6F58-6F7EF7A01B82} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{815C1ABA-8375-8F64-6491-9433EF432C51} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [updatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [PixelPlanet PdfPrinter-Monitor] "C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [obkagent] "C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Dictionary .NET] "C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe" -c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WiFi Guard] "C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe" /hide

O4 - HKCU\..\Run: [sDP] C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Dropbox.lnk = admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.belfius.be

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25832E89-2212-4801-9B56-C58DB9542B63}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{EEEDD743-E308-45AF-BC29-2D4D26515907}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Safepay Service Agent (OBKSvc) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Safepay\OBKSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe

O23 - Service: Bitdefender Safepay Update Service (UPDATESRV_SAFEPAY) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

==== Empty IE Cache ======================

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\hkky9amf.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\admin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on zo 20/10/2013 at 17:56:53,71 ======================

[kape]

En hoe gedraagt de PC zich nu ?

[Loprakso]

Blijkbaar loopt nu alles lekker, moet het nog enkele dagen testen. Hou je op de hoogte. Alvast een dikke merci en proficiat met je kunnen!

Wat zich nog steeds voordoet is dat na het starten van de pc, het venster opent met "Intel Corporation voor het uitvoeren van "GfxUI". Heeft te maken met Java. Maar is gebleken dat ik over de laatste versie beschik.

Ben argwanend na al wat ik betreffende Java updates gelezen heb. Graag je mening.

Eveneens tijdens het surfen openen zich constant 2 grote banners, steeds met dezelfde verwijzingen, onderaan het scherm, in het midden en rechts. Die zijn uiteraard uiterst storend.

Hoe kan ik die elimineren? Moet dit gebeuren via FireFox?

[kape]

Indien je geen programma's hebt die JAVA nodig hebben, zou ik de hele JAVA volledig verwijderen via Configuratiescherm -> Software. Mocht er plots toch nog een programma opduiken waarvoor je dit nodig hebt, kan je dit altijd (tijdelijk) opnieuw downloaden en installeren. En dan ben je inmiddels verlost van de JAVA-updates en alle problemen die zich er momenteel mee voordoen.

Download AdwCleaner by Xplode naar je bureaublad.

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op Scan.
  
• Klik vervolgens op Clean als er items zijn gevonden.
  
• Klik bij Herstarten Noodzakelijk op OK
  

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[R1].txt.

Post aansluitend de inhoud van dit log in je volgende bericht.

[Loprakso]

# AdwCleaner v3.010 - Report created 25/10/2013 at 19:20:52

# Updated 20/10/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : admin - ADMIN-PC

# Running from : C:\Users\admin\Downloads\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[x] Not Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner

[x] Not Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\user.js

[x] Not Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{476F4491-A9AA-43E4-9B91-C387E416ADA0}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{476F4491-A9AA-43E4-9B91-C387E416ADA0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73EF1DE9-31E9-4E73-8567-6A5BDCF8E657}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73EF1DE9-31E9-4E73-8567-6A5BDCF8E657}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3130B61C-31E6-47FD-A87F-B9AB60F294C2}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3130B61C-31E6-47FD-A87F-B9AB60F294C2}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [sDP]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Key Deleted : HKCU\Software\5257d6dde069e547

Key Deleted : HKLM\SOFTWARE\5257d6dde069e547

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_minilyrics_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_minilyrics_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_nero-kwik-burn_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_nero-kwik-burn_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_dictionnaire-le-littre_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_dictionnaire-le-littre_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_free-audio-editor_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_free-audio-editor_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_audio-recorder_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_audio-recorder_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_duplicate-cleaner_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_duplicate-cleaner_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_ferrari-virtual-race_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_ferrari-virtual-race_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-pdf-to-word-doc-converter_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-pdf-to-word-doc-converter_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-sound-recorder_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-sound-recorder_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_gimp_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_gimp_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_glary-utilities_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_glary-utilities_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_nero-free_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_nero-free_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_pdfgrabber_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_pdfgrabber_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_songr_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_songr_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_unlocker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_unlocker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_vlc-media-player_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_vlc-media-player_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_youtube-song-downloader_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_youtube-song-downloader_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}

Key Deleted : HKCU\Software\BabSolution

Key Deleted : HKCU\Software\DealPlyLive

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\InstalledThirdPartyPrograms

Key Deleted : HKCU\Software\lollipop

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Somoto

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Software\LyricsSay-1

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Delta

Key Deleted : HKLM\Software\InstalledThirdPartyPrograms

Key Deleted : HKLM\Software\SimplyGen

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\Software\Toolbar Cleaner

Key Deleted : HKLM\Software\Uniblue\DriverScanner

Key Deleted : HKLM\Software\Uniblue\SpeedUpMyPC

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LyricsSay-1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v24.0 (nl)

[ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\prefs.js ]

Line Deleted : user_pref("extensions.kango.storage.m2_k1", "0");

Line Deleted : user_pref("extensions.kango.storage.m2_k2", "0");

Line Deleted : user_pref("extensions.kango.storage.m2_k3", "0");

Line Deleted : user_pref("extensions.kango.storage.m2_k4", "1381233064558");

Line Deleted : user_pref("extensions.kango.storage.m2_k5", "1381091250947");

Line Deleted : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"AppsHat\",\"description\":\"AppsHat\",\"button\":{\"tooltip\":\"Visit AppsHat.com\",\"icon\":\"hxxp://www.bigspeedpro.com/button/%affi[...]

Line Deleted : user_pref("extensions.kango.storage.nero_options", "\"{\\\"m1\\\":{\\\"ads\\\":{\\\"n1\\\":{\\\"url\\\":\\\"//ulayout.com/nero/hatter/google_post_results_728x90.html?aff_slug=appshat\\\",\\\"width\\\"[...]

Line Deleted : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANUPYjoHDClvqAoZ04gpqsZKmrUV[...]

[ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [11876 octets] - [25/10/2013 19:18:45]

AdwCleaner[s0].txt - [12279 octets] - [25/10/2013 19:20:52]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12340 octets] ##########

- - - Updated - - -

Beste,

Ondertussen ben ik de banners kwijt.

Heb een add-on van Firefox geïnstalleerd, nml. Adblock Plus. Oeps, geen banners meer of althans uitzonderlijk.

[kape]

Normaal zou je de banners ook kwijt moeten geweest zijn na het uitvoeren van AdwCleaner. Dat heeft behoorlijk wat rotzooi van de PC gehaald. Dan kunnen we de boel nog een beetje opruimen: gebruikte tools verwijderen en restjes wegpoetsen:

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings
  

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.