Ga naar inhoud

nation zoom


Aanbevolen berichten

Krijg bij alle browsers bij openen nation zoom in het adresbalk.

Wat ik tot dus ver heb gedaan:

geschiedenis verwijderd, cookies verwijderd.

Ccleaner had wat weg gehaald, malwarebytes had 14 dingen weg gehaald, daarna gescand met Avast virusscanner maar deze vond niks.

verder alle instellingen al handmatig aangepast, staat ook bij allen dat de startpagina google.nl is. maar toch gaat hij steeds naar de website van nation zoom.

na dit alles dus dit logje gemaakt, want ik kom er niet uit.

ter info: ik heb internet explorer- firefox en google-chrome

log:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Henk at 2013-12-28 01:08:39

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 129 GB (57%) free of 227 GB

Total RAM: 4095 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:08:43, on 28-12-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\trend micro\Henk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [20131121] C:\Program Files\Alwil Software\Avast5\setup\emupdate\521f129f-16cc-4590-9d5b-7cd4da616c49.exe /check

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui

O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10230 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

"C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe"

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"

atieclxx

C:\Windows\System32\svchost.exe -k netsvcs

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"

"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k swprv

"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"

"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait

"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\x64\saHook.dll", saHooker_Initialize_and_Wait

"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait

"taskhost.exe"

taskeng.exe {15F1120A-7FF5-41FA-8760-1B38DEEE896A}

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 2856

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding

"C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe" /STARTUP

"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

"C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe"

"C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe"

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\UI0Detect.exe

"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt

taskeng.exe {FEAE14A2-D6F0-461E-8912-E064330779DF}

"C:\Windows\System32\rundll32.exe" werconcpl.dll, LaunchErcApp -queuereporting

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528

"D:\Henk\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\Driver Booster Update.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job

C:\Windows\tasks\GlaryInitialize.job

C:\Windows\tasks\Google Software Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job

=========Mozilla firefox=========

ProfilePath - D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default

prefs.js - "browser.search.suggest.enabled" - false

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "browser.startup.homepage" - "www.google.nl"

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1, {75623d5d-4683-402a-b610-ac4bab767c86}:3.1.2, {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90, engine@conduit.com:3.2.5.2, {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {87775fdb-6972-41f9-ae51-8326e38cb206}:3.2.5.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.9.900.170 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]

"Description"=Picasa3 plugin

"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin]

"Description"=

"Path"=C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90]

"Description"=getPlus+®

"Path"=C:\Program Files (x86)\NOS\bin\np_gp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pack.google.com/Google Updater;version=14]

"Description"=Google Updater

"Path"=C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8]

"Description"=

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@protectdisc.com/NPMPDRM]

"Description"=MPDRM License Acquisition Plugin

"Path"=C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@zylom.com/ZylomGamesPlayer]

"Description"=Zylom Games Player 1.00

"Path"=C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.9.900.170 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]

"Description"=

"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\

ffxtlbr@babylon.com

C:\Program Files (x86)\Mozilla Firefox\components\

nsIQTScriptablePlugin.xpt

nsIZylomPlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\

np-mswmp.dll

NPOFF12.DLL

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npzylomgamesplayer.dll

np_gp.dll

QuickTimePlugin.class

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

babylon.xml

fcmdSrch.xml

McSiteAdvisor.xml

nationzoom.xml

D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\extensions\

2020Player_WEB@2020Technologies.com

adsremoval@adsremoval.net

ascsurfingprotection@iobit.com

nostmp

staged

D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\searchplugins\

holasearch.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]

ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2013-11-23 2486592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2013-10-31 245592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll [2012-01-14 346168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2013-11-05 299336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-12-03 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-14 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2013-11-05 250896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]

Advanced SystemCare Browser Protection - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL [2013-10-17 669504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2013-11-05 299336]

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2013-10-31 245592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2013-11-05 250896]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-12-03 606544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"=c:\program files\microsoft intellipoint\ipoint.exe [2010-07-06 2327952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Wisdom-soft ScreenHunter 5.1 Free"=C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe [2010-08-07 5324800]

"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-11-24 39408]

"Google Update"=D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

c:\program files (x86)\alcohol soft\alcohol 120\axcmd.exe [2009-09-18 205976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncService]

c:\program files (x86)\installshield installation information\{f3d9ac82-30f4-4bb9-b9ab-8697637568c1}\ambspisyncservice.exe [2009-07-08 1233195]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]

D:\Henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-05 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMMON]

C:\Program Files (x86)\IM Magician\Vicamon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

c:\program files (x86)\nero\nero 10\nero backitup\nbagent.exe [2010-03-26 1234216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLLEntry]

C:\Windows\system32\AmbRunE.dll [2009-02-26 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]

d:\henk\appdata\roaming\spotify\spotify.exe [2013-10-16 4752384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

D:\Henk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-10-16 1140736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2013-07-02 248208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

C:\Windows\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]

c:\program files (x86)\vimicro corporation\vmuvc\vmonitor.exe [2008-08-29 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]

c:\program files (x86)\creative\sb x-fi mb\volume panel\volpanlu.exe [2009-05-04 241789]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

"StartCCC"=c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [2010-04-06 102400]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

"20131121"=C:\Program Files\Alwil Software\Avast5\setup\emupdate\521f129f-16cc-4590-9d5b-7cd4da616c49.exe [2013-11-23 180184]

"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2013-12-03 3568312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2013-12-03 243200]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux3"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-12-28 01:00:20 ----D---- C:\rsit

2013-12-28 01:00:20 ----D---- C:\Program Files\trend micro

2013-12-27 22:32:44 ----D---- C:\ProgramData\WPM

2013-12-27 22:30:56 ----D---- C:\Program Files (x86)\TornTV.com

2013-12-15 12:52:35 ----A---- C:\Windows\system32\SmartDefragBootTime.exe

2013-12-12 21:07:20 ----A---- D:\Henk\AppData\Roaming\FotoSketcher.ini

2013-12-12 20:59:02 ----D---- C:\Program Files (x86)\FotoSketcher

2013-12-11 17:06:07 ----A---- C:\Windows\SYSWOW64\wmploc.DLL

2013-12-11 17:06:07 ----A---- C:\Windows\system32\wmploc.DLL

2013-12-11 17:06:06 ----A---- C:\Windows\SYSWOW64\wmp.dll

2013-12-11 17:06:04 ----A---- C:\Windows\system32\wmp.dll

2013-12-11 17:03:33 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2013-12-11 17:03:32 ----A---- C:\Windows\SYSWOW64\ieui.dll

2013-12-11 17:03:32 ----A---- C:\Windows\system32\ieui.dll

2013-12-11 17:03:31 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2013-12-11 17:03:31 ----A---- C:\Windows\system32\jsproxy.dll

2013-12-11 17:03:31 ----A---- C:\Windows\system32\ieUnatt.exe

2013-12-11 17:03:31 ----A---- C:\Windows\system32\iesetup.dll

2013-12-11 17:03:31 ----A---- C:\Windows\system32\iernonce.dll

2013-12-11 17:03:31 ----A---- C:\Windows\system32\ieetwproxystub.dll

2013-12-11 17:03:31 ----A---- C:\Windows\system32\ie4uinit.exe

2013-12-11 17:03:30 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll

2013-12-11 17:03:30 ----A---- C:\Windows\system32\mshtml.dll

2013-12-11 17:03:30 ----A---- C:\Windows\system32\jscript9diag.dll

2013-12-11 17:03:30 ----A---- C:\Windows\system32\ieetwcollector.exe

2013-12-11 17:03:29 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2013-12-11 17:03:29 ----A---- C:\Windows\system32\iertutil.dll

2013-12-11 17:03:29 ----A---- C:\Windows\system32\ieapfltr.dll

2013-12-11 17:03:28 ----A---- C:\Windows\SYSWOW64\wininet.dll

2013-12-11 17:03:28 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2013-12-11 17:03:28 ----A---- C:\Windows\system32\wininet.dll

2013-12-11 17:03:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2013-12-11 17:03:27 ----A---- C:\Windows\system32\urlmon.dll

2013-12-11 17:03:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2013-12-11 17:03:26 ----A---- C:\Windows\system32\ieframe.dll

2013-12-11 17:03:25 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2013-12-11 17:03:24 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2013-12-11 17:03:24 ----A---- C:\Windows\system32\jscript9.dll

2013-12-11 13:27:29 ----A---- C:\Windows\SYSWOW64\msieftp.dll

2013-12-11 13:27:29 ----A---- C:\Windows\system32\msieftp.dll

2013-12-11 13:27:28 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll

2013-12-11 13:27:28 ----A---- C:\Windows\system32\WMPhoto.dll

2013-12-11 13:27:28 ----A---- C:\Windows\system32\win32k.sys

2013-12-11 13:27:26 ----A---- C:\Windows\SYSWOW64\imagehlp.dll

2013-12-11 13:27:26 ----A---- C:\Windows\system32\imagehlp.dll

2013-12-11 13:27:23 ----A---- C:\Windows\SYSWOW64\tzres.dll

2013-12-11 13:27:23 ----A---- C:\Windows\system32\tzres.dll

2013-12-11 13:27:19 ----A---- C:\Windows\system32\drivers\portcls.sys

2013-12-11 13:27:19 ----A---- C:\Windows\system32\drivers\drmk.sys

2013-12-11 13:27:18 ----A---- C:\Windows\system32\cscript.exe

2013-12-11 13:27:17 ----A---- C:\Windows\SYSWOW64\wscript.exe

2013-12-11 13:27:17 ----A---- C:\Windows\SYSWOW64\scrrun.dll

2013-12-11 13:27:17 ----A---- C:\Windows\SYSWOW64\cscript.exe

2013-12-11 13:27:17 ----A---- C:\Windows\system32\wscript.exe

2013-12-11 13:27:17 ----A---- C:\Windows\system32\scrrun.dll

2013-12-03 23:42:22 ----D---- C:\Windows\Migration

2013-12-03 20:13:12 ----D---- D:\Henk\AppData\Roaming\AVAST Software

2013-12-03 17:09:02 ----A---- C:\Windows\system32\IEUDINIT.EXE

2013-12-03 17:04:12 ----A---- C:\Windows\SYSWOW64\elshyph.dll

2013-12-03 17:04:12 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\wextract.exe

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\webcheck.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\url.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\pngfilt.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\occache.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\msrating.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\msls31.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\mshtmler.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\mshta.exe

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\licmgr10.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\jsIntl.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\jscript.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\inseng.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\imgutil.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\iexpress.exe

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\iesysprep.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\iepeers.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\icardie.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\dxtrans.dll

2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll

2013-12-03 17:04:06 ----A---- C:\Windows\system32\SetIEInstalledDate.exe

2013-12-03 17:04:06 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe

2013-12-03 17:04:06 ----A---- C:\Windows\system32\msrating.dll

2013-12-03 17:04:06 ----A---- C:\Windows\system32\msls31.dll

2013-12-03 17:04:06 ----A---- C:\Windows\system32\mshtmler.dll

2013-12-03 17:04:06 ----A---- C:\Windows\system32\msfeedssync.exe

2013-12-03 17:04:06 ----A---- C:\Windows\system32\msfeedsbs.dll

2013-12-03 17:04:06 ----A---- C:\Windows\system32\jsIntl.dll

2013-12-03 17:04:06 ----A---- C:\Windows\system32\iesysprep.dll

2013-12-03 17:04:06 ----A---- C:\Windows\system32\IEAdvpack.dll

2013-12-03 17:04:06 ----A---- C:\Windows\system32\elshyph.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\wextract.exe

2013-12-03 17:04:05 ----A---- C:\Windows\system32\webcheck.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\vbscript.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\url.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\pngfilt.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\occache.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\mshtmlmedia.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\mshtmled.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\MshtmlDac.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\mshta.exe

2013-12-03 17:04:05 ----A---- C:\Windows\system32\msfeeds.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\licmgr10.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\jscript.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\inseng.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\imgutil.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\iexpress.exe

2013-12-03 17:04:05 ----A---- C:\Windows\system32\iepeers.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\iedkcs32.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\ieapfltr.dat

2013-12-03 17:04:05 ----A---- C:\Windows\system32\icardie.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\dxtrans.dll

2013-12-03 17:04:05 ----A---- C:\Windows\system32\dxtmsft.dll

2013-12-03 13:01:51 ----D---- C:\ProgramData\AVAST Software

======List of files/folders modified in the last 1 month======

2013-12-28 01:08:41 ----D---- C:\Windows\temp

2013-12-28 01:08:10 ----D---- C:\Windows\system32\NDF

2013-12-28 01:00:20 ----RD---- C:\Program Files

2013-12-28 00:59:06 ----D---- C:\Windows\System32

2013-12-28 00:59:06 ----D---- C:\Windows\inf

2013-12-28 00:59:06 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-12-28 00:45:33 ----D---- C:\Windows\system32\config

2013-12-28 00:37:29 ----D---- C:\Windows\system32\Tasks

2013-12-28 00:28:12 ----D---- C:\Windows

2013-12-27 23:46:08 ----D---- C:\Windows\Prefetch

2013-12-27 23:44:20 ----RD---- C:\Program Files (x86)

2013-12-27 23:23:06 ----D---- C:\Windows\Tasks

2013-12-27 22:39:12 ----D---- D:\Henk\AppData\Roaming\MailWasherFree

2013-12-27 22:32:55 ----A---- C:\Windows\SYSWOW64\msvcr100.dll

2013-12-27 22:32:54 ----A---- C:\Windows\SYSWOW64\msvcp100.dll

2013-12-27 22:32:44 ----D---- C:\ProgramData

2013-12-27 14:28:37 ----SHD---- C:\System Volume Information

2013-12-25 13:32:53 ----D---- C:\Windows\system32\catroot2

2013-12-25 13:20:28 ----D---- C:\Windows\Logs

2013-12-25 13:20:28 ----D---- C:\Windows\debug

2013-12-25 13:16:16 ----D---- C:\Program Files\CCleaner

2013-12-22 22:25:36 ----D---- C:\Program Files (x86)\Mozilla Firefox

2013-12-21 18:03:09 ----D---- D:\Henk\AppData\Roaming\Wargaming.net

2013-12-21 16:55:10 ----SHD---- C:\Windows\Installer

2013-12-21 16:55:10 ----D---- C:\Config.Msi

2013-12-21 16:55:03 ----D---- C:\Windows\SYSWOW64\directx

2013-12-21 16:54:53 ----D---- C:\Games

2013-12-20 18:15:54 ----D---- C:\ProgramData\Fighters

2013-12-20 18:15:35 ----D---- C:\Program Files (x86)\Fighters

2013-12-20 18:08:46 ----A---- C:\Windows\win.ini

2013-12-16 23:27:05 ----D---- C:\Program Files\zylom games

2013-12-16 21:24:37 ----D---- C:\ProgramData\InstallMate

2013-12-16 21:24:37 ----D---- C:\ProgramData\BetterSoft

2013-12-16 20:28:12 ----D---- C:\Windows\system32\drivers

2013-12-16 00:22:28 ----D---- C:\Windows\system32\MRT

2013-12-16 00:18:29 ----A---- C:\Windows\system32\MRT.exe

2013-12-13 20:45:39 ----D---- D:\Henk\AppData\Roaming\inkscape

2013-12-13 20:45:39 ----D---- C:\Windows\Panther

2013-12-11 17:25:02 ----D---- C:\Windows\winsxs

2013-12-11 17:21:46 ----D---- C:\Windows\SysWOW64

2013-12-11 17:21:46 ----D---- C:\Program Files\Windows Media Player

2013-12-11 17:21:46 ----D---- C:\Program Files (x86)\Windows Media Player

2013-12-11 17:21:45 ----D---- C:\Windows\SYSWOW64\nl-NL

2013-12-11 17:21:45 ----D---- C:\Windows\system32\nl-NL

2013-12-11 17:21:45 ----D---- C:\Program Files\Internet Explorer

2013-12-11 17:21:45 ----D---- C:\Program Files (x86)\Internet Explorer

2013-12-11 17:21:44 ----D---- C:\Windows\system32\DriverStore

2013-12-11 17:06:20 ----D---- C:\Windows\system32\catroot

2013-12-11 17:05:33 ----D---- C:\ProgramData\Microsoft Help

2013-12-10 22:36:30 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2013-12-04 16:33:47 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

2013-12-04 11:22:52 ----D---- C:\Windows\Microsoft.NET

2013-12-03 23:48:17 ----RSD---- C:\Windows\assembly

2013-12-03 23:43:13 ----D---- C:\Windows\SYSWOW64\en-US

2013-12-03 23:43:13 ----D---- C:\Windows\system32\en-US

2013-12-03 23:42:22 ----SD---- C:\ProgramData\Microsoft

2013-12-03 17:24:13 ----D---- C:\Windows\SYSWOW64\migration

2013-12-03 17:24:13 ----D---- C:\Windows\system32\migration

2013-12-03 17:24:13 ----D---- C:\Windows\PolicyDefinitions

2013-12-03 13:03:54 ----A---- C:\Windows\system32\aswBoot.exe

2013-12-03 12:56:03 ----D---- C:\Windows\SoftwareDistribution

2013-11-30 14:19:08 ----D---- C:\Windows\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-12-03 65776]

R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-12-03 205320]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2013-05-22 17720]

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-05-21 868848]

R0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys [2011-02-22 65072]

R0 TfSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys [2011-02-22 74824]

R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-12-03 92544]

R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-12-03 1032416]

R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-12-03 409832]

R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-12-03 65264]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368]

R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]

R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-12-03 38984]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-12-03 84328]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-11-02 12528640]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-11-02 618496]

R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-04-08 124944]

R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]

R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-08-12 350952]

R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-28 28704]

R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2010-06-30 45456]

R3 VMUVC;Vimicro Camera Service VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [2009-05-25 198784]

R3 vvftUVC;Vimicro Camera Filter Service VMUVC; C:\Windows\system32\drivers\vvftUVC.sys [2008-07-01 303616]

S2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys []

S3 AsrCDDrv;AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys []

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 cpuz135;cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]

S3 FLASHSYS;FLASHSYS; \??\C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-09-12 57856]

S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []

S3 keycrypt;keycrypt; C:\Windows\system32\DRIVERS\KeyCrypt64.sys []

S3 NVENETFD;NVIDIA nForce-netwerkcontroller; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]

S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456]

S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2013-11-19 34848]

S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2011-02-22 41888]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-10-26 57856]

S3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2013-11-19 23016]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]

S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 36352]

S4 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-03-23 23048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]

R2 AdvancedSystemCareService7;Advanced SystemCare Service 7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-10-25 878368]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-11-02 239616]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-12-03 50344]

R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-11-11 341824]

R2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-10-25 2151200]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-11-05 121616]

R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-03-24 66872]

R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2011-03-24 107832]

R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-07-02 93072]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]

S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-07 194104]

S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]

S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10 257416]

S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-18 1255736]

S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-16 79360]

S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-16 79360]

S4 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2009-02-23 307200]

S4 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]

S4 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]

S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-12 119408]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-10-16 79360]

S4 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]

-----------------EOF-----------------

Link naar reactie
Delen op andere sites

Had later nog een malware scan gedaan zie uitslag.

IObit Malware Fighter

OS: Windows 7

Version: 2.2.1.2

Define Version: 1299

Time Elapsed: 00:08:21

Objects Scanned: 58902

Threats Found: 9

Save Time: 28-12-2013 1:43:12

|Name|Type|Description|ID|

Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk, 0

Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bureau Accessories\System Tools\Internet Explorer (No Add-ons).lnk, 0

Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk, 0

Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk, 0

Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk, 0

Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk, 0

Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk, 0

Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk, 0

ScorpionSaver, REG, HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}, 2014557

Link naar reactie
Delen op andere sites

Download 51a612a8b27e2-Zoek.pngZoek.zip naar het bureaublad.

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com;fs
 C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml;f
 C:\Program Files (x86)\Mozilla Firefox\searchplugins\nationzoom.xml;f
 D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\searchplugins\holasearch.xml;f
 C:\ProgramData\WPM;fs
 C:\Program Files (x86)\TornTV.com;fs
 C:\ProgramData\InstallMate;fs
 C:\ProgramData\BetterSoft;fs
  emptyfolderscheck;delete 
startupall; 
filesrcm;

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
  • Do a Quick Scan

  • HijackThis Log

  • IE Defaults
  • Auto Clean
  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Zoek.exe v5.0.0.0 Updated 23-December-2013

Tool run by Henk on za 28-12-2013 at 12:42:03,82.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: D:\Henk\Desktop\FF bewaren\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

28-12-2013 12:46:12 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\1ClickDownload deleted successfully

C:\PROGRA~2\Chronicles of Mystery - Secret of the Lost Kingdom deleted successfully

C:\PROGRA~2\DVDFab 9 deleted successfully

C:\PROGRA~2\LSHunter.TV deleted successfully

C:\PROGRA~2\Mastiff deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\SlySoft deleted successfully

C:\PROGRA~2\ThreatFire deleted successfully

C:\PROGRA~2\TomTom DesktopSuite deleted successfully

C:\PROGRA~2\TornTV.com deleted successfully

C:\PROGRA~2\WebSearch deleted successfully

C:\PROGRA~2\Xenocode deleted successfully

C:\Program Files\McAfee deleted successfully

C:\Program Files\zylom games deleted successfully

C:\ProgramData\Babylon deleted successfully

C:\ProgramData\BetterSoft deleted successfully

C:\ProgramData\DVD Shrink deleted successfully

C:\ProgramData\Oracle deleted successfully

C:\ProgramData\ProductData deleted successfully

C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully

C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully

D:\Henk\AppData\Roaming\\EurekaLog deleted successfully

D:\Henk\AppData\Roaming\\Media Player Classic deleted successfully

D:\Henk\AppData\Roaming\\passport_photo deleted successfully

D:\Henk\AppData\Roaming\\PerformerSoft deleted successfully

D:\Henk\AppData\Roaming\\Systweak deleted successfully

D:\Henk\AppData\Roaming\\WinAVI deleted successfully

D:\Henk\AppData\Roaming\\WinRAR deleted successfully

D:\Henk\AppData\Local\\VirtualStore deleted successfully

D:\Henk\AppData\Local\\WarThunder deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2771351034-1752285704-1091563883-1008\Software\Microsoft\Internet Explorer\SearchScopes\{078B1780-9950-4CBB-ACB8-8BDA60D5A8AB} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default

---- Lines facemoods removed from prefs.js ----

user_pref("extensions.facemoods.DNSErrUrl", "http://start.facemoods.com/?a=ironto&f=5");

user_pref("extensions.facemoods.aflt", "ironto");

user_pref("extensions.facemoods.dfltSrch", true);

user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");

user_pref("extensions.facemoods.dnsErr", true);

user_pref("extensions.facemoods.firstRun", true);

user_pref("extensions.facemoods.hmpg", true);

user_pref("extensions.facemoods.hmpgUrl", "http://start.facemoods.com/?a=ironto");

user_pref("extensions.facemoods.id", "a4d9afe50000000000000025227057c3");

user_pref("extensions.facemoods.instlDay", "15339");

user_pref("extensions.facemoods.mntz", "");

user_pref("extensions.facemoods.newTab", true);

user_pref("extensions.facemoods.newTabUrl", "http://start.facemoods.com/?a=ironto&f=2");

user_pref("extensions.facemoods.prtnrId", "facemoods.com");

user_pref("extensions.facemoods.searchProviderAdded", true);

user_pref("extensions.facemoods.sid", "f9e7034f639847bf8ba8c87d4dcb1ce2");

user_pref("extensions.facemoods.tlbrSrchUrl", "http://start.facemoods.com/?a=ironto&f=3");

user_pref("extensions.facemoods.vrsn", "1.4.17.11");

user_pref("extensions.ffxtlbr@Facemoods.com.install-event-fired", true);

---- Lines holasearch removed from prefs.js ----

user_pref("extensions.holasearch.admin", false);

user_pref("extensions.holasearch.aflt", "babsst");

user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");

user_pref("extensions.holasearch.autoRvrt", "false");

user_pref("extensions.holasearch.dfltLng", "en");

user_pref("extensions.holasearch.excTlbr", false);

user_pref("extensions.holasearch.ffxUnstlRst", false);

user_pref("extensions.holasearch.id", "a4d9afe50000000000000025227057c3");

user_pref("extensions.holasearch.instlDay", "15794");

user_pref("extensions.holasearch.instlRef", "sst");

user_pref("extensions.holasearch.newTab", false);

user_pref("extensions.holasearch.prdct", "holasearch");

user_pref("extensions.holasearch.prtnrId", "holasearch");

user_pref("extensions.holasearch.rvrt", "false");

user_pref("extensions.holasearch.smplGrp", "none");

user_pref("extensions.holasearch.tlbrId", "base");

user_pref("extensions.holasearch.tlbrSrchUrl", "");

user_pref("extensions.holasearch.vrsn", "1.8.16.16");

user_pref("extensions.holasearch.vrsni", "1.8.16.16");

user_pref("extensions.holasearch.vrsnTs", "1.8.16.1611:35:31");

---- Lines holasearch removed from user.js ----

user_pref("extensions.holasearch.tlbrSrchUrl", "");

user_pref("extensions.holasearch.id", "a4d9afe50000000000000025227057c3");

user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");

user_pref("extensions.holasearch.instlDay", "15794");

user_pref("extensions.holasearch.vrsn", "1.8.16.16");

user_pref("extensions.holasearch.vrsni", "1.8.16.16");

user_pref("extensions.holasearch.vrsnTs", "1.8.16.1611:35:31");

user_pref("extensions.holasearch.prtnrId", "holasearch");

user_pref("extensions.holasearch.prdct", "holasearch");

user_pref("extensions.holasearch.aflt", "babsst");

user_pref("extensions.holasearch.smplGrp", "none");

user_pref("extensions.holasearch.tlbrId", "base");

user_pref("extensions.holasearch.instlRef", "sst");

user_pref("extensions.holasearch.dfltLng", "en");

user_pref("extensions.holasearch.excTlbr", false);

user_pref("extensions.holasearch.ffxUnstlRst", false);

user_pref("extensions.holasearch.admin", false);

user_pref("extensions.holasearch.autoRvrt", "false");

user_pref("extensions.holasearch.rvrt", "false");

user_pref("extensions.holasearch.newTab", false);

---- Lines CT2857573 removed from prefs.js ----

user_pref("CommunityToolbar.EngineOwner", "CT2857573");

user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857573");

user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2857573,CT2865317");

user_pref("CommunityToolbar.ToolbarsList2", "CT2857573,CT2865317");

user_pref("CT2857573..clientLogIsEnabled", false);

user_pref("CT2857573..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

user_pref("CT2857573..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

user_pref("CT2857573.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");

user_pref("CT2857573.alertChannelId", "1249595");

user_pref("CT2857573.approveUntrustedApps", true);

user_pref("CT2857573.CT2857573", "CT2857573");

user_pref("CT2857573.CurrentServerDate", "9-1-2011");

user_pref("CT2857573.DialogsAlignMode", "LTR");

user_pref("CT2857573.DialogsGetterLastCheckTime", "Sun Jan 09 2011 13:22:31 GMT+0100");

user_pref("CT2857573.ExternalComponentPollDate129356796739506287", "Sun Jan 09 2011 13:22:32 GMT+0100");

user_pref("CT2857573.FirstServerDate", "9-1-2011");

user_pref("CT2857573.FirstTime", true);

user_pref("CT2857573.FirstTimeFF3", true);

user_pref("CT2857573.FixPageNotFoundErrors", false);

user_pref("CT2857573.globalFirstTimeInfoLastCheckTime", "Sun Jan 09 2011 13:22:32 GMT+0100");

user_pref("CT2857573.GroupingServerCheckInterval", 1440);

user_pref("CT2857573.GroupingServiceUrl", "http://grouping.services.conduit.com/");

user_pref("CT2857573.HasUserGlobalKeys", true);

user_pref("CT2857573.Initialize", true);

user_pref("CT2857573.InitializeCommonPrefs", true);

user_pref("CT2857573.InstallationAndCookieDataSentCount", 1);

user_pref("CT2857573.InstalledDate", "Sun Jan 09 2011 13:22:33 GMT+0100");

user_pref("CT2857573.isAppTrackingManagerOn", false);

user_pref("CT2857573.IsGrouping", false);

user_pref("CT2857573.IsMulticommunity", false);

user_pref("CT2857573.IsOpenThankYouPage", true);

user_pref("CT2857573.IsOpenUninstallPage", true);

user_pref("CT2857573.LanguagePackLastCheckTime", "Sun Jan 09 2011 13:22:33 GMT+0100");

user_pref("CT2857573.LanguagePackReloadIntervalMM", 1440);

user_pref("CT2857573.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");

user_pref("CT2857573.LastLogin_3.3.0.19", "Sun Jan 09 2011 13:22:32 GMT+0100");

user_pref("CT2857573.LatestVersion", "3.2.5.2");

user_pref("CT2857573.Locale", "en");

user_pref("CT2857573.MCDetectTooltipHeight", "83");

user_pref("CT2857573.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

user_pref("CT2857573.MCDetectTooltipWidth", "295");

user_pref("CT2857573.myStuffEnabled", true);

user_pref("CT2857573.myStuffPublihserMinWidth", 400);

user_pref("CT2857573.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"

user_pref("CT2857573.myStuffServiceIntervalMM", 1440);

user_pref("CT2857573.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF

user_pref("CT2857573.SearchFromAddressBarIsInit", true);

user_pref("CT2857573.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&q=");

user_pref("CT2857573.SearchInNewTabEnabled", true);

user_pref("CT2857573.SearchInNewTabIntervalMM", 1440);

user_pref("CT2857573.SearchInNewTabLastCheckTime", "Sun Jan 09 2011 13:22:33 GMT+0100");

user_pref("CT2857573.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

user_pref("CT2857573.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");

user_pref("CT2857573.ServiceMapLastCheckTime", "Sun Jan 09 2011 13:22:28 GMT+0100");

user_pref("CT2857573.SettingsLastCheckTime", "Sun Jan 09 2011 13:22:30 GMT+0100");

user_pref("CT2857573.SettingsLastUpdate", "1294239661");

user_pref("CT2857573.testingCtid", "");

user_pref("CT2857573.ThirdPartyComponentsInterval", 504);

user_pref("CT2857573.ThirdPartyComponentsLastCheck", "Sun Jan 09 2011 13:22:28 GMT+0100");

user_pref("CT2857573.ThirdPartyComponentsLastUpdate", "1246790578");

user_pref("CT2857573.toolbarAppMetaDataLastCheckTime", "Sun Jan 09 2011 13:22:31 GMT+0100");

user_pref("CT2857573.toolbarContextMenuLastCheckTime", "Sun Jan 09 2011 13:22:33 GMT+0100");

user_pref("CT2857573.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");

user_pref("CT2857573.usagesFlag", 2);

user_pref("CT2857573.UserID", "UN90760034533790771");

user_pref("CT2857573.ValidationData_Toolbar", 1);

user_pref("CT2857573.WeatherNetwork", "");

user_pref("CT2857573.WeatherPollDate", "Sun Jan 09 2011 13:22:32 GMT+0100");

user_pref("CT2857573.WeatherUnit", "C");

---- Lines conduit removed from prefs.js ----

user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com");

user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "L+tncv4eqt6Qm5T3dzChdA==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=nl", "L+tncv4eqt6Qm5T3dzChdA==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "ZF/VZo7UyQBp8ghNNzhnSQ==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=nl", "TW6pbvEhvglk5DM313wISg==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "+RsYuZ9IN1smka6Zuggr5w==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=nl", "GAox/hnZ01AfFOF7PUvloQ==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "SuMy8xgBA7+FodOxmk9aiQ==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=nl", "59UMFEXbxdbjS3gnY6/qrA==");

user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=0", "634293235860000000");

user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Apr 02 2011 21:48:28 GMT+0200");

user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jan 09 2011 13:22:29 GMT+0100");

user_pref("ConduitEngine.engineLocale", "nl");

user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jan 09 2011 13:22:28 GMT+0100");

user_pref("ConduitEngine.FirstServerDate", "01/09/2011 15");

user_pref("ConduitEngine.FirstTime", true);

user_pref("ConduitEngine.FirstTimeFF3", true);

user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Jan 09 2011 13:22:30 GMT+0100");

user_pref("ConduitEngine.HasUserGlobalKeys", true);

user_pref("ConduitEngine.HideEngineAfterRestart", true);

user_pref("ConduitEngine.initDone", true);

user_pref("ConduitEngine.Initialize", true);

user_pref("ConduitEngine.InitializeCommonPrefs", true);

user_pref("ConduitEngine.InstalledDate", "Sun Jan 09 2011 13:22:30 GMT+0100");

user_pref("ConduitEngine.isAppTrackingManagerOn", true);

user_pref("ConduitEngine.IsMulticommunity", false);

user_pref("ConduitEngine.IsOpenThankYouPage", false);

user_pref("ConduitEngine.IsOpenUninstallPage", true);

user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Jan 09 2011 13:22:29 GMT+0100");

user_pref("ConduitEngine.LastLogin_3.3.0.19", "Sun Jan 09 2011 13:22:30 GMT+0100");

user_pref("ConduitEngine.PublisherContainerWidth", 0);

user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Jan 09 2011 13:22:28 GMT+0100");

user_pref("ConduitEngine.usagesFlag", 2);

user_pref("ConduitEngine.UserID", "UN37226182496828664");

user_pref("CT2865317..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

user_pref("CT2865317..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

user_pref("CT2865317.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");

user_pref("CT2865317.GroupingServiceUrl", "http://grouping.services.conduit.com/");

user_pref("CT2865317.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");

user_pref("CT2865317.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"

user_pref("CT2865317.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF

user_pref("CT2865317.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&q=");

user_pref("CT2865317.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

user_pref("CT2865317.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");

user_pref("CT2865317.TrusteLinkUrl", "http://trust.conduit.com/EB_ORIGINAL_CTID");

user_pref("extensions.engine@conduit.com.install-event-fired", true);

---- Lines conduit modified from prefs.js ----

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,{20a82645-c095-46ed-

---- Lines WebSearch removed from prefs.js ----

user_pref("browser.search.defaultenginename,S", "WebSearch");

user_pref("browser.search.defaulturl", "http://websearch.pu-results.info/?pid=708&r=2013/04/03&hid=413508494&lg=EN&cc=NL&l=1&q=");

user_pref("browser.search.order.1,S", "WebSearch");

user_pref("browser.search.selectedEngine,S", "WebSearch");

---- Lines nationzoom removed from prefs.js ----

user_pref("browser.search.defaultenginename", "nationzoom");

user_pref("browser.search.selectedEngine", "nationzoom");

---- Lines babylon removed from prefs.js ----

user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

user_pref("extensions.BabylonToolbar.prtkDS", 0);

user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);

---- Lines ask.com removed from prefs.js ----

user_pref("extensions.toolbar@ask.com.install-event-fired", true);

user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

user_pref("weboftrust.search.ask.display", "Ask.com Web Search");

---- Lines asktb removed from prefs.js ----

user_pref("extensions.snipit.askTbInstalled", true);

---- Lines speedbit removed from prefs.js ----

user_pref("speedbit.dap_installed", true);

---- Lines CommunityToolbar removed from prefs.js ----

user_pref("CommunityToolbar.alert.alertEnabled", false);

user_pref("CommunityToolbar.alert.alertInfoInterval", 60);

user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jan 09 2011 13:22:35 GMT+0100");

user_pref("CommunityToolbar.alert.locale", "en");

user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Apr 02 2011 21:48:18 GMT+0200");

user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");

user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

user_pref("CommunityToolbar.alert.showTrayIcon", false);

user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

user_pref("CommunityToolbar.alert.userId", "a267f74a-3433-422d-a2b9-e658f4f5338e");

user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2865317");

user_pref("CommunityToolbar.EngineHiddenByUser", true);

user_pref("CommunityToolbar.EngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}");

user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.13");

user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Apr 02 2011 22:58:41 GMT+0200");

user_pref("CommunityToolbar.globalUserId", "6222fb4c-8d67-46b2-a1d1-fff1f1cd4168");

user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

user_pref("CommunityToolbar.IsEngineShown", false);

user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}");

user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.13");

user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");

---- Lines SpeedAnalysis removed from prefs.js ----

user_pref("extensions.speedanalysis02@SpeedAnalysis.com.id", "\"cf945b63-da7e-5692-18e1-06e0888f7bb4\"");

user_pref("extensions.speedanalysis02@SpeedAnalysis.com.mzID", "75");

user_pref("extensions.speedanalysis02@SpeedAnalysis.com.uuid", "\"89e7d832-2945-11e3-8099-0025901ef77c\"");

---- Lines Sweet removed from prefs.js ----

user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

user_pref("sweetim.toolbar.previous.keyword.URL", "");

user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

user_pref("sweetim.toolbar.searchguard.enable", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 removed from prefs.js ----

user_pref("extensions.{87775fdb-6972-41f9-ae51-8326e38cb206}.install-event-fired", true);

---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 modified from prefs.js ----

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,{20a82645-c095-46ed-

---- FireFox user.js and prefs.js backups ----

user_28-12-2013_1254_.backup

prefs_28-12-2013_1254_.backup

ProfilePath: D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_28-12-2013_1254_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]

@="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\TornTV.com not found

C:\ProgramData\BetterSoft not found

C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found

C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found

C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com deleted

C:\ProgramData\WPM deleted

C:\ProgramData\InstallMate deleted

D:\Henk\AppData\Local\genienext deleted

C:\PROGRA~2\Mozilla Firefox\searchplugins\babylon.xml deleted

C:\PROGRA~2\MyPC Backup deleted

C:\PROGRA~2\COMMON~1\Spigot deleted

C:\extensions.sqlite deleted

D:\Henk\AppData\Roaming\\FotoSketcher.ini deleted

D:\Henk\AppData\Roaming\\Alawar deleted

D:\Henk\AppData\Roaming\\Alawar Entertainment deleted

D:\Henk\AppData\Roaming\\AlawarEntertainment deleted

D:\Henk\AppData\Roaming\\iWin deleted

D:\Henk\AppData\Roaming\\NCdownloader deleted

C:\ProgramData\APN deleted

C:\ProgramData\StarApp deleted

C:\ProgramData\iWin deleted

C:\ProgramData\Trymedia deleted

D:\Henk\AppData\Local\\CRE deleted

D:\Henk\AppData\Local\\APN deleted

D:\Henk\AppData\Local\\Programs deleted

D:\Henk\AppData\Local\\Mobogenie deleted

D:\Henk\AppData\Local\\cache deleted

C:\Windows\SysNative\roboot64.exe deleted

D:\Henk\backup system files\AppData\LocalLow\ConduitEngine deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\facemoods.com deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted

D:\Henk\AppData\Roaming\Microsoft\Windows\SendTo\Desk 365.lnk deleted

C:\windows\SysNative\tasks\Desk 365 RunAsStdUser deleted

C:\user.js deleted

D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\searchplugins\holasearch.xml deleted

D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\GoogleToolbarData deleted

D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\CT2857573 deleted

D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default\extensions\firefox@secretsauce.biz.xpi deleted

C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted

C:\PROGRA~2\Mozilla Firefox\searchplugins\fcmdSrch.xml deleted

D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\extensions\adsremoval@adsremoval.net deleted

D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default\extensions\adsremoval@adsremoval.net deleted

D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\ConduitEngine deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\nationzoom.xml" deleted

"D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default\extensions\iobitapps@mybrowserbar.com" deleted

"C:\PROGRA~2\Mozilla Firefox\searchplugins\nationzoom.xml" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== D:\Henk\AppData\Local\Temp ====

2013-12-25 13:41:10 DE5F4849C496E6DA7EFC07148E1F5865 4494928 ----a-w- D:\Henk\AppData\Local\\Temp\fullpackage_temp1388179893\tmp\desk365.exe

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-12-15 11:52:35 D4311A326B9C4C7F6AA671273475D9E5 32600 ----a-w- C:\Windows\Sysnative\SmartDefragBootTime.exe

====== C:\Windows\Sysnative\drivers =====

2013-12-11 12:27:19 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys

2013-12-11 12:27:19 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys

====== C:\Windows\Tasks ======

2013-12-15 11:52:36 0814AEEE9B5E5F674E0079F187A89965 3164 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefrag_Startup

2013-12-15 11:52:34 A4292D1DC0CD0741CE916B2ECB9A024B 3162 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefragUpdate

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-12-28 00:00:20 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

2013-12-12 19:59:02 -------- d-----w- C:\PROGRA~2\FotoSketcher

======= D: =====

====== D:\Henk\AppData\Roaming ======

====== D:\Henk ======

2013-12-27 23:58:09 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- D:\Henk\Desktop\RSITx64.exe

2013-12-27 21:33:33 BBE1E19BBC55C045D0DC9259569A42F6 716 ----a-w- D:\Henk\.android\adbkey.pub

2013-12-27 21:33:33 084F62F96423ABB663DA48E05C9E0883 1704 ----a-w- D:\Henk\.android\adbkey

2013-12-25 12:15:38 90B4989B832A57D261F0AB51F143E97A 4645232 ----a-w- D:\Henk\Desktop\FF bewaren\ccsetup409.exe

2013-12-21 15:53:03 627EE0DEB4929E7DA5F2CE7C27D030A9 8988024 ----a-w- D:\Henk\Desktop\FF bewaren\WoWP_internet_install_eu.exe

2013-12-20 16:56:31 7FF62A6C04D16FF717B5E01D4CD6B28D 2026792 ----a-w- D:\Henk\Desktop\FF bewaren\OUTDATEfighter_Web.exe

2013-12-12 19:59:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FotoSketcher

2013-12-03 12:04:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

====== C: exe-files ==

2013-12-28 00:08:40 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Henk.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 6"="C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe /AutoStart"

[HKEY_USERS\S-1-5-21-2771351034-1752285704-1091563883-1008\Software\Microsoft\Windows\CurrentVersion\Run]

"Wisdom-soft ScreenHunter 5.1 Free"="C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe"

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"Google Update"="D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 6"="C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe /AutoStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"

"StartCCC"="c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"20131224"="C:\Program Files\Alwil Software\Avast5\setup\emupdate\2bb08ca3-e1b2-40ac-a81d-36e18eac2a17.exe /check"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Wisdom-soft ScreenHunter 5.1 Free"="C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe"

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"Google Update"="D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\\progra~2\\browse~1\\sprote~1.dll c:\\progra~2\\websea~1\\sprote~1.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\microsoft intellipoint\ipoint.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcoholAutomount]

"command"="\"c:\\program files (x86)\\alcohol soft\\alcohol 120\\axcmd.exe\" /automount"

"hkey"="HKCU"

"item"="AlcoholAutomount"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTSyncService]

"command"="c:\\program files (x86)\\installshield installation information\\{f3d9ac82-30f4-4bb9-b9ab-8697637568c1}\\ambspisyncservice.exe /startrunkey"

"hkey"="HKLM"

"item"="CTSyncService"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]

"command"="\"D:\\Henk\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

"hkey"="HKCU"

"item"="Facebook Update"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMMON]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IMMON"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\IM Magician\\Vicamon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware]

"command"="\"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray"

"hkey"="HKLM"

"item"="Malwarebytes' Anti-Malware"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBAgent]

"command"="\"c:\\program files (x86)\\nero\\nero 10\\nero backitup\\nbagent.exe\" /winstart"

"hkey"="HKLM"

"item"="NBAgent"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RunDLLEntry]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RunDLLEntry"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\RunDLL32.exe C:\\Windows\\system32\\AmbRunE.dll,RunDLLEntry"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]

"command"="\"d:\\henk\\appdata\\roaming\\spotify\\spotify.exe\" /uri spotify:autostart"

"hkey"="HKCU"

"item"="Spotify"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]

"command"="\"D:\\Henk\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""

"hkey"="HKCU"

"item"="Spotify Web Helper"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]

"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\""

"hkey"="HKCU"

"item"="TomTomHOME.exe"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="UpdReg"

"hkey"="HKLM"

"command"="C:\\Windows\\UpdReg.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VMonitorVMUVC]

"command"="\"c:\\program files (x86)\\vimicro corporation\\vmuvc\\vmonitor.exe\" vmuvc"

"hkey"="HKLM"

"item"="VMonitorVMUVC"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VolPanel]

"command"="\"c:\\program files (x86)\\creative\\sb x-fi mb\\volume panel\\volpanlu.exe\" /r"

"hkey"="HKLM"

"item"="VolPanel"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Creative ALchemy AL6 Licensing Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Creative Audio Engine Licensing Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CTAudSvcService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\sdAuxService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\sdCoreService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Sound Blaster X-Fi MB Licensing Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\StarWindServiceAE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ThreatFire]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TomTomHOMEService]

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]

C:\Windows\tasks\Driver Booster Update.job --a------ C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [08-09-2013 11:12]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job --a------ C:\Henk\AppData\Local\Facebook\Update\FacebookUpdate.exe []

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job --a------ C:\Henk\AppData\Local\Facebook\Update\FacebookUpdate.exe []

C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files (x86)\Glary Utilities\initialize.exe [11-09-2012 20:59]

C:\Windows\tasks\Google Software Updater.job --a------ C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [07-09-2011 18:49]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30-12-2010 00:00]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30-12-2010 00:00]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job --a------ C:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\ASC7_SkipUac_Henk" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]

"C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core" [D:\Henk\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA" [D:\Henk\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\GlaryInitialize" [C:\Program Files (x86)\Glary Utilities\initialize.exe]

"C:\Windows\SysNative\tasks\Google Software Updater" [C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core" [D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA" [D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\SlimCleaner Run" ["C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe"]

"C:\Windows\SysNative\tasks\SmartDefragUpdate" [C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe]

"C:\Windows\SysNative\tasks\SmartDefrag_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{722E2EDB-48D9-45C6-B267-3418D47ED143}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [03-12-2013 13:03]

==== Firefox Extensions ======================

ProfilePath: D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default

- avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF

- Visualisateur 3D de 20-20 - %ProfilePath%\extensions\2020Player_WEB@2020Technologies.com

- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com

- Undetermined - %ProfilePath%\extensions\nostmp

ProfilePath: D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default

- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default

F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash

C36444D7301A8C881FC7296B092609C7 - D:\Henk\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update

68BCBB241EF254BC5100D9E6C06ECC71 - D:\Henk\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator

99FE6AFE80EB7FE3EEB75DC504A326A3 - D:\Henk\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer

AF42019A3B0EDBFA6878F75B9377A792 - D:\Henk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin

EC401349BFA64BD6232C746046AEC0B5 - D:\Henk\AppData\Roaming\Mozilla\plugins\npoctoshape.dll - Octoshape Streaming Services

33E00913297328DE59A1CD6BF90D2084 - D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\extensions\2020Player_WEB@2020Technologies.com\plugins\NP_2020Player_WEB.dll - 20-20 3D Viewer for WEB

66640A55AEFF3819C94E0A8D40D7E0AD - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director

F65284ABAC78410D561587F7C66043BA - D:\Henk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

0B31B0F8FA99CFD009C8FBEA9E20C9DE - D:\Henk\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin

Profilepath: D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default

FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dbpebffoameokfhnaaedmefjncfboino - C:\Program Files (x86)\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx[]

dhkplhfnhceodhffomolpfigojocbpcb - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx[]

fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[05-11-2013 13:14]

hbcennhacfaagdopikcegfcobcadeocj - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx[]

icdlfehblmklkikfigmjhbmmpmkmpooj - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx[]

ihflimipbcaljfnojhhknppphnnciiif - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx[]

lemilgpbnfoecfjhpfchannnnkeefjmj - D:\Henk\AppData\Local\CRE\lemilgpbnfoecfjhpfchannnnkeefjmj.crx[]

mhkaekfpcppmmioggniknbnbdbcigpkk - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx[]

nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx[12-10-2013 13:04]

pfndaklgolladniicklehhancnlgocpp - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

lemilgpbnfoecfjhpfchannnnkeefjmj - D:\Henk\AppData\Local\CRE\lemilgpbnfoecfjhpfchannnnkeefjmj.crx[]

Last updated at time on date - AppData - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

20-20 3D Viewer for Virtual Studio - AppData - Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc

MaskMe - AppData - Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg

DoNotTrackMe Online Privacy Protection - AppData - Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd

AdBlock - AppData - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Ads Removal - AppData - Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod

Ghostery - AppData - Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij

Advanced SystemCare Surfing Protection - AppData - Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd

==== Chrome Fix ======================

D:\Henk\AppData\Local\\Google\Chrome\User Data\Default\Local Extension Settings\dbpebffoameokfhnaaedmefjncfboino deleted successfully

D:\Henk\AppData\Local\\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod deleted successfully

D:\Henk\AppData\Local\\Google\Chrome\User Data\Default\Local Extension Settings\gkcefkcdkepgkpbgncjchhbjgoanleod deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.nl/"

"Default_Search_URL"="http://www.google.com/ie"

"Default_Page_URL"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://www.google.com"

"Search Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://www.google.com"

"Search Page"="http://www.google.com"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://www.google.com/search?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://www.google.com/ie"

"Default_Search_URL"="http://www.google.com/ie"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{078B1780-9950-4CBB-ACB8-8BDA60D5A8AB}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.nl/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{078B1780-9950-4CBB-ACB8-8BDA60D5A8AB} Yahoo! Search Url="http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DEA98CC2-FA47-AA12-3ACB-D50F1B2A0B6A} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lemilgpbnfoecfjhpfchannnnkeefjmj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lemilgpbnfoecfjhpfchannnnkeefjmj deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMMON deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui

O4 - HKLM\..\RunOnce: [20131224] C:\Program Files\Alwil Software\Avast5\setup\emupdate\2bb08ca3-e1b2-40ac-a81d-36e18eac2a17.exe /check

O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

D:\Henk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

D:\Henk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

D:\Henk\backup system files\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

D:\Henk\backup system files\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=387 folders=137 13793918 bytes)

==== Empty Temp Folders ======================

D:\Henk\AppData\Local\\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on za 28-12-2013 at 13:03:15,97 ======================

Link naar reactie
Delen op andere sites

Download 52147fb3b2536-AdwCleaner_99_3_16x16x32.pngAdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik vervolgens op de knop Scan.
  • Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  • Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  • Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  • Plaats dit logbestand in het volgende bericht.

Link naar reactie
Delen op andere sites

Hallo Kape

Alvast bedankt voor snelle reactie en hulp.

# AdwCleaner v3.016 - Report created 28/12/2013 at 14:20:41

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Henk - HENK-PC

# Running from : D:\Henk\Desktop\FF bewaren\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : D:\Henk\AppData\LocalLow\BabylonToolbar

Folder Deleted : D:\Henk\AppData\LocalLow\Conduit

Folder Deleted : D:\Henk\AppData\LocalLow\facemoods.com

Folder Deleted : D:\Henk\AppData\LocalLow\PriceGong

Folder Deleted : D:\Loekie\AppData\Local\Temp\apn

Folder Deleted : D:\Loekie\AppData\LocalLow\AskToolbar

Folder Deleted : D:\Loekie\AppData\LocalLow\BabylonToolbar

Folder Deleted : D:\Loekie\AppData\LocalLow\Conduit

Folder Deleted : D:\Loekie\AppData\LocalLow\ConduitEngine

Folder Deleted : D:\Loekie\AppData\LocalLow\facemoods.com

Folder Deleted : D:\Loekie\AppData\LocalLow\Search Settings

Folder Deleted : D:\Loekie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Folder Deleted : D:\Loekie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk

Folder Deleted : D:\Loekie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lemilgpbnfoecfjhpfchannnnkeefjmj

File Deleted : D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\user.js

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Key Deleted : HKCU\Software\a28ad0e56ab944

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_memoriesontv_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_memoriesontv_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_facebook-video-calling_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_facebook-video-calling_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-pdf-to-word-doc-converter_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-pdf-to-word-doc-converter_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_mcafee-siteadvisor_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_mcafee-siteadvisor_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_pencil_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_pencil_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\facemoods.com

Key Deleted : HKCU\Software\filescout

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\PerformerSoft

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Desksvc

Key Deleted : HKLM\Software\facemoods.com

Key Deleted : HKLM\Software\hdcode

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\supWPM

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\Software\Trymedia Systems

Key Deleted : HKLM\Software\Vuze_Remote

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\sprote~1.dll

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\websea~1\sprote~1.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

-\\ Mozilla Firefox v25.0.1 (nl)

[ File : D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\prefs.js ]

Line Deleted : user_pref("CT2865317..clientLogIsEnabled", true);

Line Deleted : user_pref("CT2865317.CTID", "CT2865317");

Line Deleted : user_pref("CT2865317.CurrentServerDate", "2-4-2011");

Line Deleted : user_pref("CT2865317.DialogsAlignMode", "LTR");

Line Deleted : user_pref("CT2865317.DownloadReferralCookieData", "");

Line Deleted : user_pref("CT2865317.EMailNotifierPollDate", "Sat Apr 02 2011 22:58:40 GMT+0200");

Line Deleted : user_pref("CT2865317.FeedLastCount5397019970362056034", 154);

Line Deleted : user_pref("CT2865317.FeedPollDate129363015634713160", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.FeedPollDate129363015634713166", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.FeedPollDate129363015634713172", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.FeedPollDate129363015634713178", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.FeedPollDate129363015634713184", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.FeedPollDate129363015634713190", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.FeedPollDate129363015634713196", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.FeedPollDate129363015634713202", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.FeedPollDate129363015634713208", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.FeedPollDate129363015634713214", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.FeedPollDate129363015634713220", "Sat Apr 02 2011 22:58:42 GMT+0200");

Line Deleted : user_pref("CT2865317.FeedTTL129363015634713160", 10);

Line Deleted : user_pref("CT2865317.FeedTTL129363015634713184", 15);

Line Deleted : user_pref("CT2865317.FeedTTL129363015634713196", 5);

Line Deleted : user_pref("CT2865317.FeedTTL129363015634713208", 5);

Line Deleted : user_pref("CT2865317.FirstServerDate", "2-4-2011");

Line Deleted : user_pref("CT2865317.FirstTime", true);

Line Deleted : user_pref("CT2865317.FirstTimeFF3", true);

Line Deleted : user_pref("CT2865317.FixPageNotFoundErrors", false);

Line Deleted : user_pref("CT2865317.GroupingServerCheckInterval", 1440);

Line Deleted : user_pref("CT2865317.HasUserGlobalKeys", true);

Line Deleted : user_pref("CT2865317.Initialize", true);

Line Deleted : user_pref("CT2865317.InitializeCommonPrefs", true);

Line Deleted : user_pref("CT2865317.InstallationAndCookieDataSentCount", 1);

Line Deleted : user_pref("CT2865317.InstallationType", "UnknownIntegration");

Line Deleted : user_pref("CT2865317.InstalledDate", "Sat Apr 02 2011 22:58:40 GMT+0200");

Line Deleted : user_pref("CT2865317.IsGrouping", false);

Line Deleted : user_pref("CT2865317.IsMulticommunity", false);

Line Deleted : user_pref("CT2865317.IsOpenThankYouPage", true);

Line Deleted : user_pref("CT2865317.IsOpenUninstallPage", false);

Line Deleted : user_pref("CT2865317.LanguagePackLastCheckTime", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.LanguagePackReloadIntervalMM", 1440);

Line Deleted : user_pref("CT2865317.LastLogin_3.2.5.2", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.LatestVersion", "3.3.3.2");

Line Deleted : user_pref("CT2865317.Locale", "nl");

Line Deleted : user_pref("CT2865317.MCDetectTooltipHeight", "83");

Line Deleted : user_pref("CT2865317.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Line Deleted : user_pref("CT2865317.MCDetectTooltipWidth", "295");

Line Deleted : user_pref("CT2865317.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("CT2865317.SearchInNewTabEnabled", true);

Line Deleted : user_pref("CT2865317.SearchInNewTabIntervalMM", 1440);

Line Deleted : user_pref("CT2865317.SearchInNewTabLastCheckTime", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.ServiceMapLastCheckTime", "Sat Apr 02 2011 22:58:39 GMT+0200");

Line Deleted : user_pref("CT2865317.SettingsLastCheckTime", "Sat Apr 02 2011 22:58:39 GMT+0200");

Line Deleted : user_pref("CT2865317.SettingsLastUpdate", "1297860113");

Line Deleted : user_pref("CT2865317.ThirdPartyComponentsInterval", 504);

Line Deleted : user_pref("CT2865317.ThirdPartyComponentsLastCheck", "Sat Apr 02 2011 22:58:39 GMT+0200");

Line Deleted : user_pref("CT2865317.ThirdPartyComponentsLastUpdate", "1256029839");

Line Deleted : user_pref("CT2865317.UserID", "UN80638700966338427");

Line Deleted : user_pref("CT2865317.WeatherNetwork", "");

Line Deleted : user_pref("CT2865317.WeatherPollDate", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.WeatherUnit", "C");

Line Deleted : user_pref("CT2865317.alertChannelId", "1257316");

Line Deleted : user_pref("CT2865317.backendstorage.enableinj", "");

Line Deleted : user_pref("CT2865317.backendstorage.pairingkey", "30463431333541313744423937304444383633453438374443353143433438433639393441434131");

Line Deleted : user_pref("CT2865317.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");

Line Deleted : user_pref("CT2865317.backendstorage.uttorrents", "7B226275696C64223A32353135342C226C6162656C223A5B5D2C22746F7272656E7473223A5B5B223034354241393836343636373639313445443730364137363946454244314146383132[...]

Line Deleted : user_pref("CT2865317.myStuffEnabled", true);

Line Deleted : user_pref("CT2865317.myStuffPublihserMinWidth", 400);

Line Deleted : user_pref("CT2865317.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT2865317.testingCtid", "");

Line Deleted : user_pref("CT2865317.toolbarAppMetaDataLastCheckTime", "Sat Apr 02 2011 22:58:40 GMT+0200");

Line Deleted : user_pref("CT2865317.toolbarContextMenuLastCheckTime", "Sat Apr 02 2011 22:58:41 GMT+0200");

Line Deleted : user_pref("CT2865317.usagesFlag", 1);

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Line Deleted : user_pref("aol_toolbar.default.search.check", false);

Line Deleted : user_pref("surfcanyon.ad_status", "1");

Line Deleted : user_pref("surfcanyon.add_craigslist_images", false);

Line Deleted : user_pref("surfcanyon.added_to_searchbar", true);

Line Deleted : user_pref("surfcanyon.checked_domains", "");

Line Deleted : user_pref("surfcanyon.disabled", true);

Line Deleted : user_pref("surfcanyon.disliked_domains", "");

Line Deleted : user_pref("surfcanyon.display_similar_product_images", false);

Line Deleted : user_pref("surfcanyon.enable_craigslist", false);

Line Deleted : user_pref("surfcanyon.featured_result_disabled", false);

Line Deleted : user_pref("surfcanyon.hourly_code2", "scEnableGoogle_hourly = function() {\nvar args = window.location.search;\nvar path = window.location.pathname;\nreturn (getAffectGoogle() && contains(scCurrentPag[...]

Line Deleted : user_pref("surfcanyon.hourly_code_timestamp", "1293920527997");

Line Deleted : user_pref("surfcanyon.inst_id", "92963896908547336821144659984046");

Line Deleted : user_pref("surfcanyon.inst_timestamp", "1284661271691");

Line Deleted : user_pref("surfcanyon.last_notification_displayed", 2);

Line Deleted : user_pref("surfcanyon.last_seen_splash", "332");

Line Deleted : user_pref("surfcanyon.num_recs_clicked", "0");

Line Deleted : user_pref("surfcanyon.num_results_clicked", "0");

Line Deleted : user_pref("surfcanyon.num_results_clicked_when_recs_available", "0");

Line Deleted : user_pref("surfcanyon.num_searches", "0");

Line Deleted : user_pref("surfcanyon.page_notifications_cancelled", true);

Line Deleted : user_pref("surfcanyon.partner_code", "MZ");

Line Deleted : user_pref("surfcanyon.preferred_domains", "");

Line Deleted : user_pref("surfcanyon.recs_notifications_cancelled", true);

Line Deleted : user_pref("surfcanyon.retailer_domain", "");

Line Deleted : user_pref("surfcanyon.retailer_id", "");

Line Deleted : user_pref("surfcanyon.retailer_url", "");

Line Deleted : user_pref("surfcanyon.status_bar_icon_disabled", true);

Line Deleted : user_pref("surfcanyon.top_of_page_refinements_disabled", false);

Line Deleted : user_pref("surfcanyon.url_bar_icon_disabled", true);

[ File : D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default\prefs.js ]

[ File : D:\Loekie\AppData\Roaming\Mozilla\Firefox\Profiles\ur5bpndw.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v27.0.1453.110

[ File : D:\Henk\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : D:\Loekie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

Deleted : search_url

Deleted : suggest_url

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18450 octets] - [28/12/2013 14:18:24]

AdwCleaner[s0].txt - [17660 octets] - [28/12/2013 14:20:41]

########## EOF - D:\AdwCleaner\AdwCleaner[s0].txt - [17721 octets] ##########

- - - Updated - - -

post-15863-1417705632,5042_thumb.jpg

deze venster opent en verder doen snel koppelingen niks

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.