hoe kan je sweetpage verwijderen

[westbeest]

Hallo

Kan ik geholpen worden om het sweet page programma te verwijderen. Mijn zoon zat op de computer en nu is dit ineens mijn startpagina geweorden

[kape]

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

Bekijk ook de instructievideo.

[westbeest]

kan log file niet plaatsen krijg dan de volgende melding

Fatal error: Maximum execution time of 30 seconds exceeded in /home/pchelpfor/domains/pc-helpforum.be/public_html/includes/functions.php on line 2351

[westbeest]

Logfile of random's system information tool 1.09 (written by random/random)

Run by Gebruiker at 2014-03-11 19:23:11

Microsoft Windows 8.1

System drive C: has 1729 GB (91%) free of 1892 GB

Total RAM: 8070 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:23:12, on 11-3-2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.16518)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files\trend micro\Gebruiker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sweet Page

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = {searchTerms - Bing}

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = {searchTerms - Bing}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sweet Page

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = {searchTerms - Yahoo Search Results}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = {searchTerms - Yahoo Search Results}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = {searchTerms - Bing}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = {searchTerms - Bing}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: weebsave - {B62C4C7B-461D-D0B8-9B21-732CECCAFAF5} - C:\Program Files (x86)\weebsave\ANzvk.dll (file missing)

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

O4 - HKCU\..\Run: [speedUpMyComputer] C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss

O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss

O4 - HKCU\..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned

O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs:

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7807 bytes

======Listing Processes======

wininit.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\Windows\system32\svchost.exe -k imgsvc

dashost.exe {820dcb34-611c-4309-b1096332bef69035}

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dc2b7690-9a6c-4466-9ef6-1d11f13abce9 -SystemEventPortName:HostProcess-566ca92b-a1e3-4f06-9f93-b5df65fcccf6 -IoCancelEventPortName:HostProcess-0a0eece6-4d03-4360-b9a4-a80744425f85 -NonStateChangingEventPortName:HostProcess-920b56a2-e89e-4974-b83a-79ed6ab51c32 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:34e4fb7e-4ce7-4e95-abdd-4678a0be309a -DeviceGroupId:WpdFsGroup

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

winlogon.exe

"dwm.exe"

taskhostex.exe

C:\Windows\Explorer.EXE

"C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\system32\igfxsrvc.exe" -Embedding

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"

"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding

"C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store

C:\Windows\System32\RuntimeBroker.exe -Embedding

"C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding

"C:\Program Files\Internet Explorer\iexplore.exe" -ServerName:DefaultBrowserServer

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:267778 /prefetch:1

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe34_ Global\UsGthrCtrlFltPipeMssGthrPipe34 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:4068916 /prefetch:1

"C:\Windows\system32\SearchFilterHost.exe" 0 584 588 596 65536 592

"C:\Users\Gebruiker\Downloads\RSITx64 (1).exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\bench-sys.job

C:\Windows\tasks\Digital Sites.job

- - - Updated - - -

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}]

weebsave - C:\Program Files (x86)\weebsave\ANzvk.x64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}]

weebsave - C:\Program Files (x86)\weebsave\ANzvk.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{ae07101b-46d4-4a98-af68-0333ea26e113}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{ae07101b-46d4-4a98-af68-0333ea26e113}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-12-21 391128]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-12-21 771544]

"Persistence"=C:\Windows\system32\igfxpers.exe [2013-12-21 770520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SpeedUpMyComputer"=C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss []

"FixMyRegistry"=C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss []

"ChicaPasswordManager"=C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe /autorunned []

"Optimizer Pro"=C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe []

"LiveSupport"=C:\Program Files (x86)\LiveSupport\LiveSupport.exe /noshow /log []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

"mobilegeni daemon"=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe []

"fst_nl_30"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2013-12-21 624640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmartcardSimulator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VirtualSmartcardReader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wcmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"EnableUIADesktopToggle"=0

"EnableCursorSuppression"=1

"ConsentPromptBehaviorUser"=3

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"ForceActiveDesktopOn"=0

"NoActiveDesktopChanges"=1

"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.yuy2"=msyuv.dll

"vidc.i420"=iyuv_32.dll

"msacm.msgsm610"=msgsm32.acm

"msacm.msg711"=msg711.acm

"vidc.yvyu"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"wavemapper"=msacm32.drv

"midimapper"=midimap.dll

"vidc.uyvy"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"vidc.msvc"=msvidc32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

- - - Updated - - -

Logfile of random's system information tool 1.09 (written by random/random)

Run by Gebruiker at 2014-03-11 19:23:11

Microsoft Windows 8.1

System drive C: has 1729 GB (91%) free of 1892 GB

Total RAM: 8070 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:23:12, on 11-3-2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.16518)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files\trend micro\Gebruiker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX&q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX&q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.exitingsearch.info/?pid=2145&r=2014/03/10&hid=12559607067462301666&lg=EN&cc=NL&unqvl=50

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: weebsave - {B62C4C7B-461D-D0B8-9B21-732CECCAFAF5} - C:\Program Files (x86)\weebsave\ANzvk.dll (file missing)

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

O4 - HKCU\..\Run: [speedUpMyComputer] C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss

O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss

O4 - HKCU\..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned

O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs:

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7807 bytes

======Listing Processes======

wininit.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\Windows\system32\svchost.exe -k imgsvc

dashost.exe {820dcb34-611c-4309-b1096332bef69035}

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dc2b7690-9a6c-4466-9ef6-1d11f13abce9 -SystemEventPortName:HostProcess-566ca92b-a1e3-4f06-9f93-b5df65fcccf6 -IoCancelEventPortName:HostProcess-0a0eece6-4d03-4360-b9a4-a80744425f85 -NonStateChangingEventPortName:HostProcess-920b56a2-e89e-4974-b83a-79ed6ab51c32 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:34e4fb7e-4ce7-4e95-abdd-4678a0be309a -DeviceGroupId:WpdFsGroup

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

winlogon.exe

"dwm.exe"

taskhostex.exe

C:\Windows\Explorer.EXE

"C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\system32\igfxsrvc.exe" -Embedding

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"

"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding

"C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store

C:\Windows\System32\RuntimeBroker.exe -Embedding

"C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding

"C:\Program Files\Internet Explorer\iexplore.exe" -ServerName:DefaultBrowserServer

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:267778 /prefetch:1

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe34_ Global\UsGthrCtrlFltPipeMssGthrPipe34 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:4068916 /prefetch:1

"C:\Windows\system32\SearchFilterHost.exe" 0 584 588 596 65536 592

"C:\Users\Gebruiker\Downloads\RSITx64 (1).exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\bench-sys.job

C:\Windows\tasks\Digital Sites.job

[kape]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {B62C4C7B-461D-D0B8-9B21-732CECCAFAF5};c
 C:\Program Files (x86)\weebsave;fs
 {ae07101b-46d4-4a98-af68-0333ea26e113};c
 mobilegeni daemon;s
 C:\Program Files (x86)\Mobogenie;fs
 Optimizer Pro;s
 C:\Program Files (x86)\Optimizer Pro;fs
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}];r64
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r64
 "Optimizer Pro"=-;r64
 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64
 "mobilegeni daemon"=-;r64
 "fst_nl_30"=-;r64
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r64
 "AppInit_DLLs"=-;r64
  emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[westbeest]

Zoek.exe v5.0.0.0 Updated 07-March-2014

Tool run by Gebruiker on ma 24-03-2014 at 20:52:02,14.

Microsoft Windows 8.1 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Gebruiker\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

24-3-2014 20:53:47 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\YoutubeAdblocker deleted successfully

C:\PROGRA~3\NExtCoup deleted successfully

C:\PROGRA~3\SNT deleted successfully

C:\PROGRA~3\webesave deleted successfully

C:\PROGRA~3\WinZip deleted successfully

C:\Users\Gebruiker\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3575262360-258679368-1463809348-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_USERS\S-1-5-21-3575262360-258679368-1463809348-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Optimizer Pro"=-

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"mobilegeni daemon"=-

"fst_nl_30"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\weebsave not found

C:\Program Files (x86)\Optimizer Pro not found

C:\Program Files (x86)\Mobogenie deleted

C:\Users\Gebruiker\AppData\LocalLow\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5} deleted

C:\Users\Gebruiker\AppData\LocalLow\{EB371B49-8FDE-4381-E9C6-53EEACAD830C} deleted

C:\Users\Gebruiker\daemonprocess.txt deleted

C:\Users\Gebruiker\.android deleted

C:\PROGRA~3\weebsave deleted

C:\Users\Gebruiker\AppData\Roaming\SupTab deleted

C:\Users\Gebruiker\AppData\Roaming\awesomehp deleted

C:\Users\Gebruiker\AppData\Roaming\DigitalSites deleted

C:\Users\Gebruiker\AppData\Roaming\EZDownloader deleted

C:\Users\Gebruiker\AppData\Roaming\systweak deleted

C:\Users\Gebruiker\AppData\Roaming\OpenCandy deleted

C:\PROGRA~3\Registry Helper deleted

C:\PROGRA~3\IePluginService deleted

C:\PROGRA~3\WPM deleted

C:\PROGRA~3\InstallMate deleted

C:\PROGRA~3\RegClean deleted

C:\Users\Gebruiker\AppData\Local\WebPlayer deleted

C:\Users\Gebruiker\AppData\Local\Mobogenie deleted

C:\Users\Gebruiker\AppData\Local\cache deleted

C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software deleted

C:\Windows\SysNative\roboot64.exe deleted

C:\windows\SysNative\tasks\bench-sys deleted

C:\Windows\tasks\bench-sys.job deleted

C:\Windows\Syswow64\SearchProtect deleted

C:\Users\Gebruiker\Documents\Mobogenie deleted

"C:\PROGRA~3\589ed11582df0642\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}" deleted

"C:\PROGRA~3\589ed11582df0642\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}" deleted

"C:\PROGRA~3\589ed11582df0642\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted

"C:\PROGRA~3\589ed11582df0642\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted

"C:\PROGRA~3\589ed11582df0642\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted

"C:\PROGRA~3\589ed11582df0642" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\GEBRUI~1\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2014-03-19 14:35:53 D292652F380DFC23897CB31B1940E56C 588800 ----a-w- C:\Windows\SysWOW64\SettingSyncCore.dll

2014-03-19 14:35:53 42433CDEC449D40F508752F2D487D8E4 478208 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe

2014-03-19 14:35:50 3104FCDE0470E5D89C9991FC0EDDE57E 18643560 ----a-w- C:\Windows\SysWOW64\shell32.dll

2014-03-19 14:35:49 9929F71938D9FCE4550BEB935071F0C8 13949440 ----a-w- C:\Windows\SysWOW64\Windows.UI.Xaml.dll

2014-03-19 14:35:47 A00970DBAD7034523CF9D2C395A944B8 103936 ----a-w- C:\Windows\SysWOW64\OEMLicense.dll

2014-03-19 14:35:47 716046CF7941B176C18AA58785899A2D 174592 ----a-w- C:\Windows\SysWOW64\WSClient.dll

2014-03-19 14:35:46 A863A4DEF854D579C36EAA9DECF21C80 336896 ----a-w- C:\Windows\SysWOW64\XpsGdiConverter.dll

2014-03-19 14:35:45 65ACE54B8EDA937EE7706733D27F40A8 802816 ----a-w- C:\Windows\SysWOW64\MFMediaEngine.dll

2014-03-19 14:35:44 DBB6B2FA462A5E7029766B09ED9CDA73 381168 ----a-w- C:\Windows\SysWOW64\mfsvr.dll

2014-03-19 14:35:44 CF8746715C1AA00C29F789825E321C7C 770560 ----a-w- C:\Windows\SysWOW64\ReAgent.dll

2014-03-19 14:35:43 EC308077E9BEEDF523AE3D6BA042E016 630272 ----a-w- C:\Windows\SysWOW64\MsSpellCheckingFacility.dll

2014-03-19 14:35:43 986ABF43F76F5B0E3557363FB4925C78 1472048 ----a-w- C:\Windows\SysWOW64\ntdll.dll

2014-03-19 14:35:42 E2C1E49EBFB8EFA1AFF6966533BAD12B 140800 ----a-w- C:\Windows\SysWOW64\easwrt.dll

2014-03-19 14:35:42 A7DE6E0B69826D5B6F5FF68AABCF7035 218112 ----a-w- C:\Windows\SysWOW64\sti.dll

2014-03-15 09:52:50 07B5CC5559ED3F55A3F940B3211D89C2 124416 ----a-w- C:\Windows\SysWOW64\poqexec.exe

2014-03-14 13:01:11 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2014-03-14 13:01:10 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2014-03-14 13:01:09 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2014-03-14 13:01:09 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2014-03-14 13:01:08 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll

2014-03-14 13:01:07 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2014-03-14 13:01:07 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll

2014-03-14 13:01:07 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2014-03-14 13:01:04 D34CE666D9BA3D5232609D3C15075B70 5770752 ----a-w- C:\Windows\SysWOW64\mstscax.dll

2014-03-14 13:01:03 ECEBFCEF5799B57BFF242D24B27E4FE4 2143960 ----a-w- C:\Windows\SysWOW64\mfcore.dll

2014-03-14 13:01:03 878B3C936C3C2850A57C24C6F104EBC5 208896 ----a-w- C:\Windows\SysWOW64\rdpencom.dll

2014-03-14 13:01:03 6C8AC5035C39C818624EFA962B24AB3D 1036288 ----a-w- C:\Windows\SysWOW64\kernel32.dll

2014-03-14 13:01:03 34823DAA381423CAE81FEE7C2EEE52F4 669352 ----a-w- C:\Windows\SysWOW64\mfmpeg2srcsnk.dll

2014-03-14 13:01:03 2A3626E0B7F5A5317902EBDAF2B4CCE0 1371824 ----a-w- C:\Windows\SysWOW64\combase.dll

2014-03-14 13:01:03 17500825FE6C7094ACC6E7DC6B578399 369280 ----a-w- C:\Windows\SysWOW64\Faultrep.dll

2014-03-14 13:01:02 FCD51A3EB7E47FBCE17382A95FD3AB35 2873344 ----a-w- C:\Windows\SysWOW64\dbgeng.dll

2014-03-14 13:01:02 F5033F3C6F8E706D78ACB9351EBF7B3E 1238016 ----a-w- C:\Windows\SysWOW64\dbghelp.dll

2014-03-14 13:01:02 D4A17A8DEB194D77AD9651F0EE0C76EB 138752 ----a-w- C:\Windows\SysWOW64\DWWIN.EXE

2014-03-14 13:01:02 D0B6EB329D696A5C2122352EAE722290 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll

2014-03-14 13:01:02 3DA5CD1E3B9BDAF79731CB6CB1029CB3 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll

2014-03-14 13:01:02 249DE8C6F690646CC8EC53D49ABC6BE9 408480 ----a-w- C:\Windows\SysWOW64\WerFault.exe

2014-03-14 13:00:53 F80E8CF9E4A051C2CC338C85088A046C 488448 ----a-w- C:\Windows\SysWOW64\qedit.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-03-19 14:35:53 43D0F8E593ABD37B5BC9573EDD71EFEB 628736 ----a-w- C:\Windows\Sysnative\SettingSyncHost.exe

2014-03-19 14:35:52 968FB3BA8E7DF0933A1CF593BD503F4A 461312 ----a-w- C:\Windows\Sysnative\XpsGdiConverter.dll

2014-03-19 14:35:51 1D8F8BE07D2B06C32ADB4B08F0F2A357 749056 ----a-w- C:\Windows\Sysnative\SettingSyncCore.dll

2014-03-19 14:35:50 FF73B88BA206966BD228320F664D4D92 21199256 ----a-w- C:\Windows\Sysnative\shell32.dll

2014-03-19 14:35:48 04B5ADB034D17585D3BCFC6DE5CADFF8 18576384 ----a-w- C:\Windows\Sysnative\Windows.UI.Xaml.dll

2014-03-19 14:35:47 B88A70259DF2927787C0B766DD4CFB5C 206336 ----a-w- C:\Windows\Sysnative\WSClient.dll

2014-03-19 14:35:47 68085A085DE8E3540EE8E02CAE575B2E 138240 ----a-w- C:\Windows\Sysnative\OEMLicense.dll

2014-03-19 14:35:45 E069B63DAD920D231FA8A141DFF43A8C 960512 ----a-w- C:\Windows\Sysnative\MFMediaEngine.dll

2014-03-19 14:35:45 A95838FFFAEAA7500263D491575F7E0C 1214976 ----a-w- C:\Windows\Sysnative\schedsvc.dll

2014-03-19 14:35:44 E80700EB046D0B82B694C98CF7231C08 481944 ----a-w- C:\Windows\Sysnative\mfsvr.dll

2014-03-19 14:35:44 D03BF756457B6A1EB305B26046BB9B4D 914944 ----a-w- C:\Windows\Sysnative\ReAgent.dll

2014-03-19 14:35:44 847CFF96ACB575CE73C0E2E86C6BA993 842752 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.dll

2014-03-19 14:35:43 E287F157F7A0011D93179C64EF8ADCF2 376320 ----a-w- C:\Windows\Sysnative\pnrpsvc.dll

2014-03-19 14:35:43 C8ACFF60C553E63949A79DC370B516E4 947712 ----a-w- C:\Windows\Sysnative\reseteng.dll

2014-03-19 14:35:43 1FCA4E287F0ED13BF037A484AA2FE3B1 419160 ----a-w- C:\Windows\Sysnative\hal.dll

2014-03-19 14:35:42 A0D3749BB1BC942C7D21C4D99E79A615 131160 ----a-w- C:\Windows\Sysnative\easinvoker.exe

2014-03-19 14:35:42 66F214C9E446407D78048681394820A6 178176 ----a-w- C:\Windows\Sysnative\easwrt.dll

2014-03-19 14:35:42 3D136E8D4C0407D9C40FD8BDD649B587 1720560 ----a-w- C:\Windows\Sysnative\ntdll.dll

2014-03-19 14:35:42 0B9FBEC5714523FF76DDFEB320FE2DF2 303616 ----a-w- C:\Windows\Sysnative\sti.dll

2014-03-15 09:52:51 4A8D40E38BC2C57E5D630AD6994A85CB 139776 ----a-w- C:\Windows\Sysnative\poqexec.exe

2014-03-14 13:01:14 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\Windows\Sysnative\winload.exe

2014-03-14 13:01:14 1A1DDFD4BA6523979C76BE188984C3AC 1643584 ----a-w- C:\Windows\Sysnative\winload.efi

2014-03-14 13:01:12 4E0709D9BB951AD1C22E4FF519B90839 23133696 ----a-w- C:\Windows\Sysnative\mshtml.dll

2014-03-14 13:01:10 9C5ADB26632D46919ABB231CF7DE98B9 13051904 ----a-w- C:\Windows\Sysnative\ieframe.dll

2014-03-14 13:01:09 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2014-03-14 13:01:09 76862AAF77C049EC20217FDC209F7F13 2765824 ----a-w- C:\Windows\Sysnative\iertutil.dll

2014-03-14 13:01:08 DF79CE9B950C62677D232154E93A81C7 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll

2014-03-14 13:01:08 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 ----a-w- C:\Windows\Sysnative\jscript9.dll

2014-03-14 13:01:08 BA0A21F761CE5001DF712C51BF11F953 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll

2014-03-14 13:01:07 E6ACA421DA3E50D7F0A31228F0C547B0 627200 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2014-03-14 13:01:07 48ED94DA88F65684B28FCD87C01288A7 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll

2014-03-14 13:01:06 C993A0B97BECD3AAF5158E3869878465 6353960 ----a-w- C:\Windows\Sysnative\sppsvc.exe

2014-03-14 13:01:05 BAAD43360A7DF630ECC414671AEFA28C 6640640 ----a-w- C:\Windows\Sysnative\mstscax.dll

2014-03-14 13:01:04 977F77CE98456F6B115E5360A1160449 2133208 ----a-w- C:\Windows\Sysnative\mfcore.dll

2014-03-14 13:01:03 CFADC50692A845BAC30940E203393219 1287064 ----a-w- C:\Windows\Sysnative\kernel32.dll

2014-03-14 13:01:03 C83AFB0B285F293EDECF5EBDEC074A94 458616 ----a-w- C:\Windows\Sysnative\WerFault.exe

2014-03-14 13:01:03 C7DFBE21051D5E44B479CBF74B968335 1486848 ----a-w- C:\Windows\Sysnative\dbghelp.dll

2014-03-14 13:01:03 C7B69F90B823182CE6BE7C5374832DE5 764864 ----a-w- C:\Windows\Sysnative\mfmpeg2srcsnk.dll

2014-03-14 13:01:03 C039246195C736A602F581D29F18A43D 1928144 ----a-w- C:\Windows\Sysnative\combase.dll

2014-03-14 13:01:03 B5D2EBAD81739185A91D210F5F01824B 407024 ----a-w- C:\Windows\Sysnative\Faultrep.dll

2014-03-14 13:01:03 819A1E0F89B6AC222E9D95CA000A40B1 4175360 ----a-w- C:\Windows\Sysnative\dbgeng.dll

2014-03-14 13:01:03 2684605E822359CBD1ED2BD2C8E76397 249856 ----a-w- C:\Windows\Sysnative\rdpencom.dll

2014-03-14 13:01:02 AFCAB4DC692CCE37E283B00E2D7B438F 447488 ----a-w- C:\Windows\Sysnative\sppcomapi.dll

2014-03-14 13:01:02 99453C649DC4B0BE6D062B701CD2917F 716288 ----a-w- C:\Windows\Sysnative\swprv.dll

2014-03-14 13:01:02 94D79382FB796B0A8C90270654A70563 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll

2014-03-14 13:01:02 735CB57F806D292FB7ABE8BDFD3B5853 233920 ----a-w- C:\Windows\Sysnative\mfps.dll

2014-03-14 13:01:02 724ADFEE7743C26C550ABFE04271DCFD 160256 ----a-w- C:\Windows\Sysnative\DWWIN.EXE

2014-03-14 13:01:02 3FFEC6927D4017829A82ECDB277BB23E 64512 ----a-w- C:\Windows\Sysnative\tsgqec.dll

2014-03-14 13:01:02 110BE5198A63D3FF3CE9C30F1DC12EC3 386722 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml

2014-03-14 13:00:53 1A69D165DDA78A4329B854D4FEDAD132 4189184 ----a-w- C:\Windows\Sysnative\win32k.sys

2014-03-14 13:00:53 05894DFC52A78C3B1DD5EF6F30FAD28C 586240 ----a-w- C:\Windows\Sysnative\qedit.dll

====== C:\Windows\Sysnative\drivers =====

2014-03-19 14:35:45 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys

2014-03-19 14:35:43 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\Windows\Sysnative\drivers\USBXHCI.SYS

2014-03-19 14:35:43 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys

2014-03-19 14:35:42 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\Windows\Sysnative\drivers\rdbss.sys

2014-03-14 13:01:03 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys

2014-03-14 13:01:02 C85C075DE5B6D0FE116043054DE8EE02 311640 -c--a-w- C:\Windows\Sysnative\drivers\volsnap.sys

2014-03-14 13:01:01 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys

2014-03-14 13:01:00 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys

2014-03-14 13:00:58 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-03-11 18:08:36 -------- d-----w- C:\Program Files\trend micro

2014-03-10 21:03:10 -------- d-----w- C:\Program Files\Enigma Software Group

2014-03-02 20:21:08 -------- d-----w- C:\Program Files\Reference Assemblies

2014-03-02 20:21:07 -------- d-----w- C:\Program Files\MSBuild

======= C:\PROGRA~2 =====

2014-03-09 19:53:26 -------- d-----w- C:\PROGRA~2\MSECache

2014-03-06 08:09:25 -------- d-----w- C:\PROGRA~2\Belastingdienst

2014-03-02 20:21:20 -------- d-----w- C:\PROGRA~2\Reference Assemblies

2014-03-02 20:18:54 -------- d-----w- C:\PROGRA~2\COMMON~1\Citrix

2014-03-02 20:18:52 -------- d-----w- C:\PROGRA~2\Citrix

======= C: =====

2014-03-10 21:03:27 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat

====== C:\Users\Gebruiker\AppData\Roaming ======

2014-03-15 09:51:49 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Diagnostics

2014-03-11 21:10:57 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Microsoft Toolkit

2014-03-10 20:30:50 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{8E1D1F50-34F2-83FD-0A2F-572B2862BD4C}

2014-03-10 20:27:27 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{8B05C297-2CD7-69A9-F03E-A8CCE139D05F}

2014-03-10 20:25:44 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{05BDA67E-D6E5-F322-EC4C-F13B93CC9343}

2014-03-10 20:24:34 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\sweet-page

2014-03-10 20:22:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Torch

2014-03-10 20:22:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Google

2014-03-10 20:22:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Comodo

2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData\Local\Torch

2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData\Local\Google

2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData\Local\Comodo

2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch

2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Google

2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo

2014-03-09 19:30:04 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\BitTorrent

2014-03-09 12:53:15 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}

2014-03-09 12:43:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Programs

2014-03-06 08:10:31 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Belastingdienst

2014-02-28 20:28:20 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\uTorrent

2014-02-25 15:27:27 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\ICAClient

====== C:\Users\Gebruiker ======

2014-03-10 20:23:34 -------- d-----w- C:\ProgramData\HostIt

2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData

2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData

2014-03-10 20:06:43 -------- d-----w- C:\ProgramData\Real

2014-03-06 08:09:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst

2014-03-02 20:19:04 -------- d-----w- C:\ProgramData\Citrix

====== C: exe-files ==

2014-03-19 14:35:53 43D0F8E593ABD37B5BC9573EDD71EFEB 628736 ----a-w- C:\Windows\System32\SettingSyncHost.exe

2014-03-19 14:35:53 42433CDEC449D40F508752F2D487D8E4 478208 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe

2014-03-19 14:35:42 A0D3749BB1BC942C7D21C4D99E79A615 131160 ----a-w- C:\Windows\System32\easinvoker.exe

=== C: other files ==

2014-03-19 14:35:45 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2014-03-19 14:35:43 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\Windows\System32\drivers\USBXHCI.SYS

2014-03-19 14:35:43 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2014-03-19 14:35:42 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\Windows\System32\drivers\rdbss.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3575262360-258679368-1463809348-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"SpeedUpMyComputer"="C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss"

"FixMyRegistry"="C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SpeedUpMyComputer"="C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss"

"FixMyRegistry"="C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-03-2014 16:53]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B468EAE2-5939-457C-B301-38FACB2803D2}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Chrome Look ======================

websave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj

websave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj

websave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj

websave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Administrator\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Administrator\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

YoutubeAdblocker - Administrator\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj

websave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

YoutubeAdblocker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj

websave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

YoutubeAdblocker - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj

websave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

YoutubeAdblocker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj

websave - Gast\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gast\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gast\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gast\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gast\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

YoutubeAdblocker - Gast\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj

websave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

YoutubeAdblocker - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj

websave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

YoutubeAdblocker - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj

websave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

YoutubeAdblocker - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj

websave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

YoutubeAdblocker - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj

==== Chrome Fix ======================

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully

C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully

C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully

C:\Users\Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully

C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully

C:\Users\Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully

C:\Users\Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

"Search Page"="{searchTerms - Bing}"

"Search Bar"="{searchTerms - Bing}"

"Use Search Asst"="yes"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=NL&userid=dc88b85a-80dd-a186-5069-82032f3a2df7&searchtype=ds&q={searchTerms}&installDate=09/03/2014"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=NL&userid=dc88b85a-80dd-a186-5069-82032f3a2df7&searchtype=ds&q={searchTerms}&installDate=09/03/2014"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="{searchTerms - Bing}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="{searchTerms - Bing}"

"SearchAssistant"="{searchTerms - Bing}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="Bing"

"Search Bar"="Bing"

"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

"Use Search Asst"="no"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="%s - Bing"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="%s - Bing"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="%s - Bing"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="Bing"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"

{006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="{searchTerms - Bing}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=322 folders=100 19370568 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ma 24-03-2014 at 21:12:27,47 ======================

[kape]

Dubbelklik op Zoek.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

 
 C:\autoexec.bat;f
 C:\Users\Gebruiker\AppData\Roaming\sweet-page;fs
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r64
 "AppInit_DLLs"=-;r64
 CHRdefaults;
 autoclean;

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht als bijlage.
  

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  

[westbeest]

Zoek.exe v5.0.0.0 Updated 07-March-2014

Tool run by Gebruiker on wo 26-03-2014 at 19:03:13,21.

Microsoft Windows 8.1 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Gebruiker\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-24-201227.log 35315 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Users\Gebruiker\AppData\Roaming\sweet-page deleted

"C:\autoexec.bat" deleted

==== Chrome Look ======================

websave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

websave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

websave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

websave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Administrator\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Administrator\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

websave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

websave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

websave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

websave - Gast\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gast\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gast\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gast\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gast\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

websave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

websave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

websave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

websave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb

Pic Enhance - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc

webesave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp

SNT - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf

NExtCoup - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"

{006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="{searchTerms - Bing}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=323 folders=102 19370714 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on wo 26-03-2014 at 19:12:37,48 ======================

[kape]

En zijn er nu nog merkbare problemen (met Sweetpage of andere zaken) ?

[westbeest]

Nee op dit moment niet

Hebben jullie nog een advies om dit soort dingen te voorkomen ? Heb nu microsoft als virus scanner is dit goed genoeg of moeten we aan een andere denken.

In iedere geval alvast bedankt